11241100x8000000000000000691469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe72129f580cc2f2023-02-07 15:09:21.096root 11241100x8000000000000000691468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cf5d28f76993a22023-02-07 15:09:21.096root 11241100x8000000000000000691467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b3dff9d95021412023-02-07 15:09:21.096root 11241100x8000000000000000691466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5e58c66aa40d022023-02-07 15:09:21.096root 11241100x8000000000000000691465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87682c688744b4542023-02-07 15:09:21.096root 11241100x8000000000000000691464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bcdc2d1b3dc5b02023-02-07 15:09:21.096root 11241100x8000000000000000691463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb31a3331aa8b4522023-02-07 15:09:21.096root 11241100x8000000000000000691462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca4a469075c3e5d2023-02-07 15:09:21.096root 11241100x8000000000000000691461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4f46a06d3b7572023-02-07 15:09:21.096root 11241100x8000000000000000691477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef189dc07e4d192023-02-07 15:09:21.097root 11241100x8000000000000000691476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f191961b82b572023-02-07 15:09:21.097root 11241100x8000000000000000691475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bbbcf5bd85dd602023-02-07 15:09:21.097root 11241100x8000000000000000691474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727b34ed3ba909662023-02-07 15:09:21.097root 11241100x8000000000000000691473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4000e197341a12023-02-07 15:09:21.097root 11241100x8000000000000000691472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8c31ad01f388272023-02-07 15:09:21.097root 11241100x8000000000000000691471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f08fd5bd4b6cd2023-02-07 15:09:21.097root 11241100x8000000000000000691470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d12d68e29deafd2023-02-07 15:09:21.097root 11241100x8000000000000000691487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429ca811d80eb7ed2023-02-07 15:09:21.098root 11241100x8000000000000000691486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6291d10fc11c6d2023-02-07 15:09:21.098root 11241100x8000000000000000691485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf91ba723216c5de2023-02-07 15:09:21.098root 11241100x8000000000000000691484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130999f5d2cbaa32023-02-07 15:09:21.098root 11241100x8000000000000000691483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7441cdbcbb69782023-02-07 15:09:21.098root 11241100x8000000000000000691482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1215093404f095e2023-02-07 15:09:21.098root 11241100x8000000000000000691481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ddc8ff8bab6e592023-02-07 15:09:21.098root 11241100x8000000000000000691480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd3993effc9e6312023-02-07 15:09:21.098root 11241100x8000000000000000691479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b66a40e738fe682023-02-07 15:09:21.098root 11241100x8000000000000000691478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704e0d1065806322023-02-07 15:09:21.098root 11241100x8000000000000000691490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf06a450077fd2d2023-02-07 15:09:21.099root 11241100x8000000000000000691489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baade96aacb4a2da2023-02-07 15:09:21.099root 11241100x8000000000000000691488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114ddf11c0f5bb232023-02-07 15:09:21.099root 11241100x8000000000000000691495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c8fbb29feac9762023-02-07 15:09:21.103root 11241100x8000000000000000691494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408e4b3668e7f7212023-02-07 15:09:21.103root 11241100x8000000000000000691493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79141fcf548e7852023-02-07 15:09:21.103root 11241100x8000000000000000691492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36270be5e012d0b02023-02-07 15:09:21.103root 11241100x8000000000000000691491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a8eb80fc75809c2023-02-07 15:09:21.103root 11241100x8000000000000000691506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2267b30114f9f6a2023-02-07 15:09:21.104root 11241100x8000000000000000691505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2878f84db282fa2023-02-07 15:09:21.104root 11241100x8000000000000000691504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ccb4b1f93fe8572023-02-07 15:09:21.104root 11241100x8000000000000000691503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf299bd7971ae5d32023-02-07 15:09:21.104root 11241100x8000000000000000691502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abe0e4d4e1a48e12023-02-07 15:09:21.104root 11241100x8000000000000000691501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561c7128c1c80df2023-02-07 15:09:21.104root 11241100x8000000000000000691500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef10739af28844c2023-02-07 15:09:21.104root 11241100x8000000000000000691499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6184479ad180a962023-02-07 15:09:21.104root 11241100x8000000000000000691498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3976a98706dd0e542023-02-07 15:09:21.104root 11241100x8000000000000000691497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66321fc3906a6442023-02-07 15:09:21.104root 11241100x8000000000000000691496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef719ed3053ca92023-02-07 15:09:21.104root 11241100x8000000000000000691511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7b8f967f9685232023-02-07 15:09:21.595root 11241100x8000000000000000691510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8138545f6b54bba72023-02-07 15:09:21.595root 11241100x8000000000000000691509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bc69bbf83562492023-02-07 15:09:21.595root 11241100x8000000000000000691508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aebbc85b0a01d7c2023-02-07 15:09:21.595root 11241100x8000000000000000691507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50805d950ce2c972023-02-07 15:09:21.595root 11241100x8000000000000000691520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55011e7ddd6bff0d2023-02-07 15:09:21.596root 11241100x8000000000000000691519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f807ae71538e012023-02-07 15:09:21.596root 11241100x8000000000000000691518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a875aae2d4dd25c92023-02-07 15:09:21.596root 11241100x8000000000000000691517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f0f25dec7df8f2023-02-07 15:09:21.596root 11241100x8000000000000000691516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23996ceb57f6c4a82023-02-07 15:09:21.596root 11241100x8000000000000000691515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d81bd3274584d8e2023-02-07 15:09:21.596root 11241100x8000000000000000691514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f621892c47f0b2023-02-07 15:09:21.596root 11241100x8000000000000000691513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935c2dfc667da64d2023-02-07 15:09:21.596root 11241100x8000000000000000691512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaad02d2687eed8e2023-02-07 15:09:21.596root 11241100x8000000000000000691527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a73f7ba68d5f0e2023-02-07 15:09:21.597root 11241100x8000000000000000691526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a605c612e160ff232023-02-07 15:09:21.597root 11241100x8000000000000000691525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea55ed003719d1c2023-02-07 15:09:21.597root 11241100x8000000000000000691524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cecfb881b42414e2023-02-07 15:09:21.597root 11241100x8000000000000000691523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3425c21083c8a55c2023-02-07 15:09:21.597root 11241100x8000000000000000691522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af3baaee55045182023-02-07 15:09:21.597root 11241100x8000000000000000691521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f007332ba156d32023-02-07 15:09:21.597root 11241100x8000000000000000691533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6182d37e4ada62023-02-07 15:09:21.598root 11241100x8000000000000000691532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25aeda2318ad082023-02-07 15:09:21.598root 11241100x8000000000000000691531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d956e4e023185a3b2023-02-07 15:09:21.598root 11241100x8000000000000000691530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b35d22e42fa2a092023-02-07 15:09:21.598root 11241100x8000000000000000691529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506bf3eef28245852023-02-07 15:09:21.598root 11241100x8000000000000000691528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1bb46457807552023-02-07 15:09:21.598root 11241100x8000000000000000691539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f6365bd9a373302023-02-07 15:09:21.599root 11241100x8000000000000000691538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbe292259525c642023-02-07 15:09:21.599root 11241100x8000000000000000691537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897ad271a20a79d42023-02-07 15:09:21.599root 11241100x8000000000000000691536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ce5001280d95b2023-02-07 15:09:21.599root 11241100x8000000000000000691535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e9b08ee623e5712023-02-07 15:09:21.599root 11241100x8000000000000000691534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b21c62e71e15b32023-02-07 15:09:21.599root 11241100x8000000000000000691545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bb30c1c20d8e382023-02-07 15:09:21.600root 11241100x8000000000000000691544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155c6281b6663cdb2023-02-07 15:09:21.600root 11241100x8000000000000000691543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e63d228309c6b12023-02-07 15:09:21.600root 11241100x8000000000000000691542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de7cdb738bbcf262023-02-07 15:09:21.600root 11241100x8000000000000000691541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a342311853b8fb2023-02-07 15:09:21.600root 11241100x8000000000000000691540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f1aa89655f08212023-02-07 15:09:21.600root 11241100x8000000000000000691548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34c38eded14acd32023-02-07 15:09:21.601root 11241100x8000000000000000691547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b02e83a75ddd13e2023-02-07 15:09:21.601root 11241100x8000000000000000691546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:21.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2f097e1afd0d1f2023-02-07 15:09:21.601root 11241100x8000000000000000691552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bccbe3a78f9ecc92023-02-07 15:09:22.095root 11241100x8000000000000000691551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c184be7c3051a0a22023-02-07 15:09:22.095root 11241100x8000000000000000691550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3354901b4a818df42023-02-07 15:09:22.095root 11241100x8000000000000000691549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900e745f40ddbe102023-02-07 15:09:22.095root 11241100x8000000000000000691557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ece1332f12a3c0d2023-02-07 15:09:22.096root 11241100x8000000000000000691556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2f9b9ce19745c02023-02-07 15:09:22.096root 11241100x8000000000000000691555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6f260ff512c9f02023-02-07 15:09:22.096root 11241100x8000000000000000691554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c5f9dd62f7568b2023-02-07 15:09:22.096root 11241100x8000000000000000691553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b682e4bf7220be132023-02-07 15:09:22.096root 11241100x8000000000000000691562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26a15de1b1f7b322023-02-07 15:09:22.097root 11241100x8000000000000000691561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986c880d631cd7a12023-02-07 15:09:22.097root 11241100x8000000000000000691560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2850c2cb16c9ccbe2023-02-07 15:09:22.097root 11241100x8000000000000000691559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6835b9607801b2023-02-07 15:09:22.097root 11241100x8000000000000000691558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f527bcebcffc637a2023-02-07 15:09:22.097root 11241100x8000000000000000691566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d5e8703f5a6fc12023-02-07 15:09:22.098root 11241100x8000000000000000691565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37ed6c1abcd6dc12023-02-07 15:09:22.098root 11241100x8000000000000000691564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f22f9865059b172023-02-07 15:09:22.098root 11241100x8000000000000000691563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00198cd8ee9ef9c52023-02-07 15:09:22.098root 11241100x8000000000000000691569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36067599e7b13de2023-02-07 15:09:22.099root 11241100x8000000000000000691568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735e94c4ca2f58be2023-02-07 15:09:22.099root 11241100x8000000000000000691567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507ec807cfbcdf02023-02-07 15:09:22.099root 11241100x8000000000000000691571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4714eef84827b42023-02-07 15:09:22.100root 11241100x8000000000000000691570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d65e520ec422cc2023-02-07 15:09:22.100root 11241100x8000000000000000691573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd005928c02873942023-02-07 15:09:22.101root 11241100x8000000000000000691572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c1ccabfccc4782023-02-07 15:09:22.101root 11241100x8000000000000000691577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8335acd329c7cc132023-02-07 15:09:22.102root 11241100x8000000000000000691576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c014f88acd6bdb32023-02-07 15:09:22.102root 11241100x8000000000000000691575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da1ef7933717d092023-02-07 15:09:22.102root 11241100x8000000000000000691574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aca01fba388555f2023-02-07 15:09:22.102root 11241100x8000000000000000691580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225aa80e0fa92d462023-02-07 15:09:22.103root 11241100x8000000000000000691579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45057841d28fb7cf2023-02-07 15:09:22.103root 11241100x8000000000000000691578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9157450939b53e2023-02-07 15:09:22.103root 11241100x8000000000000000691584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c963523bfeb2a29d2023-02-07 15:09:22.104root 11241100x8000000000000000691583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fc8971946c32542023-02-07 15:09:22.104root 11241100x8000000000000000691582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a19d7b18d0c5b62023-02-07 15:09:22.104root 11241100x8000000000000000691581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b2a237a6e308a82023-02-07 15:09:22.104root 11241100x8000000000000000691586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f93e24d39e7a562023-02-07 15:09:22.595root 11241100x8000000000000000691585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2d48abdd755c312023-02-07 15:09:22.595root 11241100x8000000000000000691589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f27c8dd1c7858512023-02-07 15:09:22.596root 11241100x8000000000000000691588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f598d24f537602023-02-07 15:09:22.596root 11241100x8000000000000000691587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81d0fab10d7973f2023-02-07 15:09:22.596root 11241100x8000000000000000691593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b59b0267450712e2023-02-07 15:09:22.597root 11241100x8000000000000000691592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5f9cb2206b895c2023-02-07 15:09:22.597root 11241100x8000000000000000691591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a3bd20d5ddd6a2023-02-07 15:09:22.597root 11241100x8000000000000000691590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb17e6e7a2b35c02023-02-07 15:09:22.597root 11241100x8000000000000000691595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abd707dda0242662023-02-07 15:09:22.598root 11241100x8000000000000000691594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e3804686ebd2f52023-02-07 15:09:22.598root 11241100x8000000000000000691597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4cc4cf5ac25ad2023-02-07 15:09:22.599root 11241100x8000000000000000691596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f887a68d39c1f9cf2023-02-07 15:09:22.599root 11241100x8000000000000000691601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aec9835bd61dc02023-02-07 15:09:22.600root 11241100x8000000000000000691600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3bc85624fcb9e2023-02-07 15:09:22.600root 11241100x8000000000000000691599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4715a3961d4407192023-02-07 15:09:22.600root 11241100x8000000000000000691598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593290e7dc0ad3762023-02-07 15:09:22.600root 11241100x8000000000000000691609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0828ec57d9da88db2023-02-07 15:09:22.601root 11241100x8000000000000000691608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5531f28f6d8dd2752023-02-07 15:09:22.601root 11241100x8000000000000000691607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b86ee9a7797f8822023-02-07 15:09:22.601root 11241100x8000000000000000691606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14176ec02dd391a82023-02-07 15:09:22.601root 11241100x8000000000000000691605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cefe2c762a9dd82023-02-07 15:09:22.601root 11241100x8000000000000000691604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f82d824652873392023-02-07 15:09:22.601root 11241100x8000000000000000691603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad4bbdbb0c934cc2023-02-07 15:09:22.601root 11241100x8000000000000000691602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5b50ecc1ba1f8d2023-02-07 15:09:22.601root 11241100x8000000000000000691615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f9a7a1bd9d1522023-02-07 15:09:22.602root 11241100x8000000000000000691614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494b4a76547c4fbe2023-02-07 15:09:22.602root 11241100x8000000000000000691613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14de8f7576dcd41f2023-02-07 15:09:22.602root 11241100x8000000000000000691612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a56a50861a5b502023-02-07 15:09:22.602root 11241100x8000000000000000691611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbfddacea8847cb2023-02-07 15:09:22.602root 11241100x8000000000000000691610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4ea65c75d741b02023-02-07 15:09:22.602root 11241100x8000000000000000691616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ffe8c4c9c658df2023-02-07 15:09:22.606root 11241100x8000000000000000691620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54538ded120be0682023-02-07 15:09:22.607root 11241100x8000000000000000691619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5ce02c4640c4972023-02-07 15:09:22.607root 11241100x8000000000000000691618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663b79a7689a97982023-02-07 15:09:22.607root 11241100x8000000000000000691617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:22.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fc4532e40ebb4e2023-02-07 15:09:22.607root 11241100x8000000000000000691625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcc25414272870d2023-02-07 15:09:23.095root 11241100x8000000000000000691624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe2230f9b7aca92023-02-07 15:09:23.095root 11241100x8000000000000000691623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adad82816255e882023-02-07 15:09:23.095root 11241100x8000000000000000691622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5d7e64df0ff2e82023-02-07 15:09:23.095root 11241100x8000000000000000691621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ab842ca6e2b72c2023-02-07 15:09:23.095root 11241100x8000000000000000691631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6071f2c4fc91f4a2023-02-07 15:09:23.096root 11241100x8000000000000000691630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0c9153cf5c3262023-02-07 15:09:23.096root 11241100x8000000000000000691629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7742f0e40967202023-02-07 15:09:23.096root 11241100x8000000000000000691628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d013fac870cd50f62023-02-07 15:09:23.096root 11241100x8000000000000000691627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea4770ea8386f722023-02-07 15:09:23.096root 11241100x8000000000000000691626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6e7f4353eab572023-02-07 15:09:23.096root 11241100x8000000000000000691637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f41d67c766a4e02023-02-07 15:09:23.097root 11241100x8000000000000000691636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77723657a27c30692023-02-07 15:09:23.097root 11241100x8000000000000000691635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066f5aa15d471c242023-02-07 15:09:23.097root 11241100x8000000000000000691634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ecf31fba73d2ac2023-02-07 15:09:23.097root 11241100x8000000000000000691633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9064e8cae0f785c32023-02-07 15:09:23.097root 11241100x8000000000000000691632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21160ccde9ba4d5b2023-02-07 15:09:23.097root 11241100x8000000000000000691642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e338ec34a7c4afbf2023-02-07 15:09:23.098root 11241100x8000000000000000691641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208623a5d32644692023-02-07 15:09:23.098root 11241100x8000000000000000691640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea582cdd9d93a112023-02-07 15:09:23.098root 11241100x8000000000000000691639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23cec8496c5af0c2023-02-07 15:09:23.098root 11241100x8000000000000000691638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe3f49c62676e3b2023-02-07 15:09:23.098root 11241100x8000000000000000691645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b73a25e04fe82d42023-02-07 15:09:23.099root 11241100x8000000000000000691644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36458ce31e11ce9f2023-02-07 15:09:23.099root 11241100x8000000000000000691643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02afd49728ba32142023-02-07 15:09:23.099root 11241100x8000000000000000691651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255bc2392ead8522023-02-07 15:09:23.100root 11241100x8000000000000000691650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7c2e4bd736b7f02023-02-07 15:09:23.100root 11241100x8000000000000000691649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3244e1d15f1e07e62023-02-07 15:09:23.100root 11241100x8000000000000000691648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb07276190c70af42023-02-07 15:09:23.100root 11241100x8000000000000000691647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada305e9e2d44ccd2023-02-07 15:09:23.100root 11241100x8000000000000000691646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63072cb3a5ac528e2023-02-07 15:09:23.100root 11241100x8000000000000000691659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea7f6db67c28f0e2023-02-07 15:09:23.101root 11241100x8000000000000000691658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88141ffc783e9382023-02-07 15:09:23.101root 11241100x8000000000000000691657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75075254c4793ca72023-02-07 15:09:23.101root 11241100x8000000000000000691656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e89f53003c0912023-02-07 15:09:23.101root 11241100x8000000000000000691655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2080d36ed14e0b172023-02-07 15:09:23.101root 11241100x8000000000000000691654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cddf64885a06bc2023-02-07 15:09:23.101root 11241100x8000000000000000691653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796ecfb4213cabcc2023-02-07 15:09:23.101root 11241100x8000000000000000691652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ca982ba77636612023-02-07 15:09:23.101root 11241100x8000000000000000691662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ab59b3af634fb12023-02-07 15:09:23.102root 11241100x8000000000000000691661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaa2fcdabffeb9b2023-02-07 15:09:23.102root 11241100x8000000000000000691660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c739a11e4f7a7d2023-02-07 15:09:23.102root 11241100x8000000000000000691663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302045a912d954a72023-02-07 15:09:23.595root 11241100x8000000000000000691664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204755423905f7532023-02-07 15:09:23.596root 11241100x8000000000000000691669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c32f7a8614c6262023-02-07 15:09:23.597root 11241100x8000000000000000691668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8e931c28773f452023-02-07 15:09:23.597root 11241100x8000000000000000691667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037c9772b40166b72023-02-07 15:09:23.597root 11241100x8000000000000000691666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2095918329178fb02023-02-07 15:09:23.597root 11241100x8000000000000000691665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5653f769a0c9622023-02-07 15:09:23.597root 11241100x8000000000000000691674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be50442b21602c2023-02-07 15:09:23.598root 11241100x8000000000000000691673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53b41f3818cd4c42023-02-07 15:09:23.598root 11241100x8000000000000000691672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1646dd270b0da7902023-02-07 15:09:23.598root 11241100x8000000000000000691671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64ea42e48f9d7882023-02-07 15:09:23.598root 11241100x8000000000000000691670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce60095ffd0ac6e2023-02-07 15:09:23.598root 11241100x8000000000000000691677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af704797a12370e2023-02-07 15:09:23.599root 11241100x8000000000000000691676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f74d004b76d41992023-02-07 15:09:23.599root 11241100x8000000000000000691675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad02f249a0273832023-02-07 15:09:23.599root 11241100x8000000000000000691681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b9a4f6643e89a62023-02-07 15:09:23.600root 11241100x8000000000000000691680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e83a028ec151462023-02-07 15:09:23.600root 11241100x8000000000000000691679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d86f247c98215d2023-02-07 15:09:23.600root 11241100x8000000000000000691678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaf2ad6685274d22023-02-07 15:09:23.600root 11241100x8000000000000000691683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626973f3a3adc3e82023-02-07 15:09:23.601root 11241100x8000000000000000691682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a737e51785d4a42023-02-07 15:09:23.601root 11241100x8000000000000000691686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bade3fd31eafd002023-02-07 15:09:23.602root 11241100x8000000000000000691685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150314d6d9eba42d2023-02-07 15:09:23.602root 11241100x8000000000000000691684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093c6f9ef89b6dd92023-02-07 15:09:23.602root 11241100x8000000000000000691687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7fa52df9e60d992023-02-07 15:09:23.603root 11241100x8000000000000000691689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6d5e3f384614622023-02-07 15:09:23.604root 11241100x8000000000000000691688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178232fb7759e20d2023-02-07 15:09:23.604root 11241100x8000000000000000691692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3c7e35f2d45d152023-02-07 15:09:23.605root 11241100x8000000000000000691691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b1f1df7e0323962023-02-07 15:09:23.605root 11241100x8000000000000000691690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca7ad0c04b276ae2023-02-07 15:09:23.605root 11241100x8000000000000000691694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddec756e8a6960162023-02-07 15:09:23.606root 11241100x8000000000000000691693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:23.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02978fef6c141bb02023-02-07 15:09:23.606root 11241100x8000000000000000691696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2e32600e81e5712023-02-07 15:09:24.095root 11241100x8000000000000000691695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d431f67c82921bb2023-02-07 15:09:24.095root 11241100x8000000000000000691699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e883d46bf66d15522023-02-07 15:09:24.096root 11241100x8000000000000000691698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846e4370f12e16a72023-02-07 15:09:24.096root 11241100x8000000000000000691697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69775938dfceee92023-02-07 15:09:24.096root 11241100x8000000000000000691702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19cfc03c73372352023-02-07 15:09:24.097root 11241100x8000000000000000691701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb315e896779f5862023-02-07 15:09:24.097root 11241100x8000000000000000691700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91698c99363b7c22023-02-07 15:09:24.097root 11241100x8000000000000000691707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33a9eaccdaccfd82023-02-07 15:09:24.098root 11241100x8000000000000000691706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94271fe846b76e392023-02-07 15:09:24.098root 11241100x8000000000000000691705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53a498ac20cdc192023-02-07 15:09:24.098root 11241100x8000000000000000691704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84016eab53994fc52023-02-07 15:09:24.098root 11241100x8000000000000000691703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc4754575df788b2023-02-07 15:09:24.098root 11241100x8000000000000000691721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213de3642f1edf72023-02-07 15:09:24.099root 11241100x8000000000000000691720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499419681b27c932023-02-07 15:09:24.099root 11241100x8000000000000000691719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea161491c9a23d1e2023-02-07 15:09:24.099root 11241100x8000000000000000691718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa72d370c460199e2023-02-07 15:09:24.099root 11241100x8000000000000000691717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc864f35fb85d612023-02-07 15:09:24.099root 11241100x8000000000000000691716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92c044e1ba9d71b2023-02-07 15:09:24.099root 11241100x8000000000000000691715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe3c3346c763dd22023-02-07 15:09:24.099root 11241100x8000000000000000691714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141b5e7231bc427c2023-02-07 15:09:24.099root 11241100x8000000000000000691713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c144add5c68b168a2023-02-07 15:09:24.099root 11241100x8000000000000000691712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208f889f4925a3d02023-02-07 15:09:24.099root 11241100x8000000000000000691711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8568b919c007c6e2023-02-07 15:09:24.099root 11241100x8000000000000000691710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f3ae744f14b51a2023-02-07 15:09:24.099root 11241100x8000000000000000691709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e94b0c39f0672b2023-02-07 15:09:24.099root 11241100x8000000000000000691708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff85d8f18fca72f52023-02-07 15:09:24.099root 11241100x8000000000000000691733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee206247d0942bc2023-02-07 15:09:24.100root 11241100x8000000000000000691732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d38a8d65f055a9d2023-02-07 15:09:24.100root 11241100x8000000000000000691731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac39017ec7e216e2023-02-07 15:09:24.100root 11241100x8000000000000000691730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116012f5c3c057dd2023-02-07 15:09:24.100root 11241100x8000000000000000691729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22fa2f7b1da6c52023-02-07 15:09:24.100root 11241100x8000000000000000691728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3285b56b9ffc57ea2023-02-07 15:09:24.100root 11241100x8000000000000000691727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cb70df9d8e11eb2023-02-07 15:09:24.100root 11241100x8000000000000000691726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a6ac050d3f8c62023-02-07 15:09:24.100root 11241100x8000000000000000691725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6af81aa8e311ea2023-02-07 15:09:24.100root 11241100x8000000000000000691724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9766d02a3885b81f2023-02-07 15:09:24.100root 11241100x8000000000000000691723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa681ff973ea962023-02-07 15:09:24.100root 11241100x8000000000000000691722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6ba9963017edc82023-02-07 15:09:24.100root 11241100x8000000000000000691737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2250b8b869746b2023-02-07 15:09:24.595root 11241100x8000000000000000691736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a15be43a6a855162023-02-07 15:09:24.595root 11241100x8000000000000000691735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bd7a037ccc71e2023-02-07 15:09:24.595root 11241100x8000000000000000691734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146e315e31309f1b2023-02-07 15:09:24.595root 11241100x8000000000000000691747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dab2a31c9917e4a2023-02-07 15:09:24.596root 11241100x8000000000000000691746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5dee38774228ff2023-02-07 15:09:24.596root 11241100x8000000000000000691745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377f8a7425c3afc02023-02-07 15:09:24.596root 11241100x8000000000000000691744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b71171bc0f2c732023-02-07 15:09:24.596root 11241100x8000000000000000691743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9658d74688c75402023-02-07 15:09:24.596root 11241100x8000000000000000691742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1f777191c3023c2023-02-07 15:09:24.596root 11241100x8000000000000000691741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aeceb0323d0bda2023-02-07 15:09:24.596root 11241100x8000000000000000691740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf2334ad1db2b7b2023-02-07 15:09:24.596root 11241100x8000000000000000691739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784efee94fdfb7d32023-02-07 15:09:24.596root 11241100x8000000000000000691738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3e3268627d1b252023-02-07 15:09:24.596root 11241100x8000000000000000691759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6ed2bed4a5a36a2023-02-07 15:09:24.597root 11241100x8000000000000000691758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085f2fd7fc36e7292023-02-07 15:09:24.597root 11241100x8000000000000000691757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b23404cbcd3035e2023-02-07 15:09:24.597root 11241100x8000000000000000691756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25baa214a1238942023-02-07 15:09:24.597root 11241100x8000000000000000691755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89b77dc959daf4c2023-02-07 15:09:24.597root 11241100x8000000000000000691754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540658e7f1c4cd732023-02-07 15:09:24.597root 11241100x8000000000000000691753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cea7fe8c289e0a2023-02-07 15:09:24.597root 11241100x8000000000000000691752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723fec906ccb30e42023-02-07 15:09:24.597root 11241100x8000000000000000691751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45b620f9352ef0a2023-02-07 15:09:24.597root 11241100x8000000000000000691750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178dc478c04eb9962023-02-07 15:09:24.597root 11241100x8000000000000000691749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee45d2e8c9cdfd92023-02-07 15:09:24.597root 11241100x8000000000000000691748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9460c415cf0ef2192023-02-07 15:09:24.597root 11241100x8000000000000000691773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7219eb817542bc3b2023-02-07 15:09:24.598root 11241100x8000000000000000691772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232fe56511185af82023-02-07 15:09:24.598root 11241100x8000000000000000691771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a747764e15e21b4f2023-02-07 15:09:24.598root 11241100x8000000000000000691770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ac014384ce57d62023-02-07 15:09:24.598root 11241100x8000000000000000691769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17a310f4bc78b192023-02-07 15:09:24.598root 11241100x8000000000000000691768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed98999a4aa061382023-02-07 15:09:24.598root 11241100x8000000000000000691767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6b7c272a1ed5e62023-02-07 15:09:24.598root 11241100x8000000000000000691766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444f99d1a7adea782023-02-07 15:09:24.598root 11241100x8000000000000000691765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ee5f007de3dc52023-02-07 15:09:24.598root 11241100x8000000000000000691764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a8c26cbd38d4a2023-02-07 15:09:24.598root 11241100x8000000000000000691763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3091b15c2db75422023-02-07 15:09:24.598root 11241100x8000000000000000691762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088f153d3dbbc5ca2023-02-07 15:09:24.598root 11241100x8000000000000000691761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76522e706720653b2023-02-07 15:09:24.598root 11241100x8000000000000000691760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d9702f323907412023-02-07 15:09:24.598root 11241100x8000000000000000691774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77782ce51ce0fd72023-02-07 15:09:24.599root 11241100x8000000000000000691775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:24.732{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:09:24.732root 11241100x8000000000000000691777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787eb656532b389e2023-02-07 15:09:25.095root 11241100x8000000000000000691776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346b9d7717614a122023-02-07 15:09:25.095root 11241100x8000000000000000691783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c129df05334382482023-02-07 15:09:25.096root 11241100x8000000000000000691782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f95421b8fd3c0d2023-02-07 15:09:25.096root 11241100x8000000000000000691781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369afbb4911edbfa2023-02-07 15:09:25.096root 11241100x8000000000000000691780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b10997b2fa4512023-02-07 15:09:25.096root 11241100x8000000000000000691779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57692c0b5ff1788c2023-02-07 15:09:25.096root 11241100x8000000000000000691778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ea2f49ced305cb2023-02-07 15:09:25.096root 11241100x8000000000000000691795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e00a9015d933c32023-02-07 15:09:25.097root 11241100x8000000000000000691794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4a2083823405f22023-02-07 15:09:25.097root 11241100x8000000000000000691793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8790ff61e3a8ff2023-02-07 15:09:25.097root 11241100x8000000000000000691792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ecc7a8a5713e842023-02-07 15:09:25.097root 11241100x8000000000000000691791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1497d13728ac66342023-02-07 15:09:25.097root 11241100x8000000000000000691790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f905e3c496bef0ff2023-02-07 15:09:25.097root 11241100x8000000000000000691789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95456b629d8f956a2023-02-07 15:09:25.097root 11241100x8000000000000000691788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef426e3d1e55df2023-02-07 15:09:25.097root 11241100x8000000000000000691787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd507b1148aa2a12023-02-07 15:09:25.097root 11241100x8000000000000000691786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a227d4c656a45edd2023-02-07 15:09:25.097root 11241100x8000000000000000691785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f71f350f4b5a65d2023-02-07 15:09:25.097root 11241100x8000000000000000691784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62e165f1cea8c042023-02-07 15:09:25.097root 11241100x8000000000000000691810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77209519ea7df4502023-02-07 15:09:25.098root 11241100x8000000000000000691809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17a0e9af55c76d02023-02-07 15:09:25.098root 11241100x8000000000000000691808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8860729eccb0ddcf2023-02-07 15:09:25.098root 11241100x8000000000000000691807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d11e8ef165e96102023-02-07 15:09:25.098root 11241100x8000000000000000691806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e85145e53f637292023-02-07 15:09:25.098root 11241100x8000000000000000691805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73de26e44bf46e52023-02-07 15:09:25.098root 11241100x8000000000000000691804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e322b1ce1a6dc9aa2023-02-07 15:09:25.098root 11241100x8000000000000000691803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11d86074285b95a2023-02-07 15:09:25.098root 11241100x8000000000000000691802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eeec5f632d495a2023-02-07 15:09:25.098root 11241100x8000000000000000691801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537b7e98c039a5cc2023-02-07 15:09:25.098root 11241100x8000000000000000691800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31de66ae11dbf42023-02-07 15:09:25.098root 11241100x8000000000000000691799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc57e4b6b7b1cd82023-02-07 15:09:25.098root 11241100x8000000000000000691798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158834c3135016432023-02-07 15:09:25.098root 11241100x8000000000000000691797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35bf5043ae9a45a2023-02-07 15:09:25.098root 11241100x8000000000000000691796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf9ed6e65ad210c2023-02-07 15:09:25.098root 11241100x8000000000000000691811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a8e74b960310142023-02-07 15:09:25.099root 11241100x8000000000000000691816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c3c06e7dc1e3272023-02-07 15:09:25.595root 11241100x8000000000000000691815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aab7b79e0c8c31e2023-02-07 15:09:25.595root 11241100x8000000000000000691814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66943d60a5182c82023-02-07 15:09:25.595root 11241100x8000000000000000691813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad49294780602002023-02-07 15:09:25.595root 11241100x8000000000000000691812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ce6a6e2d5e87422023-02-07 15:09:25.595root 11241100x8000000000000000691827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dd91418c647e842023-02-07 15:09:25.596root 11241100x8000000000000000691826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95977b8769be42cc2023-02-07 15:09:25.596root 11241100x8000000000000000691825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef67c2c967d56582023-02-07 15:09:25.596root 11241100x8000000000000000691824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c9d42d35a3cc822023-02-07 15:09:25.596root 11241100x8000000000000000691823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1919e3bc93e001302023-02-07 15:09:25.596root 11241100x8000000000000000691822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf536c6c4aaf43392023-02-07 15:09:25.596root 11241100x8000000000000000691821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fcebad17a68ca52023-02-07 15:09:25.596root 11241100x8000000000000000691820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc577fa457c8edc2023-02-07 15:09:25.596root 11241100x8000000000000000691819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252d262be757489c2023-02-07 15:09:25.596root 11241100x8000000000000000691818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fc8d6fb6b2c28c2023-02-07 15:09:25.596root 11241100x8000000000000000691817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd42dc967fb1522023-02-07 15:09:25.596root 11241100x8000000000000000691836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a796133a19d5eba12023-02-07 15:09:25.597root 11241100x8000000000000000691835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148cceae0d22a04c2023-02-07 15:09:25.597root 11241100x8000000000000000691834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a905dcf7f089110d2023-02-07 15:09:25.597root 11241100x8000000000000000691833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a26acf3cc47b102023-02-07 15:09:25.597root 11241100x8000000000000000691832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c84f72e62b3a4cc2023-02-07 15:09:25.597root 11241100x8000000000000000691831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ebba9cb58342542023-02-07 15:09:25.597root 11241100x8000000000000000691830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a120d8885ee491cb2023-02-07 15:09:25.597root 11241100x8000000000000000691829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d3a4b4f51a2e812023-02-07 15:09:25.597root 11241100x8000000000000000691828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3642420644aca17d2023-02-07 15:09:25.597root 11241100x8000000000000000691846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83105ca102458b3a2023-02-07 15:09:25.598root 11241100x8000000000000000691845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00918808c74ec7b2023-02-07 15:09:25.598root 11241100x8000000000000000691844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a10a2a7a2bdc6182023-02-07 15:09:25.598root 11241100x8000000000000000691843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75468e9a226bc36d2023-02-07 15:09:25.598root 11241100x8000000000000000691842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b55e728db215c5b2023-02-07 15:09:25.598root 11241100x8000000000000000691841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8d9f1553e24262023-02-07 15:09:25.598root 11241100x8000000000000000691840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceda179eb2444722023-02-07 15:09:25.598root 11241100x8000000000000000691839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3d74bbdeda8e92023-02-07 15:09:25.598root 11241100x8000000000000000691838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e471a004c1130a2023-02-07 15:09:25.598root 11241100x8000000000000000691837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac77f1acd66e226b2023-02-07 15:09:25.598root 11241100x8000000000000000691854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfeb20197fa7822023-02-07 15:09:25.599root 11241100x8000000000000000691853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406520570740c14a2023-02-07 15:09:25.599root 11241100x8000000000000000691852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c20968a22fe2a9c2023-02-07 15:09:25.599root 11241100x8000000000000000691851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3378de90dba9f22023-02-07 15:09:25.599root 11241100x8000000000000000691850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08401865df1535b12023-02-07 15:09:25.599root 11241100x8000000000000000691849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1e234d616132b02023-02-07 15:09:25.599root 11241100x8000000000000000691848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9469c9109fbaa72023-02-07 15:09:25.599root 11241100x8000000000000000691847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456e752e437f7a7b2023-02-07 15:09:25.599root 11241100x8000000000000000691857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c57066bb23e0c02023-02-07 15:09:25.600root 11241100x8000000000000000691856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0863c4c24b2c73232023-02-07 15:09:25.600root 11241100x8000000000000000691855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c039ed950dd8dab2023-02-07 15:09:25.600root 354300x8000000000000000691858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.054{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44172-false10.0.1.12-8000- 11241100x8000000000000000691865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99c01c52c4430fa2023-02-07 15:09:26.055root 11241100x8000000000000000691864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c66859d4223ced12023-02-07 15:09:26.055root 11241100x8000000000000000691863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b166fff48aaba02023-02-07 15:09:26.055root 11241100x8000000000000000691862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f87aaa6a7d364422023-02-07 15:09:26.055root 11241100x8000000000000000691861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166bcfe6653e0df02023-02-07 15:09:26.055root 11241100x8000000000000000691860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bbcd45fae370aa2023-02-07 15:09:26.055root 11241100x8000000000000000691859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f8977ecc6df6ad2023-02-07 15:09:26.055root 11241100x8000000000000000691873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fe89b7abc62ac82023-02-07 15:09:26.056root 11241100x8000000000000000691872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b101825f5945162023-02-07 15:09:26.056root 11241100x8000000000000000691871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebec1ea314415f722023-02-07 15:09:26.056root 11241100x8000000000000000691870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fda56a7abd26262023-02-07 15:09:26.056root 11241100x8000000000000000691869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cdc90ea0aab4662023-02-07 15:09:26.056root 11241100x8000000000000000691868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05484f44b69b3ad2023-02-07 15:09:26.056root 11241100x8000000000000000691867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2b875777ce9d1a2023-02-07 15:09:26.056root 11241100x8000000000000000691866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be0d7d29a5bbb392023-02-07 15:09:26.056root 11241100x8000000000000000691881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488a4ba01b0239452023-02-07 15:09:26.057root 11241100x8000000000000000691880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d036bb6d7759b17f2023-02-07 15:09:26.057root 11241100x8000000000000000691879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35da6b65a584ce22023-02-07 15:09:26.057root 11241100x8000000000000000691878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8edfa5e42f91da2023-02-07 15:09:26.057root 11241100x8000000000000000691877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cecff2f7feb40f02023-02-07 15:09:26.057root 11241100x8000000000000000691876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94fd7706a2fe0872023-02-07 15:09:26.057root 11241100x8000000000000000691875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae18493c497856352023-02-07 15:09:26.057root 11241100x8000000000000000691874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dd2f1c7d7486c12023-02-07 15:09:26.057root 11241100x8000000000000000691891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eb8d93358ae3922023-02-07 15:09:26.058root 11241100x8000000000000000691890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a0699c660f7e882023-02-07 15:09:26.058root 11241100x8000000000000000691889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853ddff83b7e41222023-02-07 15:09:26.058root 11241100x8000000000000000691888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a511a521c566312023-02-07 15:09:26.058root 11241100x8000000000000000691887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d553b33e25d2782023-02-07 15:09:26.058root 11241100x8000000000000000691886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a359dd5076a8a612023-02-07 15:09:26.058root 11241100x8000000000000000691885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca22e74f1ec8fc2023-02-07 15:09:26.058root 11241100x8000000000000000691884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305e92b7895befe02023-02-07 15:09:26.058root 11241100x8000000000000000691883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c8f9a34827c6112023-02-07 15:09:26.058root 11241100x8000000000000000691882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663a289377e6d0a22023-02-07 15:09:26.058root 11241100x8000000000000000691901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d7bda529e370542023-02-07 15:09:26.059root 11241100x8000000000000000691900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba5e93382a608452023-02-07 15:09:26.059root 11241100x8000000000000000691899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e17ad4f3a448712023-02-07 15:09:26.059root 11241100x8000000000000000691898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9f6623f33c7e1c2023-02-07 15:09:26.059root 11241100x8000000000000000691897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adbf1d64db3bad42023-02-07 15:09:26.059root 11241100x8000000000000000691896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a30657a3c1b0182023-02-07 15:09:26.059root 11241100x8000000000000000691895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225afa113eb395902023-02-07 15:09:26.059root 11241100x8000000000000000691894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090e6dcec738e5132023-02-07 15:09:26.059root 11241100x8000000000000000691893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739cc80ee30109362023-02-07 15:09:26.059root 11241100x8000000000000000691892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f01dbbd9e625b2023-02-07 15:09:26.059root 11241100x8000000000000000691908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194a6018ed7b5bdb2023-02-07 15:09:26.346root 11241100x8000000000000000691907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf8319747c8edbe2023-02-07 15:09:26.346root 11241100x8000000000000000691906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecff29a6e12fb3b42023-02-07 15:09:26.346root 11241100x8000000000000000691905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887cae7e289d6b2f2023-02-07 15:09:26.346root 11241100x8000000000000000691904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067da70a7b71bd342023-02-07 15:09:26.346root 11241100x8000000000000000691903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce179d1e753343362023-02-07 15:09:26.346root 11241100x8000000000000000691902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62ff22e25bb42332023-02-07 15:09:26.346root 11241100x8000000000000000691917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608d39bb64f7704a2023-02-07 15:09:26.347root 11241100x8000000000000000691916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410490e24bf545062023-02-07 15:09:26.347root 11241100x8000000000000000691915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038cbc03471136962023-02-07 15:09:26.347root 11241100x8000000000000000691914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1996c503271a3a2023-02-07 15:09:26.347root 11241100x8000000000000000691913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8528cc30ca5786ed2023-02-07 15:09:26.347root 11241100x8000000000000000691912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975d5c98a7345ac82023-02-07 15:09:26.347root 11241100x8000000000000000691911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7cebd9d1d8ee192023-02-07 15:09:26.347root 11241100x8000000000000000691910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187dcdd63df512262023-02-07 15:09:26.347root 11241100x8000000000000000691909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4d50918a4196612023-02-07 15:09:26.347root 11241100x8000000000000000691927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35adc8d6a80e31442023-02-07 15:09:26.348root 11241100x8000000000000000691926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f7dd9eae5a53872023-02-07 15:09:26.348root 11241100x8000000000000000691925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35ca6c274c43e9a2023-02-07 15:09:26.348root 11241100x8000000000000000691924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4604c16cc5e1730e2023-02-07 15:09:26.348root 11241100x8000000000000000691923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f7dc62000ac8dd2023-02-07 15:09:26.348root 11241100x8000000000000000691922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df57940286fa7742023-02-07 15:09:26.348root 11241100x8000000000000000691921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c354e9066773692023-02-07 15:09:26.348root 11241100x8000000000000000691920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ccf6311df138612023-02-07 15:09:26.348root 11241100x8000000000000000691919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a780eb2a4e2314272023-02-07 15:09:26.348root 11241100x8000000000000000691918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559da2ecb1b882162023-02-07 15:09:26.348root 11241100x8000000000000000691935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8af184f0703b1d2023-02-07 15:09:26.349root 11241100x8000000000000000691934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24173664896474b2023-02-07 15:09:26.349root 11241100x8000000000000000691933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff1de5da03e2c372023-02-07 15:09:26.349root 11241100x8000000000000000691932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc2c34a13de300d2023-02-07 15:09:26.349root 11241100x8000000000000000691931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0c399bb36641452023-02-07 15:09:26.349root 11241100x8000000000000000691930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0c8b2a727ca50d2023-02-07 15:09:26.349root 11241100x8000000000000000691929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f10c93d4dfe5342023-02-07 15:09:26.349root 11241100x8000000000000000691928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801742aaba8ab6fd2023-02-07 15:09:26.349root 534500x8000000000000000691936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.635{00000000-0000-0000-0000-000000000000}6082<unknown process>root 11241100x8000000000000000691944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51360cfaaf581542023-02-07 15:09:26.636root 11241100x8000000000000000691943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d82efcfe05795be2023-02-07 15:09:26.636root 11241100x8000000000000000691942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8ae76db7e597b32023-02-07 15:09:26.636root 11241100x8000000000000000691941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b544a7cd50ef302023-02-07 15:09:26.636root 11241100x8000000000000000691940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2eea27880e6c7f2023-02-07 15:09:26.636root 11241100x8000000000000000691939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eda3d33a6ba9a32023-02-07 15:09:26.636root 11241100x8000000000000000691938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e95630cf2415df2023-02-07 15:09:26.636root 11241100x8000000000000000691937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.636{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c417df5344b1a12023-02-07 15:09:26.636root 11241100x8000000000000000691952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577170763ef58a8c2023-02-07 15:09:26.637root 11241100x8000000000000000691951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5d201e6bf552a52023-02-07 15:09:26.637root 11241100x8000000000000000691950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2138e238a37aed4b2023-02-07 15:09:26.637root 11241100x8000000000000000691949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341317a9521d236b2023-02-07 15:09:26.637root 11241100x8000000000000000691948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2725ef37cf20ab42023-02-07 15:09:26.637root 11241100x8000000000000000691947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a3bdb721ace6962023-02-07 15:09:26.637root 11241100x8000000000000000691946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d2ff71ce78ddb12023-02-07 15:09:26.637root 11241100x8000000000000000691945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.637{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4c2034db6bed52023-02-07 15:09:26.637root 11241100x8000000000000000691957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec46eb47c89cea8a2023-02-07 15:09:26.638root 11241100x8000000000000000691956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aad2460369edeb02023-02-07 15:09:26.638root 11241100x8000000000000000691955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cc464e18e60efc2023-02-07 15:09:26.638root 11241100x8000000000000000691954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe9ee0afd6a31632023-02-07 15:09:26.638root 11241100x8000000000000000691953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.638{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c537217c6698b57f2023-02-07 15:09:26.638root 11241100x8000000000000000691958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.639{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41affed5dc1cc6f2023-02-07 15:09:26.639root 11241100x8000000000000000691962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28894e954f91ea22023-02-07 15:09:26.640root 11241100x8000000000000000691961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49dcf010a89e172023-02-07 15:09:26.640root 11241100x8000000000000000691960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89558238267bb2bb2023-02-07 15:09:26.640root 11241100x8000000000000000691959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.640{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65c6a2d76b2f812023-02-07 15:09:26.640root 11241100x8000000000000000691973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485d2954c778c0722023-02-07 15:09:26.641root 11241100x8000000000000000691972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256d7951f9ad4bd92023-02-07 15:09:26.641root 11241100x8000000000000000691971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7287f6824255ffb2023-02-07 15:09:26.641root 11241100x8000000000000000691970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cd4b8ea8dc525e2023-02-07 15:09:26.641root 11241100x8000000000000000691969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db5531d2b911f942023-02-07 15:09:26.641root 11241100x8000000000000000691968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eaff6d31e9d7222023-02-07 15:09:26.641root 11241100x8000000000000000691967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbaa0ea67baca902023-02-07 15:09:26.641root 11241100x8000000000000000691966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa8dabd6f6784362023-02-07 15:09:26.641root 11241100x8000000000000000691965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f4619b70f78fca2023-02-07 15:09:26.641root 11241100x8000000000000000691964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26213ed720b0d3c72023-02-07 15:09:26.641root 11241100x8000000000000000691963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.641{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c750c5b2e1bc221e2023-02-07 15:09:26.641root 11241100x8000000000000000691978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c470ab71792b6b892023-02-07 15:09:26.642root 11241100x8000000000000000691977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947c47967e04a7d72023-02-07 15:09:26.642root 11241100x8000000000000000691976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e272cba9b855a122023-02-07 15:09:26.642root 11241100x8000000000000000691975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ad7e621730a2d2023-02-07 15:09:26.642root 11241100x8000000000000000691974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.642{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4576a287d03bf922023-02-07 15:09:26.642root 11241100x8000000000000000691979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.643{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82067619e5ece15c2023-02-07 15:09:26.643root 11241100x8000000000000000691982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.644{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364574d1d08c3a062023-02-07 15:09:26.644root 11241100x8000000000000000691981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.644{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d205b7a9289814de2023-02-07 15:09:26.644root 11241100x8000000000000000691980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.644{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeaa712e126d4e32023-02-07 15:09:26.644root 11241100x8000000000000000691992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa35d7fcea9362d2023-02-07 15:09:26.645root 11241100x8000000000000000691991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b89102eca6f1382023-02-07 15:09:26.645root 11241100x8000000000000000691990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcbe412318cb15c2023-02-07 15:09:26.645root 11241100x8000000000000000691989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f024eea28e8f28aa2023-02-07 15:09:26.645root 11241100x8000000000000000691988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04dd1d0a3feb93f2023-02-07 15:09:26.645root 11241100x8000000000000000691987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae4ce7f63d9f7d72023-02-07 15:09:26.645root 11241100x8000000000000000691986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1214ab302ff5472023-02-07 15:09:26.645root 11241100x8000000000000000691985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06b6761d4096bf82023-02-07 15:09:26.645root 11241100x8000000000000000691984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafc42683175941a2023-02-07 15:09:26.645root 11241100x8000000000000000691983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:26.645{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50217227234a83bc2023-02-07 15:09:26.645root 11241100x8000000000000000691993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f079555ba18b52023-02-07 15:09:27.095root 11241100x8000000000000000691998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c987bcc898687c262023-02-07 15:09:27.096root 11241100x8000000000000000691997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451dea1aa2bfaeef2023-02-07 15:09:27.096root 11241100x8000000000000000691996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7b4699677b56032023-02-07 15:09:27.096root 11241100x8000000000000000691995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25bbef1a40d3b042023-02-07 15:09:27.096root 11241100x8000000000000000691994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b6ba3db7d8d2ce2023-02-07 15:09:27.096root 11241100x8000000000000000692008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b91dd9a51d5d2c2023-02-07 15:09:27.097root 11241100x8000000000000000692007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18afb0b650404692023-02-07 15:09:27.097root 11241100x8000000000000000692006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d242e020009be72023-02-07 15:09:27.097root 11241100x8000000000000000692005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8d89ab62440022023-02-07 15:09:27.097root 11241100x8000000000000000692004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c13d2ef47403af2023-02-07 15:09:27.097root 11241100x8000000000000000692003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a58e44be08e10ea2023-02-07 15:09:27.097root 11241100x8000000000000000692002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc1d81b328886c2023-02-07 15:09:27.097root 11241100x8000000000000000692001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6678671ecaeded5d2023-02-07 15:09:27.097root 11241100x8000000000000000692000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41420a03d469b30e2023-02-07 15:09:27.097root 11241100x8000000000000000691999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac1d2e82cd39ea82023-02-07 15:09:27.097root 11241100x8000000000000000692023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f90861b5320a962023-02-07 15:09:27.098root 11241100x8000000000000000692022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a714283783560272023-02-07 15:09:27.098root 11241100x8000000000000000692021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc686fcf86353942023-02-07 15:09:27.098root 11241100x8000000000000000692020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2646a9d91992ba2023-02-07 15:09:27.098root 11241100x8000000000000000692019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8c560e94452f8f2023-02-07 15:09:27.098root 11241100x8000000000000000692018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22309960a14525ee2023-02-07 15:09:27.098root 11241100x8000000000000000692017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14160439b028227d2023-02-07 15:09:27.098root 11241100x8000000000000000692016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ceec5de89fa6a22023-02-07 15:09:27.098root 11241100x8000000000000000692015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30adc26316b95ae32023-02-07 15:09:27.098root 11241100x8000000000000000692014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d4e387df1841e22023-02-07 15:09:27.098root 11241100x8000000000000000692013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d86598f06b35592023-02-07 15:09:27.098root 11241100x8000000000000000692012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c559202e2cfd2ce82023-02-07 15:09:27.098root 11241100x8000000000000000692011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59ae3bcea42c2022023-02-07 15:09:27.098root 11241100x8000000000000000692010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3d4b7a9fe9f6462023-02-07 15:09:27.098root 11241100x8000000000000000692009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0215e85412384e2023-02-07 15:09:27.098root 11241100x8000000000000000692033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7fbe28183126ee2023-02-07 15:09:27.099root 11241100x8000000000000000692032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02916d5739c386f52023-02-07 15:09:27.099root 11241100x8000000000000000692031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4908154e03f9b67d2023-02-07 15:09:27.099root 11241100x8000000000000000692030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aeac98e4dee7b12023-02-07 15:09:27.099root 11241100x8000000000000000692029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12bc65b939014b82023-02-07 15:09:27.099root 11241100x8000000000000000692028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72543c59649767642023-02-07 15:09:27.099root 11241100x8000000000000000692027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b104304dc27297fe2023-02-07 15:09:27.099root 11241100x8000000000000000692026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2590ab4d712820912023-02-07 15:09:27.099root 11241100x8000000000000000692025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7426a1dadf5bbf902023-02-07 15:09:27.099root 11241100x8000000000000000692024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f033883b83cf48282023-02-07 15:09:27.099root 11241100x8000000000000000692039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ec7ec3436de3b02023-02-07 15:09:27.595root 11241100x8000000000000000692038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f63acfeffeeba92023-02-07 15:09:27.595root 11241100x8000000000000000692037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f9d956b123b7c62023-02-07 15:09:27.595root 11241100x8000000000000000692036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1253b649c255b592023-02-07 15:09:27.595root 11241100x8000000000000000692035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da0696ffa16d962023-02-07 15:09:27.595root 11241100x8000000000000000692034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06051d79cea56c902023-02-07 15:09:27.595root 11241100x8000000000000000692047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c40dce309d58c02023-02-07 15:09:27.596root 11241100x8000000000000000692046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451449f5c555b192023-02-07 15:09:27.596root 11241100x8000000000000000692045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f85a38746734552023-02-07 15:09:27.596root 11241100x8000000000000000692044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f356c806b0fdbd2023-02-07 15:09:27.596root 11241100x8000000000000000692043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d6d7db44f8c5702023-02-07 15:09:27.596root 11241100x8000000000000000692042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79226186309e9eab2023-02-07 15:09:27.596root 11241100x8000000000000000692041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862fbfffe60644d32023-02-07 15:09:27.596root 11241100x8000000000000000692040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154da92290fb0c92023-02-07 15:09:27.596root 11241100x8000000000000000692051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e3b27f3e778742023-02-07 15:09:27.597root 11241100x8000000000000000692050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc9faa856b9bf1f2023-02-07 15:09:27.597root 11241100x8000000000000000692049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f267ffb7e48175c72023-02-07 15:09:27.597root 11241100x8000000000000000692048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45446976b7ace0662023-02-07 15:09:27.597root 11241100x8000000000000000692055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb3c236712ef472023-02-07 15:09:27.598root 11241100x8000000000000000692054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759c1e03282e8a222023-02-07 15:09:27.598root 11241100x8000000000000000692053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8b126aa4e2a0ed2023-02-07 15:09:27.598root 11241100x8000000000000000692052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5428eaa2649055f32023-02-07 15:09:27.598root 11241100x8000000000000000692059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369d2d3fe05562732023-02-07 15:09:27.599root 11241100x8000000000000000692058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc7e633d00da2202023-02-07 15:09:27.599root 11241100x8000000000000000692057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f910441a7d2de9e02023-02-07 15:09:27.599root 11241100x8000000000000000692056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59267b8a45a8a9c32023-02-07 15:09:27.599root 11241100x8000000000000000692063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d2f02dec7f4ead2023-02-07 15:09:27.600root 11241100x8000000000000000692062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca91e19cdd82e04f2023-02-07 15:09:27.600root 11241100x8000000000000000692061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6041a9cfe2cb5462023-02-07 15:09:27.600root 11241100x8000000000000000692060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00d5648fb16ac8c2023-02-07 15:09:27.600root 11241100x8000000000000000692067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5083e725fe1df8782023-02-07 15:09:27.601root 11241100x8000000000000000692066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6a52ab50bd325b2023-02-07 15:09:27.601root 11241100x8000000000000000692065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50c83dbdf81d9252023-02-07 15:09:27.601root 11241100x8000000000000000692064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0a161b725617c42023-02-07 15:09:27.601root 11241100x8000000000000000692072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0ab644d0c535c2023-02-07 15:09:27.602root 11241100x8000000000000000692071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0884f9b688af2892023-02-07 15:09:27.602root 11241100x8000000000000000692070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36925bfc553d09072023-02-07 15:09:27.602root 11241100x8000000000000000692069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8ca16cf6ec1e82023-02-07 15:09:27.602root 11241100x8000000000000000692068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114430aa3d7ecf0b2023-02-07 15:09:27.602root 23542300x8000000000000000692073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:27.734{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000692075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe9de56686f39f32023-02-07 15:09:28.095root 11241100x8000000000000000692074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7d34e79b129c232023-02-07 15:09:28.095root 11241100x8000000000000000692082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c018266fca0fe52023-02-07 15:09:28.096root 11241100x8000000000000000692081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d371773f02706fe52023-02-07 15:09:28.096root 11241100x8000000000000000692080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe255784ed7d452f2023-02-07 15:09:28.096root 11241100x8000000000000000692079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1d81917618a872023-02-07 15:09:28.096root 11241100x8000000000000000692078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409dc5c6f2395dd22023-02-07 15:09:28.096root 11241100x8000000000000000692077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b24c42ae92579d92023-02-07 15:09:28.096root 11241100x8000000000000000692076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39af685d553b4e12023-02-07 15:09:28.096root 11241100x8000000000000000692088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39ffc3c454192452023-02-07 15:09:28.097root 11241100x8000000000000000692087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cac20e516028f02023-02-07 15:09:28.097root 11241100x8000000000000000692086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db64ca4c3891d9f32023-02-07 15:09:28.097root 11241100x8000000000000000692085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64de659709df646f2023-02-07 15:09:28.097root 11241100x8000000000000000692084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1739a936512d4b6c2023-02-07 15:09:28.097root 11241100x8000000000000000692083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08e4c4b09e5a7362023-02-07 15:09:28.097root 11241100x8000000000000000692091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89a022d4bc4c9902023-02-07 15:09:28.098root 11241100x8000000000000000692090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a8d3eed5782192023-02-07 15:09:28.098root 11241100x8000000000000000692089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cdefa575f39dcb2023-02-07 15:09:28.098root 11241100x8000000000000000692095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c58c2625a7232d2023-02-07 15:09:28.099root 11241100x8000000000000000692094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e292257516d372023-02-07 15:09:28.099root 11241100x8000000000000000692093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264224a065e95d372023-02-07 15:09:28.099root 11241100x8000000000000000692092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cc7ce4e4157b3b2023-02-07 15:09:28.099root 11241100x8000000000000000692106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ec9be1b62262ab2023-02-07 15:09:28.100root 11241100x8000000000000000692105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b37eccb2f9c85f2023-02-07 15:09:28.100root 11241100x8000000000000000692104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267122acc94fe3e72023-02-07 15:09:28.100root 11241100x8000000000000000692103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd841065e70fb4ff2023-02-07 15:09:28.100root 11241100x8000000000000000692102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351e041e3fc322a2023-02-07 15:09:28.100root 11241100x8000000000000000692101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945992d3ce650ed42023-02-07 15:09:28.100root 11241100x8000000000000000692100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79cf43d54e077842023-02-07 15:09:28.100root 11241100x8000000000000000692099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca7f66b8e918e242023-02-07 15:09:28.100root 11241100x8000000000000000692098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e82f0d1b2467d42023-02-07 15:09:28.100root 11241100x8000000000000000692097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584cb76a6380b99d2023-02-07 15:09:28.100root 11241100x8000000000000000692096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0f876960e82a472023-02-07 15:09:28.100root 11241100x8000000000000000692114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94e96c0a7d5a4db2023-02-07 15:09:28.101root 11241100x8000000000000000692113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90eada6683db70a52023-02-07 15:09:28.101root 11241100x8000000000000000692112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42384d97faea29562023-02-07 15:09:28.101root 11241100x8000000000000000692111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc41c2083701462023-02-07 15:09:28.101root 11241100x8000000000000000692110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c609e231b8ab82023-02-07 15:09:28.101root 11241100x8000000000000000692109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08554b75a3858aa2023-02-07 15:09:28.101root 11241100x8000000000000000692108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd041011cefd96b2023-02-07 15:09:28.101root 11241100x8000000000000000692107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7131f7ad26ca4d2023-02-07 15:09:28.101root 11241100x8000000000000000692119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386ec25ebdb161e12023-02-07 15:09:28.102root 11241100x8000000000000000692118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e728606bfe60a5342023-02-07 15:09:28.102root 11241100x8000000000000000692117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e06682916901ec2023-02-07 15:09:28.102root 11241100x8000000000000000692116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024a1b20631a3c202023-02-07 15:09:28.102root 11241100x8000000000000000692115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d867150a086a442023-02-07 15:09:28.102root 11241100x8000000000000000692125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86494fcc0cadd1e2023-02-07 15:09:28.103root 11241100x8000000000000000692124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbae7b7d41430fd2023-02-07 15:09:28.103root 11241100x8000000000000000692123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9821084d0313e1c2023-02-07 15:09:28.103root 11241100x8000000000000000692122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79121c7c5acbd6ff2023-02-07 15:09:28.103root 11241100x8000000000000000692121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5a55548ddda19a2023-02-07 15:09:28.103root 11241100x8000000000000000692120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d1df62f0e891672023-02-07 15:09:28.103root 11241100x8000000000000000692126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e64d3f8b2774c22023-02-07 15:09:28.104root 11241100x8000000000000000692129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354a71bbaeff36402023-02-07 15:09:28.595root 11241100x8000000000000000692128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1448c5b6075a742023-02-07 15:09:28.595root 11241100x8000000000000000692127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f697347bb6a640d32023-02-07 15:09:28.595root 11241100x8000000000000000692139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a1ce7be94f09c12023-02-07 15:09:28.596root 11241100x8000000000000000692138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42136c95bc0aba022023-02-07 15:09:28.596root 11241100x8000000000000000692137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b0a331e2bb08f02023-02-07 15:09:28.596root 11241100x8000000000000000692136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a833e5a5e48faab2023-02-07 15:09:28.596root 11241100x8000000000000000692135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0928ab19df218192023-02-07 15:09:28.596root 11241100x8000000000000000692134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfbc0c8fd7a87c12023-02-07 15:09:28.596root 11241100x8000000000000000692133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9a9939b247aea2023-02-07 15:09:28.596root 11241100x8000000000000000692132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4313062b861500b82023-02-07 15:09:28.596root 11241100x8000000000000000692131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4298475f4fb03a2023-02-07 15:09:28.596root 11241100x8000000000000000692130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b0138ee6e0b4e52023-02-07 15:09:28.596root 11241100x8000000000000000692148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec6f6ec30816fdb2023-02-07 15:09:28.597root 11241100x8000000000000000692147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61611bd64cf6b2922023-02-07 15:09:28.597root 11241100x8000000000000000692146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb7eb785a681eb82023-02-07 15:09:28.597root 11241100x8000000000000000692145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8c264c80a8ae42023-02-07 15:09:28.597root 11241100x8000000000000000692144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9514562fef8d768f2023-02-07 15:09:28.597root 11241100x8000000000000000692143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa0fe3ee90e3bec2023-02-07 15:09:28.597root 11241100x8000000000000000692142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b299a165b9e3c52023-02-07 15:09:28.597root 11241100x8000000000000000692141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21dc347606148362023-02-07 15:09:28.597root 11241100x8000000000000000692140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9946e6a4c83afc812023-02-07 15:09:28.597root 11241100x8000000000000000692160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5271b857c05d31112023-02-07 15:09:28.598root 11241100x8000000000000000692159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0f21a09ea2738f2023-02-07 15:09:28.598root 11241100x8000000000000000692158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da9dc086257d4d2023-02-07 15:09:28.598root 11241100x8000000000000000692157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4c28f67e9d94c12023-02-07 15:09:28.598root 11241100x8000000000000000692156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e799e7c85bd946e2023-02-07 15:09:28.598root 11241100x8000000000000000692155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b628a1bf4cc8d9b32023-02-07 15:09:28.598root 11241100x8000000000000000692154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051be8ea4b4cc6592023-02-07 15:09:28.598root 11241100x8000000000000000692153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8632b1557130ba922023-02-07 15:09:28.598root 11241100x8000000000000000692152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0198a236966d49262023-02-07 15:09:28.598root 11241100x8000000000000000692151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9603faa2c20980b02023-02-07 15:09:28.598root 11241100x8000000000000000692150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930b2bcc522970f82023-02-07 15:09:28.598root 11241100x8000000000000000692149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06898f3bb35793522023-02-07 15:09:28.598root 11241100x8000000000000000692175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ca4e67a6df4db22023-02-07 15:09:28.599root 11241100x8000000000000000692174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bbd86ee827822d2023-02-07 15:09:28.599root 11241100x8000000000000000692173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558a5405435268fe2023-02-07 15:09:28.599root 11241100x8000000000000000692172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a489a86dfbdd49462023-02-07 15:09:28.599root 11241100x8000000000000000692171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5739769e417ee82023-02-07 15:09:28.599root 11241100x8000000000000000692170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38f5e3c88437bb12023-02-07 15:09:28.599root 11241100x8000000000000000692169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d0d9d0d0cbdcd02023-02-07 15:09:28.599root 11241100x8000000000000000692168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebd004bb2ed631d2023-02-07 15:09:28.599root 11241100x8000000000000000692167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d01046f30e70f602023-02-07 15:09:28.599root 11241100x8000000000000000692166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc28686c36b72852023-02-07 15:09:28.599root 11241100x8000000000000000692165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93024732973a4a692023-02-07 15:09:28.599root 11241100x8000000000000000692164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f099491beb0e222023-02-07 15:09:28.599root 11241100x8000000000000000692163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb69039d9856c5db2023-02-07 15:09:28.599root 11241100x8000000000000000692162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dce1b2eba1151c92023-02-07 15:09:28.599root 11241100x8000000000000000692161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f107172cd237536e2023-02-07 15:09:28.599root 11241100x8000000000000000692191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edbc042f7f022662023-02-07 15:09:28.600root 11241100x8000000000000000692190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e920f84c90d4452023-02-07 15:09:28.600root 11241100x8000000000000000692189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599626786ab94f6a2023-02-07 15:09:28.600root 11241100x8000000000000000692188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649c59063ed57fa22023-02-07 15:09:28.600root 11241100x8000000000000000692187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbe781562fa1a7a2023-02-07 15:09:28.600root 11241100x8000000000000000692186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc414a5ce72fee0a2023-02-07 15:09:28.600root 11241100x8000000000000000692185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7320f91e5dff5612023-02-07 15:09:28.600root 11241100x8000000000000000692184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c5a81ff8599ab2023-02-07 15:09:28.600root 11241100x8000000000000000692183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104694f718e178b02023-02-07 15:09:28.600root 11241100x8000000000000000692182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af106db6dbdadc02023-02-07 15:09:28.600root 11241100x8000000000000000692181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8973659b7d3b88122023-02-07 15:09:28.600root 11241100x8000000000000000692180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0970005bb4c3402023-02-07 15:09:28.600root 11241100x8000000000000000692179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f2bc88702d5c352023-02-07 15:09:28.600root 11241100x8000000000000000692178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e50273a4052f8b72023-02-07 15:09:28.600root 11241100x8000000000000000692177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d6c6b6c3d67fea2023-02-07 15:09:28.600root 11241100x8000000000000000692176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc21e37ca0543c112023-02-07 15:09:28.600root 11241100x8000000000000000692207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dd15c6b6da4b3f2023-02-07 15:09:28.601root 11241100x8000000000000000692206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726af79ea16174752023-02-07 15:09:28.601root 11241100x8000000000000000692205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5d3eaca9b2e722023-02-07 15:09:28.601root 11241100x8000000000000000692204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5f564e2fb231852023-02-07 15:09:28.601root 11241100x8000000000000000692203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94a048fb632f8b2023-02-07 15:09:28.601root 11241100x8000000000000000692202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4efcaf22b9b51232023-02-07 15:09:28.601root 11241100x8000000000000000692201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702b15d24e5410e52023-02-07 15:09:28.601root 11241100x8000000000000000692200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eda269d1f5969a2023-02-07 15:09:28.601root 11241100x8000000000000000692199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357fb8d4820b06232023-02-07 15:09:28.601root 11241100x8000000000000000692198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af49bc03160e10c42023-02-07 15:09:28.601root 11241100x8000000000000000692197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162442236b2412a32023-02-07 15:09:28.601root 11241100x8000000000000000692196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82c5db14f6bd8442023-02-07 15:09:28.601root 11241100x8000000000000000692195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18386c6c83e1c0462023-02-07 15:09:28.601root 11241100x8000000000000000692194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f7ec00b3b0fef2023-02-07 15:09:28.601root 11241100x8000000000000000692193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e92803f1118f0d72023-02-07 15:09:28.601root 11241100x8000000000000000692192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360491a15db289d52023-02-07 15:09:28.601root 11241100x8000000000000000692223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0804168fd442472023-02-07 15:09:28.602root 11241100x8000000000000000692222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f69e1b47305cac2023-02-07 15:09:28.602root 11241100x8000000000000000692221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c0e86aaef31e072023-02-07 15:09:28.602root 11241100x8000000000000000692220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6be57be907d4d602023-02-07 15:09:28.602root 11241100x8000000000000000692219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766358f0eb4494a52023-02-07 15:09:28.602root 11241100x8000000000000000692218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb5a656a230880a2023-02-07 15:09:28.602root 11241100x8000000000000000692217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa5356ca583b8322023-02-07 15:09:28.602root 11241100x8000000000000000692216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ac878e9943ca8f2023-02-07 15:09:28.602root 11241100x8000000000000000692215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798f3132ad12494d2023-02-07 15:09:28.602root 11241100x8000000000000000692214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d209f566d55344502023-02-07 15:09:28.602root 11241100x8000000000000000692213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2594ee0b2790d55c2023-02-07 15:09:28.602root 11241100x8000000000000000692212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87744692b50996f72023-02-07 15:09:28.602root 11241100x8000000000000000692211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1251f18b3e87baf2023-02-07 15:09:28.602root 11241100x8000000000000000692210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8ab330550caf332023-02-07 15:09:28.602root 11241100x8000000000000000692209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ded32a0ea3f75f2023-02-07 15:09:28.602root 11241100x8000000000000000692208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc22e365c5c3ba12023-02-07 15:09:28.602root 11241100x8000000000000000692229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072c9ef5cdf1dc72023-02-07 15:09:28.603root 11241100x8000000000000000692228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22501a90cebfeb2023-02-07 15:09:28.603root 11241100x8000000000000000692227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2afc337aa01a5c2023-02-07 15:09:28.603root 11241100x8000000000000000692226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49081f571743cf752023-02-07 15:09:28.603root 11241100x8000000000000000692225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a3b67d5887fa92023-02-07 15:09:28.603root 11241100x8000000000000000692224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cb24b2288cd3052023-02-07 15:09:28.603root 11241100x8000000000000000692238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbe14fa58415a2d2023-02-07 15:09:28.604root 11241100x8000000000000000692237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dccd1cf0492f8c2023-02-07 15:09:28.604root 11241100x8000000000000000692236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a587ae4eb080142023-02-07 15:09:28.604root 11241100x8000000000000000692235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b22f641c16970ee2023-02-07 15:09:28.604root 11241100x8000000000000000692234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1efa9b4c2df861a2023-02-07 15:09:28.604root 11241100x8000000000000000692233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e14875ef226dfa2023-02-07 15:09:28.604root 11241100x8000000000000000692232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04cdf6213b930e92023-02-07 15:09:28.604root 11241100x8000000000000000692231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f6b693a0df97562023-02-07 15:09:28.604root 11241100x8000000000000000692230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458444440242bf8a2023-02-07 15:09:28.604root 11241100x8000000000000000692241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fa38a0ed8baf572023-02-07 15:09:28.605root 11241100x8000000000000000692240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114d51439bedb62b2023-02-07 15:09:28.605root 11241100x8000000000000000692239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:28.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292581a4715f4eb52023-02-07 15:09:28.605root 11241100x8000000000000000692245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4631f4c7f91bfb2023-02-07 15:09:29.095root 11241100x8000000000000000692244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc7f2dc416b7b522023-02-07 15:09:29.095root 11241100x8000000000000000692243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6254b28fe2cb77d2023-02-07 15:09:29.095root 11241100x8000000000000000692242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb270ffe92123982023-02-07 15:09:29.095root 11241100x8000000000000000692248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac65378e65f8dbca2023-02-07 15:09:29.096root 11241100x8000000000000000692247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65459c597ba98f6c2023-02-07 15:09:29.096root 11241100x8000000000000000692246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1ca8afca136adc2023-02-07 15:09:29.096root 11241100x8000000000000000692251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8835e585077acb12023-02-07 15:09:29.097root 11241100x8000000000000000692250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f2ee41aae990e92023-02-07 15:09:29.097root 11241100x8000000000000000692249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e68eefb41a4c4bf2023-02-07 15:09:29.097root 11241100x8000000000000000692253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15641876572318272023-02-07 15:09:29.098root 11241100x8000000000000000692252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0205d9ef61943bb52023-02-07 15:09:29.098root 11241100x8000000000000000692259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7018a314a44f2b3d2023-02-07 15:09:29.099root 11241100x8000000000000000692258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f73aafc48e3fa922023-02-07 15:09:29.099root 11241100x8000000000000000692257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d819973c9451422023-02-07 15:09:29.099root 11241100x8000000000000000692256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76d5a7579b3c412023-02-07 15:09:29.099root 11241100x8000000000000000692255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e355c91ce93e25f72023-02-07 15:09:29.099root 11241100x8000000000000000692254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6495897b98d89e792023-02-07 15:09:29.099root 11241100x8000000000000000692268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f90b94fdab1c4a2023-02-07 15:09:29.100root 11241100x8000000000000000692267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80d29c4ed2d162e2023-02-07 15:09:29.100root 11241100x8000000000000000692266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ab6ed13f2185922023-02-07 15:09:29.100root 11241100x8000000000000000692265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3cb72ee04069e42023-02-07 15:09:29.100root 11241100x8000000000000000692264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53c5d9165b3a7172023-02-07 15:09:29.100root 11241100x8000000000000000692263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a841c60686f3572023-02-07 15:09:29.100root 11241100x8000000000000000692262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e4bb49279feb12023-02-07 15:09:29.100root 11241100x8000000000000000692261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79c92da1388db032023-02-07 15:09:29.100root 11241100x8000000000000000692260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f7f4f87bd6ba2f2023-02-07 15:09:29.100root 11241100x8000000000000000692277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e7cc9094b215992023-02-07 15:09:29.101root 11241100x8000000000000000692276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c369ab29ea99be72023-02-07 15:09:29.101root 11241100x8000000000000000692275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c41cfef2d8604312023-02-07 15:09:29.101root 11241100x8000000000000000692274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8edcbc18f6ec4452023-02-07 15:09:29.101root 11241100x8000000000000000692273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060f67937c92b0e92023-02-07 15:09:29.101root 11241100x8000000000000000692272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6203cee76dd0b9d02023-02-07 15:09:29.101root 11241100x8000000000000000692271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0a7157bd84f4142023-02-07 15:09:29.101root 11241100x8000000000000000692270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d539da8c54e587c2023-02-07 15:09:29.101root 11241100x8000000000000000692269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5b40cd082de3c12023-02-07 15:09:29.101root 11241100x8000000000000000692284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85cc10b66275f952023-02-07 15:09:29.102root 11241100x8000000000000000692283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4107400b58851372023-02-07 15:09:29.102root 11241100x8000000000000000692282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e43a275c560a52023-02-07 15:09:29.102root 11241100x8000000000000000692281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ee9bac6b12fc8e2023-02-07 15:09:29.102root 11241100x8000000000000000692280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4db93418f57f9dd2023-02-07 15:09:29.102root 11241100x8000000000000000692279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcfb241ad34ebdd2023-02-07 15:09:29.102root 11241100x8000000000000000692278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7747709c92866f12023-02-07 15:09:29.102root 11241100x8000000000000000692288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a1ae9058b445a32023-02-07 15:09:29.103root 11241100x8000000000000000692287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c44ab1649a75a12023-02-07 15:09:29.103root 11241100x8000000000000000692286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52831296f06b1412023-02-07 15:09:29.103root 11241100x8000000000000000692285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47dc8f1863758372023-02-07 15:09:29.103root 11241100x8000000000000000692292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbba96e2896f30f22023-02-07 15:09:29.104root 11241100x8000000000000000692291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b173aef86d1c5a2023-02-07 15:09:29.104root 11241100x8000000000000000692290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8425baeb7de39f2023-02-07 15:09:29.104root 11241100x8000000000000000692289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02cab9452220d7f2023-02-07 15:09:29.104root 11241100x8000000000000000692297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31785ff744e561a52023-02-07 15:09:29.105root 11241100x8000000000000000692296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4262877910e553302023-02-07 15:09:29.105root 11241100x8000000000000000692295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a2b41f92c9997e2023-02-07 15:09:29.105root 11241100x8000000000000000692294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1065c4fdd8b17ee2023-02-07 15:09:29.105root 11241100x8000000000000000692293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9226dc8686f5fa672023-02-07 15:09:29.105root 11241100x8000000000000000692304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7c47057ccc6dd02023-02-07 15:09:29.106root 11241100x8000000000000000692303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77f95bff54fb4a2023-02-07 15:09:29.106root 11241100x8000000000000000692302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a87c983009a92f2023-02-07 15:09:29.106root 11241100x8000000000000000692301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50de7007a1eae62023-02-07 15:09:29.106root 11241100x8000000000000000692300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd41924994d19dfa2023-02-07 15:09:29.106root 11241100x8000000000000000692299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d795a74bcb846d572023-02-07 15:09:29.106root 11241100x8000000000000000692298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f291cba670603d652023-02-07 15:09:29.106root 11241100x8000000000000000692308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c6d8d2436deda72023-02-07 15:09:29.107root 11241100x8000000000000000692307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a45f827b614c3e2023-02-07 15:09:29.107root 11241100x8000000000000000692306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d00963542713712023-02-07 15:09:29.107root 11241100x8000000000000000692305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62c8c1176be355b2023-02-07 15:09:29.107root 11241100x8000000000000000692312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976c7cddf37c9aed2023-02-07 15:09:29.595root 11241100x8000000000000000692311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922493ec0bff9da2023-02-07 15:09:29.595root 11241100x8000000000000000692310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689d764b590bcf782023-02-07 15:09:29.595root 11241100x8000000000000000692309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3691c1ca1eff8bf82023-02-07 15:09:29.595root 11241100x8000000000000000692318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d990f6d24230d32023-02-07 15:09:29.596root 11241100x8000000000000000692317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf1ef414f1d7d622023-02-07 15:09:29.596root 11241100x8000000000000000692316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9bdd7b6ffa73182023-02-07 15:09:29.596root 11241100x8000000000000000692315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befb6d41d5d4fbc92023-02-07 15:09:29.596root 11241100x8000000000000000692314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa5d66946fe81c22023-02-07 15:09:29.596root 11241100x8000000000000000692313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076348d5a00963bd2023-02-07 15:09:29.596root 11241100x8000000000000000692323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d892cdaeb0608222023-02-07 15:09:29.597root 11241100x8000000000000000692322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645277fe6fc53a5b2023-02-07 15:09:29.597root 11241100x8000000000000000692321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dbcf7ce83a73fc2023-02-07 15:09:29.597root 11241100x8000000000000000692320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3e390bafcb56952023-02-07 15:09:29.597root 11241100x8000000000000000692319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96eea79a7bbfeca2023-02-07 15:09:29.597root 11241100x8000000000000000692328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30244adbb2bd2582023-02-07 15:09:29.598root 11241100x8000000000000000692327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7792ec84c766bd6f2023-02-07 15:09:29.598root 11241100x8000000000000000692326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd42b5d3940070372023-02-07 15:09:29.598root 11241100x8000000000000000692325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f34bf9ad11e0c5f2023-02-07 15:09:29.598root 11241100x8000000000000000692324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506fb999b2b76b6b2023-02-07 15:09:29.598root 11241100x8000000000000000692332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef1bf52602269a62023-02-07 15:09:29.599root 11241100x8000000000000000692331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfce934d6c6d86c2023-02-07 15:09:29.599root 11241100x8000000000000000692330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e679eb6da99054c72023-02-07 15:09:29.599root 11241100x8000000000000000692329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72da9e562ba93bf2023-02-07 15:09:29.599root 11241100x8000000000000000692337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e6614f52e928802023-02-07 15:09:29.600root 11241100x8000000000000000692336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ae2bdd47b99b492023-02-07 15:09:29.600root 11241100x8000000000000000692335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedfd745d19700862023-02-07 15:09:29.600root 11241100x8000000000000000692334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccaec800b5cb8172023-02-07 15:09:29.600root 11241100x8000000000000000692333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cfbcb7043bbb332023-02-07 15:09:29.600root 11241100x8000000000000000692342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5146333627aacc052023-02-07 15:09:29.601root 11241100x8000000000000000692341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691616d34452daf2023-02-07 15:09:29.601root 11241100x8000000000000000692340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3bcd30aac8e25e2023-02-07 15:09:29.601root 11241100x8000000000000000692339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6476ce30a3371362023-02-07 15:09:29.601root 11241100x8000000000000000692338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41577d312a8a59a2023-02-07 15:09:29.601root 11241100x8000000000000000692346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d54babc36f6af4b2023-02-07 15:09:29.602root 11241100x8000000000000000692345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac141a3ee2763b2023-02-07 15:09:29.602root 11241100x8000000000000000692344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7550969370ccda932023-02-07 15:09:29.602root 11241100x8000000000000000692343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fa8931d684b9672023-02-07 15:09:29.602root 11241100x8000000000000000692351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e5791b4f6ec812023-02-07 15:09:29.603root 11241100x8000000000000000692350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aed173a1891d2b2023-02-07 15:09:29.603root 11241100x8000000000000000692349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06b1e7b4740be0a2023-02-07 15:09:29.603root 11241100x8000000000000000692348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1054da744bd5cd592023-02-07 15:09:29.603root 11241100x8000000000000000692347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a74528a0faad5e2023-02-07 15:09:29.603root 11241100x8000000000000000692355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab395992deee5c232023-02-07 15:09:29.604root 11241100x8000000000000000692354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15916a5d12a4c47a2023-02-07 15:09:29.604root 11241100x8000000000000000692353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9a4e54a93c08712023-02-07 15:09:29.604root 11241100x8000000000000000692352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a253006aca2ccb2023-02-07 15:09:29.604root 11241100x8000000000000000692359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b81ae7a597afc6e2023-02-07 15:09:29.605root 11241100x8000000000000000692358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf36473477386b2023-02-07 15:09:29.605root 11241100x8000000000000000692357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa0d1afaa2e6ef2023-02-07 15:09:29.605root 11241100x8000000000000000692356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a0bf2a2cc02482023-02-07 15:09:29.605root 11241100x8000000000000000692363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3833d3b23ff4565b2023-02-07 15:09:29.606root 11241100x8000000000000000692362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e294c6c2a0e682023-02-07 15:09:29.606root 11241100x8000000000000000692361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbd2e9ad82ce9602023-02-07 15:09:29.606root 11241100x8000000000000000692360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd02c161e06c3b282023-02-07 15:09:29.606root 11241100x8000000000000000692368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af1aa1c6e9bce662023-02-07 15:09:29.607root 11241100x8000000000000000692367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9975b76d14c4ef732023-02-07 15:09:29.607root 11241100x8000000000000000692366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a866fa7c34c9662023-02-07 15:09:29.607root 11241100x8000000000000000692365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6731b47a93fde92023-02-07 15:09:29.607root 11241100x8000000000000000692364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fafb30930063102023-02-07 15:09:29.607root 11241100x8000000000000000692369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:29.608{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684f4964531010f12023-02-07 15:09:29.608root 11241100x8000000000000000692371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b35aac5d36ce52023-02-07 15:09:30.095root 11241100x8000000000000000692370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4587ca911b302f02023-02-07 15:09:30.095root 11241100x8000000000000000692379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cc62a5276584b92023-02-07 15:09:30.096root 11241100x8000000000000000692378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e40859fd9741d52023-02-07 15:09:30.096root 11241100x8000000000000000692377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f28b76ce49a33f2023-02-07 15:09:30.096root 11241100x8000000000000000692376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cb35a38401aaea2023-02-07 15:09:30.096root 11241100x8000000000000000692375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d164aa287cdcc3d02023-02-07 15:09:30.096root 11241100x8000000000000000692374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2005c01cb78acb2023-02-07 15:09:30.096root 11241100x8000000000000000692373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da21e8b0208a3ffb2023-02-07 15:09:30.096root 11241100x8000000000000000692372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55396548a6c9ab082023-02-07 15:09:30.096root 11241100x8000000000000000692389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8187682478e792023-02-07 15:09:30.097root 11241100x8000000000000000692388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37fa8797f6451982023-02-07 15:09:30.097root 11241100x8000000000000000692387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f203eee7c695e2023-02-07 15:09:30.097root 11241100x8000000000000000692386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976535fc4cd1ed962023-02-07 15:09:30.097root 11241100x8000000000000000692385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d935715114b7312023-02-07 15:09:30.097root 11241100x8000000000000000692384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271bd583512e27292023-02-07 15:09:30.097root 11241100x8000000000000000692383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48281e35348baebb2023-02-07 15:09:30.097root 11241100x8000000000000000692382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf9ae5b183d6a672023-02-07 15:09:30.097root 11241100x8000000000000000692381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5095c5f008d43d3a2023-02-07 15:09:30.097root 11241100x8000000000000000692380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283f3aea7bcea4db2023-02-07 15:09:30.097root 11241100x8000000000000000692400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021fb9380760a8002023-02-07 15:09:30.098root 11241100x8000000000000000692399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04217198dcac86372023-02-07 15:09:30.098root 11241100x8000000000000000692398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a459892cf1af1d2023-02-07 15:09:30.098root 11241100x8000000000000000692397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b316075f461f57f2023-02-07 15:09:30.098root 11241100x8000000000000000692396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f55df107fe34e612023-02-07 15:09:30.098root 11241100x8000000000000000692395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7369c6febcd18452023-02-07 15:09:30.098root 11241100x8000000000000000692394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb0f0467b8236962023-02-07 15:09:30.098root 11241100x8000000000000000692393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f86d49acbafb482023-02-07 15:09:30.098root 11241100x8000000000000000692392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2701f2f2739161ca2023-02-07 15:09:30.098root 11241100x8000000000000000692391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff527e3879c7d312023-02-07 15:09:30.098root 11241100x8000000000000000692390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53da9d496451b9b22023-02-07 15:09:30.098root 11241100x8000000000000000692410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97224bf4fae746fa2023-02-07 15:09:30.099root 11241100x8000000000000000692409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe115782b09d04d72023-02-07 15:09:30.099root 11241100x8000000000000000692408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e587366934b6d72e2023-02-07 15:09:30.099root 11241100x8000000000000000692407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb420197e34e8bd32023-02-07 15:09:30.099root 11241100x8000000000000000692406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28fbdfdc050452a2023-02-07 15:09:30.099root 11241100x8000000000000000692405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ca24f8cd5b409f2023-02-07 15:09:30.099root 11241100x8000000000000000692404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4910635441ac26142023-02-07 15:09:30.099root 11241100x8000000000000000692403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04355cac9687e5f62023-02-07 15:09:30.099root 11241100x8000000000000000692402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f05ac5d3f8fd542023-02-07 15:09:30.099root 11241100x8000000000000000692401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8772ef0fc820a1d2023-02-07 15:09:30.099root 11241100x8000000000000000692412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83acffe12d786df2023-02-07 15:09:30.100root 11241100x8000000000000000692411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c302fd44b2b2dce2023-02-07 15:09:30.100root 11241100x8000000000000000692416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f9b476e34c02b72023-02-07 15:09:30.595root 11241100x8000000000000000692415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a747a8cecd0075162023-02-07 15:09:30.595root 11241100x8000000000000000692414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93623194d6d284a2023-02-07 15:09:30.595root 11241100x8000000000000000692413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343712b645020dcc2023-02-07 15:09:30.595root 11241100x8000000000000000692420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e12129ab43f17c2023-02-07 15:09:30.596root 11241100x8000000000000000692419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1134429a86139c672023-02-07 15:09:30.596root 11241100x8000000000000000692418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b92bd36b48c98c42023-02-07 15:09:30.596root 11241100x8000000000000000692417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f59d68d9be95d842023-02-07 15:09:30.596root 11241100x8000000000000000692424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a188b38566aecc2023-02-07 15:09:30.597root 11241100x8000000000000000692423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa26f2eee1d7bb42023-02-07 15:09:30.597root 11241100x8000000000000000692422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e79d405c23a342023-02-07 15:09:30.597root 11241100x8000000000000000692421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec7f098b6748e3d2023-02-07 15:09:30.597root 11241100x8000000000000000692431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c6784982a72ec02023-02-07 15:09:30.598root 11241100x8000000000000000692430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b5da8b5260df122023-02-07 15:09:30.598root 11241100x8000000000000000692429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27e4d4ad9c79da2023-02-07 15:09:30.598root 11241100x8000000000000000692428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6acc06c46c0a002023-02-07 15:09:30.598root 11241100x8000000000000000692427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545e1ff8be3438152023-02-07 15:09:30.598root 11241100x8000000000000000692426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb5c22f242e1412023-02-07 15:09:30.598root 11241100x8000000000000000692425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5c94edd9960eff2023-02-07 15:09:30.598root 11241100x8000000000000000692437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f97e62214b08872023-02-07 15:09:30.599root 11241100x8000000000000000692436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e7cdc505567a852023-02-07 15:09:30.599root 11241100x8000000000000000692435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b571d4bee4b485442023-02-07 15:09:30.599root 11241100x8000000000000000692434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d098bd52075ed092023-02-07 15:09:30.599root 11241100x8000000000000000692433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6ee29c16a588692023-02-07 15:09:30.599root 11241100x8000000000000000692432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39446f18466d54d2023-02-07 15:09:30.599root 11241100x8000000000000000692444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6304f463f07d061e2023-02-07 15:09:30.600root 11241100x8000000000000000692443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9dbe8bea163b32023-02-07 15:09:30.600root 11241100x8000000000000000692442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef684dfbb1acedf2023-02-07 15:09:30.600root 11241100x8000000000000000692441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef3f83c04dcd702023-02-07 15:09:30.600root 11241100x8000000000000000692440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c43b4bd4c5798a12023-02-07 15:09:30.600root 11241100x8000000000000000692439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1200f4428648032c2023-02-07 15:09:30.600root 11241100x8000000000000000692438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac03631ab8848d92023-02-07 15:09:30.600root 11241100x8000000000000000692448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37ae2889a0a2aab2023-02-07 15:09:30.601root 11241100x8000000000000000692447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec893a02516d9c02023-02-07 15:09:30.601root 11241100x8000000000000000692446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154d73731cbf45c12023-02-07 15:09:30.601root 11241100x8000000000000000692445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a880b7e8016cc12023-02-07 15:09:30.601root 11241100x8000000000000000692450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdecf21fee247702023-02-07 15:09:31.095root 11241100x8000000000000000692449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bad76eb9422d6a22023-02-07 15:09:31.095root 11241100x8000000000000000692455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e22ca555f80734d2023-02-07 15:09:31.096root 11241100x8000000000000000692454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275c98b81377b23c2023-02-07 15:09:31.096root 11241100x8000000000000000692453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e74431f6813958f2023-02-07 15:09:31.096root 11241100x8000000000000000692452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0619582b45f909892023-02-07 15:09:31.096root 11241100x8000000000000000692451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7947406cc9bdab32023-02-07 15:09:31.096root 11241100x8000000000000000692464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e600f293e8b3b2023-02-07 15:09:31.097root 11241100x8000000000000000692463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6f9745ceadd972023-02-07 15:09:31.097root 11241100x8000000000000000692462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb57750de15cf52023-02-07 15:09:31.097root 11241100x8000000000000000692461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50bcba220f767fb2023-02-07 15:09:31.097root 11241100x8000000000000000692460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7df1372aaf59752023-02-07 15:09:31.097root 11241100x8000000000000000692459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bffd8658b736332023-02-07 15:09:31.097root 11241100x8000000000000000692458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8586512abbd3ce62023-02-07 15:09:31.097root 11241100x8000000000000000692457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a645ec3a39c1baa2023-02-07 15:09:31.097root 11241100x8000000000000000692456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1199664a64d7aac2023-02-07 15:09:31.097root 11241100x8000000000000000692467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140a1350ba73bc392023-02-07 15:09:31.098root 11241100x8000000000000000692466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41789c7e444bb2f72023-02-07 15:09:31.098root 11241100x8000000000000000692465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cec9ed5071426d62023-02-07 15:09:31.098root 11241100x8000000000000000692471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ebc2a22e65b6a92023-02-07 15:09:31.099root 11241100x8000000000000000692470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a925560898c9a3e2023-02-07 15:09:31.099root 11241100x8000000000000000692469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afb8f830286934e2023-02-07 15:09:31.099root 11241100x8000000000000000692468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d572f7d778e5552023-02-07 15:09:31.099root 11241100x8000000000000000692473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212faccd21d65fbf2023-02-07 15:09:31.101root 11241100x8000000000000000692472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e3c8bd64a399f2023-02-07 15:09:31.101root 11241100x8000000000000000692480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3735268e983953222023-02-07 15:09:31.102root 11241100x8000000000000000692479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fafadb366172ff72023-02-07 15:09:31.102root 11241100x8000000000000000692478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be550164fd8c05382023-02-07 15:09:31.102root 11241100x8000000000000000692477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3c10f7b670d87c2023-02-07 15:09:31.102root 11241100x8000000000000000692476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fbce724cfe7b1d2023-02-07 15:09:31.102root 11241100x8000000000000000692475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d9ca5bbfdc6182023-02-07 15:09:31.102root 11241100x8000000000000000692474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82952e66853fbdb2023-02-07 15:09:31.102root 11241100x8000000000000000692483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c34353207cc082023-02-07 15:09:31.103root 11241100x8000000000000000692482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884d75bdbe4dd7f82023-02-07 15:09:31.103root 11241100x8000000000000000692481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e5167a3d19ad792023-02-07 15:09:31.103root 11241100x8000000000000000692486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6048f76e1fe0332023-02-07 15:09:31.104root 11241100x8000000000000000692485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e24686aa5e20412023-02-07 15:09:31.104root 11241100x8000000000000000692484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d885fcf46221972023-02-07 15:09:31.104root 11241100x8000000000000000692489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c28823fe33749d2023-02-07 15:09:31.105root 11241100x8000000000000000692488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab28dc8a9548a8e62023-02-07 15:09:31.105root 11241100x8000000000000000692487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e375dcac76dfc02023-02-07 15:09:31.105root 354300x8000000000000000692490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.169{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44182-false10.0.1.12-8000- 11241100x8000000000000000692497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311040b167e2e7ee2023-02-07 15:09:31.595root 11241100x8000000000000000692496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c1967d70b8ac8d2023-02-07 15:09:31.595root 11241100x8000000000000000692495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c7e0deeea5fab72023-02-07 15:09:31.595root 11241100x8000000000000000692494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb3ab4049f461222023-02-07 15:09:31.595root 11241100x8000000000000000692493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ac70e2dcbe41862023-02-07 15:09:31.595root 11241100x8000000000000000692492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6ef78e4630e7302023-02-07 15:09:31.595root 11241100x8000000000000000692491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341946d38d4b29672023-02-07 15:09:31.595root 11241100x8000000000000000692510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2f5173148930a72023-02-07 15:09:31.596root 11241100x8000000000000000692509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cb81aa5db963742023-02-07 15:09:31.596root 11241100x8000000000000000692508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2301a2303c9abb582023-02-07 15:09:31.596root 11241100x8000000000000000692507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d6168c16172f9c2023-02-07 15:09:31.596root 11241100x8000000000000000692506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b856f6643e467a2023-02-07 15:09:31.596root 11241100x8000000000000000692505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cfa4a30c5837fc2023-02-07 15:09:31.596root 11241100x8000000000000000692504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920843c32e3b876f2023-02-07 15:09:31.596root 11241100x8000000000000000692503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e6b47154db4a32023-02-07 15:09:31.596root 11241100x8000000000000000692502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569b4a441b799ef42023-02-07 15:09:31.596root 11241100x8000000000000000692501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d77598a645b83672023-02-07 15:09:31.596root 11241100x8000000000000000692500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ec437b9dede372023-02-07 15:09:31.596root 11241100x8000000000000000692499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd8ecc470d509af2023-02-07 15:09:31.596root 11241100x8000000000000000692498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1ff172f274ab6b2023-02-07 15:09:31.596root 11241100x8000000000000000692511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ec9108251bb1372023-02-07 15:09:31.597root 354300x8000000000000000692549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:37.123{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51134-false10.0.1.12-8000- 11241100x8000000000000000692550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfbd0ba23a932bb2023-02-07 15:09:37.595root 11241100x8000000000000000692551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a4640cef2ded3f2023-02-07 15:09:38.095root 11241100x8000000000000000692552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb83cdaae0ca79122023-02-07 15:09:38.595root 11241100x8000000000000000692553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b923b3027e4ed3152023-02-07 15:09:39.095root 11241100x8000000000000000692554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fafe8c2053c226a2023-02-07 15:09:39.595root 11241100x8000000000000000692555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8bd7390ce6abb92023-02-07 15:09:40.095root 11241100x8000000000000000692556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994a6ea35ffa54482023-02-07 15:09:40.595root 11241100x8000000000000000692557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a2d22db81e34ad2023-02-07 15:09:41.095root 11241100x8000000000000000692558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade6146b54c70e92023-02-07 15:09:41.595root 11241100x8000000000000000692559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac29a29ca988712d2023-02-07 15:09:42.095root 354300x8000000000000000692560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.169{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51142-false10.0.1.12-8000- 11241100x8000000000000000692562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788fdbcd06508ff22023-02-07 15:09:42.595root 11241100x8000000000000000692561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edf9d447c34635a2023-02-07 15:09:42.595root 11241100x8000000000000000692564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638cad456f6e00912023-02-07 15:09:43.095root 11241100x8000000000000000692563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee28d496d5a56cc2023-02-07 15:09:43.095root 11241100x8000000000000000692566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24240f4f1f97a1bd2023-02-07 15:09:43.595root 11241100x8000000000000000692565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb57d0e7dafd6602023-02-07 15:09:43.595root 11241100x8000000000000000692568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12db4b0dcc3a87482023-02-07 15:09:44.095root 11241100x8000000000000000692567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540af9e816559e292023-02-07 15:09:44.095root 11241100x8000000000000000692570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66e7634e1698da2023-02-07 15:09:44.595root 11241100x8000000000000000692569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26cbdbcf900c7072023-02-07 15:09:44.595root 11241100x8000000000000000692572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5275bed9810f192023-02-07 15:09:45.095root 11241100x8000000000000000692571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d861812fa83a172023-02-07 15:09:45.095root 11241100x8000000000000000692574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea5e0e2bb0f6f32023-02-07 15:09:45.595root 11241100x8000000000000000692573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e250c8f19756942023-02-07 15:09:45.595root 11241100x8000000000000000692576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045cb65a849ab5182023-02-07 15:09:46.095root 11241100x8000000000000000692575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae449f5f4fae8b02023-02-07 15:09:46.095root 11241100x8000000000000000692578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d006f804f092a12023-02-07 15:09:46.595root 11241100x8000000000000000692577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3d924dfe64ef4f2023-02-07 15:09:46.595root 11241100x8000000000000000692580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7287c5457c19bcb32023-02-07 15:09:47.095root 11241100x8000000000000000692579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bf5f44d94bc79e2023-02-07 15:09:47.095root 354300x8000000000000000692581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.247{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47776-false10.0.1.12-8000- 11241100x8000000000000000692584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c41ece8b38bd2f22023-02-07 15:09:47.595root 11241100x8000000000000000692583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3976c8cb666c45172023-02-07 15:09:47.595root 11241100x8000000000000000692582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53bca19535daafd2023-02-07 15:09:47.595root 11241100x8000000000000000692587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa39145c1666e03c2023-02-07 15:09:48.095root 11241100x8000000000000000692586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f60831445a9c5b2023-02-07 15:09:48.095root 11241100x8000000000000000692585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e5603aa723bdb62023-02-07 15:09:48.095root 154100x8000000000000000692588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.114{ec244aba-69bc-63e2-6884-683c8c550000}6101/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000692589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.130{ec244aba-69bc-63e2-6884-683c8c550000}6101/bin/psroot 11241100x8000000000000000692592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e18df68cea241ea2023-02-07 15:09:48.595root 11241100x8000000000000000692591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9ac6a875786ea62023-02-07 15:09:48.595root 11241100x8000000000000000692590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e4a26518aff6ee2023-02-07 15:09:48.595root 11241100x8000000000000000692594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede88aee4c5330e22023-02-07 15:09:48.596root 11241100x8000000000000000692593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96be49fb4a5b54a2023-02-07 15:09:48.596root 11241100x8000000000000000692598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5390667c5b6438e2023-02-07 15:09:49.095root 11241100x8000000000000000692597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeea0a929b137ec2023-02-07 15:09:49.095root 11241100x8000000000000000692596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccff027697183e32023-02-07 15:09:49.095root 11241100x8000000000000000692595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcefd33d3c5f24ff2023-02-07 15:09:49.095root 11241100x8000000000000000692599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a04c025bc2464832023-02-07 15:09:49.096root 11241100x8000000000000000692603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8e950a13a31a372023-02-07 15:09:49.595root 11241100x8000000000000000692602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50936baa65d4bce22023-02-07 15:09:49.595root 11241100x8000000000000000692601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02896eb4dd17bcd62023-02-07 15:09:49.595root 11241100x8000000000000000692600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7b9747fb85b1f52023-02-07 15:09:49.595root 11241100x8000000000000000692604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372c4d1643552f9f2023-02-07 15:09:49.596root 11241100x8000000000000000692605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3db6b9f6133c52023-02-07 15:09:50.095root 11241100x8000000000000000692609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525b33155d39ace62023-02-07 15:09:50.096root 11241100x8000000000000000692608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51b927cee494b4d2023-02-07 15:09:50.096root 11241100x8000000000000000692607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7708332bcf26121c2023-02-07 15:09:50.096root 11241100x8000000000000000692606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7157cd57218450222023-02-07 15:09:50.096root 11241100x8000000000000000692613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52e55c4d304a962023-02-07 15:09:50.595root 11241100x8000000000000000692612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a45e4ff25ddcdef2023-02-07 15:09:50.595root 11241100x8000000000000000692611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46524a3c71a9a8e2023-02-07 15:09:50.595root 11241100x8000000000000000692610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afee6c76c4f68a62023-02-07 15:09:50.595root 11241100x8000000000000000692614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a4824eb29560c62023-02-07 15:09:50.596root 11241100x8000000000000000692617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c829dac0aafe27cd2023-02-07 15:09:51.095root 11241100x8000000000000000692616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a232febf3e3c8c222023-02-07 15:09:51.095root 11241100x8000000000000000692615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398a0e13ce427d02023-02-07 15:09:51.095root 11241100x8000000000000000692619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f988b2202b1549eb2023-02-07 15:09:51.096root 11241100x8000000000000000692618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6fc1a420400a632023-02-07 15:09:51.096root 11241100x8000000000000000692624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb67bcb32e38bf4d2023-02-07 15:09:51.595root 11241100x8000000000000000692623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23d1b722bf323132023-02-07 15:09:51.595root 11241100x8000000000000000692622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f39c5c6f3f08332023-02-07 15:09:51.595root 11241100x8000000000000000692621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476ef5cfce1fa6892023-02-07 15:09:51.595root 11241100x8000000000000000692620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8e60333c03d49d2023-02-07 15:09:51.595root 11241100x8000000000000000692629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f336326a8b0c75472023-02-07 15:09:52.095root 11241100x8000000000000000692628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849c45b4268f9e612023-02-07 15:09:52.095root 11241100x8000000000000000692627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bab01f401175b9a2023-02-07 15:09:52.095root 11241100x8000000000000000692626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1832c83a4d9f66e02023-02-07 15:09:52.095root 11241100x8000000000000000692625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9bd66a64fefdc42023-02-07 15:09:52.095root 11241100x8000000000000000692634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f389a42fff9273942023-02-07 15:09:52.595root 11241100x8000000000000000692633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5575bb6fda6e792023-02-07 15:09:52.595root 11241100x8000000000000000692632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fedf72d34c231452023-02-07 15:09:52.595root 11241100x8000000000000000692631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577a1ece0ffab95f2023-02-07 15:09:52.595root 11241100x8000000000000000692630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71792ca1cd3275f62023-02-07 15:09:52.595root 11241100x8000000000000000692639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde6e27a455fac402023-02-07 15:09:53.095root 11241100x8000000000000000692638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfc4e1b4f0467812023-02-07 15:09:53.095root 11241100x8000000000000000692637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccbd2a729ad66092023-02-07 15:09:53.095root 11241100x8000000000000000692636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bed77b95827f6b2023-02-07 15:09:53.095root 11241100x8000000000000000692635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6514b2bc553afb62023-02-07 15:09:53.095root 354300x8000000000000000692640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.229{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47792-false10.0.1.12-8000- 11241100x8000000000000000692641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c521d7b5106c8b2023-02-07 15:09:53.595root 11241100x8000000000000000692644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49b64d3e1b343622023-02-07 15:09:53.596root 11241100x8000000000000000692643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6c3f731fff04a2023-02-07 15:09:53.596root 11241100x8000000000000000692642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a61d77b792986632023-02-07 15:09:53.596root 11241100x8000000000000000692646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21a5528d464f8532023-02-07 15:09:53.597root 11241100x8000000000000000692645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79db6f09ed15f0f2023-02-07 15:09:53.597root 11241100x8000000000000000692651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0605417fe1fde1fd2023-02-07 15:09:54.095root 11241100x8000000000000000692650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18535eb164a8035e2023-02-07 15:09:54.095root 11241100x8000000000000000692649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2bff27211487d42023-02-07 15:09:54.095root 11241100x8000000000000000692648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1561c4a285b532802023-02-07 15:09:54.095root 11241100x8000000000000000692647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a2b30c1d441bdd2023-02-07 15:09:54.095root 11241100x8000000000000000692652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c275d008900492023-02-07 15:09:54.096root 11241100x8000000000000000692657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a80e8caf0dd91652023-02-07 15:09:54.595root 11241100x8000000000000000692656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d45e96f390d083b2023-02-07 15:09:54.595root 11241100x8000000000000000692655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a278347c0831d722023-02-07 15:09:54.595root 11241100x8000000000000000692654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87f7ada48b36e702023-02-07 15:09:54.595root 11241100x8000000000000000692653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd957ffc7b606c2023-02-07 15:09:54.595root 11241100x8000000000000000692658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af652e4f83fbe7822023-02-07 15:09:54.596root 11241100x8000000000000000692659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:54.732{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:09:54.732root 11241100x8000000000000000692664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d76f8c038385f892023-02-07 15:09:55.095root 11241100x8000000000000000692663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16d533c22d0611b2023-02-07 15:09:55.095root 11241100x8000000000000000692662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88012031688ae1292023-02-07 15:09:55.095root 11241100x8000000000000000692661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3bba9bd11cae82023-02-07 15:09:55.095root 11241100x8000000000000000692660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587ecfe51ba7cce92023-02-07 15:09:55.095root 11241100x8000000000000000692666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556d342d2163101b2023-02-07 15:09:55.096root 11241100x8000000000000000692665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610ebe910bf1becf2023-02-07 15:09:55.096root 11241100x8000000000000000692668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d407ca713a10a4ce2023-02-07 15:09:55.595root 11241100x8000000000000000692667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4195859ffea4a49f2023-02-07 15:09:55.595root 11241100x8000000000000000692672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c6df80fcd92d942023-02-07 15:09:55.596root 11241100x8000000000000000692671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e995133cfd5e24a72023-02-07 15:09:55.596root 11241100x8000000000000000692670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709647e346df16c92023-02-07 15:09:55.596root 11241100x8000000000000000692669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0190f5a88e81043a2023-02-07 15:09:55.596root 11241100x8000000000000000692673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ea327d9e1e6dc82023-02-07 15:09:55.597root 11241100x8000000000000000692680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da488ff50b848f82023-02-07 15:09:56.095root 11241100x8000000000000000692679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5af78f11047d972023-02-07 15:09:56.095root 11241100x8000000000000000692678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754ede342bf192ce2023-02-07 15:09:56.095root 11241100x8000000000000000692677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae44d787f40566982023-02-07 15:09:56.095root 11241100x8000000000000000692676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4d0926010a02662023-02-07 15:09:56.095root 11241100x8000000000000000692675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c3b1de05cdac32023-02-07 15:09:56.095root 11241100x8000000000000000692674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd1c073ee4fe51c2023-02-07 15:09:56.095root 11241100x8000000000000000692683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaa5a2814e2774d2023-02-07 15:09:56.595root 11241100x8000000000000000692682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3791d9f3599732432023-02-07 15:09:56.595root 11241100x8000000000000000692681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0725bd5bddd68d2023-02-07 15:09:56.595root 11241100x8000000000000000692687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073c26df1ca768e52023-02-07 15:09:56.596root 11241100x8000000000000000692686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb680e522b5498462023-02-07 15:09:56.596root 11241100x8000000000000000692685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32705f55cb6d701d2023-02-07 15:09:56.596root 11241100x8000000000000000692684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf52d9cb8b634df2023-02-07 15:09:56.596root 11241100x8000000000000000692689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab95cb28661e51d32023-02-07 15:09:57.095root 11241100x8000000000000000692688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940421c6da5e29872023-02-07 15:09:57.095root 11241100x8000000000000000692694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbe002e8514b6c82023-02-07 15:09:57.096root 11241100x8000000000000000692693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0633baf1245e4a2023-02-07 15:09:57.096root 11241100x8000000000000000692692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28237d8d3c85ea52023-02-07 15:09:57.096root 11241100x8000000000000000692691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edddac9968cb0602023-02-07 15:09:57.096root 11241100x8000000000000000692690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef94e03ba9da93272023-02-07 15:09:57.096root 11241100x8000000000000000692700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda3922a40a93562023-02-07 15:09:57.595root 11241100x8000000000000000692699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522553e515dca7192023-02-07 15:09:57.595root 11241100x8000000000000000692698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca311184ff58b1c2023-02-07 15:09:57.595root 11241100x8000000000000000692697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f96bd2b64a89562023-02-07 15:09:57.595root 11241100x8000000000000000692696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f74435d43508fad2023-02-07 15:09:57.595root 11241100x8000000000000000692695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1416664467d3522023-02-07 15:09:57.595root 11241100x8000000000000000692701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d5a53f6783f96d2023-02-07 15:09:57.596root 23542300x8000000000000000692702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:57.733{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000692708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f8371ede961b202023-02-07 15:09:58.095root 11241100x8000000000000000692707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e40d53c939d6e2d2023-02-07 15:09:58.095root 11241100x8000000000000000692706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fd0fc4b9721f1c2023-02-07 15:09:58.095root 11241100x8000000000000000692705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f3ae31cf383fbc2023-02-07 15:09:58.095root 11241100x8000000000000000692704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363576266ba4ea0d2023-02-07 15:09:58.095root 11241100x8000000000000000692703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bcf99e3185b9f22023-02-07 15:09:58.095root 11241100x8000000000000000692710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500a84b4c1b71dd2023-02-07 15:09:58.096root 11241100x8000000000000000692709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580b7fbfc7ae5d852023-02-07 15:09:58.096root 11241100x8000000000000000692714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd58c8aa201e8aa2023-02-07 15:09:58.595root 11241100x8000000000000000692713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdce9ec29144a272023-02-07 15:09:58.595root 11241100x8000000000000000692712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ae7b847ca63a7b2023-02-07 15:09:58.595root 11241100x8000000000000000692711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689b3b863dc6e3da2023-02-07 15:09:58.595root 11241100x8000000000000000692718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11618db09d7e86722023-02-07 15:09:58.596root 11241100x8000000000000000692717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9732ba0c3b59d8022023-02-07 15:09:58.596root 11241100x8000000000000000692716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9fe1f61205a6da2023-02-07 15:09:58.596root 11241100x8000000000000000692715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108094327f9e577f2023-02-07 15:09:58.596root 11241100x8000000000000000692722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2d754fe19027ee2023-02-07 15:09:59.095root 11241100x8000000000000000692721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4446b059366697812023-02-07 15:09:59.095root 11241100x8000000000000000692720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f14538c9ed84cc2023-02-07 15:09:59.095root 11241100x8000000000000000692719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e66b65161782802023-02-07 15:09:59.095root 11241100x8000000000000000692726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf96f7886e218a32023-02-07 15:09:59.096root 11241100x8000000000000000692725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b86f0b2120c4ec2023-02-07 15:09:59.096root 11241100x8000000000000000692724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca473d01bb0d88e2023-02-07 15:09:59.096root 11241100x8000000000000000692723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4772b9507720c2c2023-02-07 15:09:59.096root 354300x8000000000000000692727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.170{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41918-false10.0.1.12-8000- 11241100x8000000000000000692730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70ec63f12ccc9b92023-02-07 15:09:59.595root 11241100x8000000000000000692729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25036333bb52b32023-02-07 15:09:59.595root 11241100x8000000000000000692728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c72000772472c012023-02-07 15:09:59.595root 11241100x8000000000000000692736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59515711704a4442023-02-07 15:09:59.596root 11241100x8000000000000000692735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff158ebdc8062992023-02-07 15:09:59.596root 11241100x8000000000000000692734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f7d6e0941dae3f2023-02-07 15:09:59.596root 11241100x8000000000000000692733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92e6d63d26902022023-02-07 15:09:59.596root 11241100x8000000000000000692732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00773cb85a1a78f32023-02-07 15:09:59.596root 11241100x8000000000000000692731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:09:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610ae00c6270ff82023-02-07 15:09:59.596root 11241100x8000000000000000692738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a0e4c5e9b0de5b2023-02-07 15:10:00.095root 11241100x8000000000000000692737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b440cd0d9f8c53d02023-02-07 15:10:00.095root 11241100x8000000000000000692745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c54e62443c6aae2023-02-07 15:10:00.096root 11241100x8000000000000000692744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310129b8ee30bd032023-02-07 15:10:00.096root 11241100x8000000000000000692743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a350ff823d65e402023-02-07 15:10:00.096root 11241100x8000000000000000692742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24aaae3aabc507322023-02-07 15:10:00.096root 11241100x8000000000000000692741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43a463a570f3f02023-02-07 15:10:00.096root 11241100x8000000000000000692740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd31ba488c2902312023-02-07 15:10:00.096root 11241100x8000000000000000692739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8638198cbd99e2272023-02-07 15:10:00.096root 11241100x8000000000000000692748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f1abe5e7bb955f2023-02-07 15:10:00.595root 11241100x8000000000000000692747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430ee1bfb21b9a3f2023-02-07 15:10:00.595root 11241100x8000000000000000692746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dac5740aa226942023-02-07 15:10:00.595root 11241100x8000000000000000692754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3591b43ea95570882023-02-07 15:10:00.596root 11241100x8000000000000000692753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3350fad8c98c3232023-02-07 15:10:00.596root 11241100x8000000000000000692752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f943f5ce0154ae32023-02-07 15:10:00.596root 11241100x8000000000000000692751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d61119c7715534c2023-02-07 15:10:00.596root 11241100x8000000000000000692750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba988b8bfc9b1fd42023-02-07 15:10:00.596root 11241100x8000000000000000692749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a391d01d37b5fa972023-02-07 15:10:00.596root 11241100x8000000000000000692757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8435611d2b5ff2023-02-07 15:10:01.095root 11241100x8000000000000000692756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b06dc70237a7dc2023-02-07 15:10:01.095root 11241100x8000000000000000692755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba06a9d2fb31d5732023-02-07 15:10:01.095root 11241100x8000000000000000692763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27609754220aed322023-02-07 15:10:01.096root 11241100x8000000000000000692762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e15eb9424f940872023-02-07 15:10:01.096root 11241100x8000000000000000692761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bfc26eedfb33342023-02-07 15:10:01.096root 11241100x8000000000000000692760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fee36e24782fdc82023-02-07 15:10:01.096root 11241100x8000000000000000692759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8d332963da4be22023-02-07 15:10:01.096root 11241100x8000000000000000692758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54db397562a35b12023-02-07 15:10:01.096root 11241100x8000000000000000692766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3c10825eb500782023-02-07 15:10:01.595root 11241100x8000000000000000692765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787324674953cf262023-02-07 15:10:01.595root 11241100x8000000000000000692764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc7c44b877575172023-02-07 15:10:01.595root 11241100x8000000000000000692772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688084e763b82e782023-02-07 15:10:01.596root 11241100x8000000000000000692771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df01305b7cf120d42023-02-07 15:10:01.596root 11241100x8000000000000000692770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27258a23cee9c552023-02-07 15:10:01.596root 11241100x8000000000000000692769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886bd162229000bd2023-02-07 15:10:01.596root 11241100x8000000000000000692768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579f4f108fc1a1e2023-02-07 15:10:01.596root 11241100x8000000000000000692767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d37f576a3f4180b2023-02-07 15:10:01.596root 11241100x8000000000000000692775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d2c046d726eade2023-02-07 15:10:02.095root 11241100x8000000000000000692774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b762c1ee0d3f175d2023-02-07 15:10:02.095root 11241100x8000000000000000692773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4ad9d44edcb0632023-02-07 15:10:02.095root 11241100x8000000000000000692781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1a12f0326dc8f92023-02-07 15:10:02.096root 11241100x8000000000000000692780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271298101d4289f92023-02-07 15:10:02.096root 11241100x8000000000000000692779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dbaed4c9888ccd2023-02-07 15:10:02.096root 11241100x8000000000000000692778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a615cbfb9621932023-02-07 15:10:02.096root 11241100x8000000000000000692777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec7eea0eb6ca7e2023-02-07 15:10:02.096root 11241100x8000000000000000692776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5ac1441d53d6eb2023-02-07 15:10:02.096root 11241100x8000000000000000692784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800e4a6d338b0a9f2023-02-07 15:10:02.595root 11241100x8000000000000000692783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfc40ea4ddd6fc32023-02-07 15:10:02.595root 11241100x8000000000000000692782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039cae9d73890adf2023-02-07 15:10:02.595root 11241100x8000000000000000692789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f900b5c99d00ab032023-02-07 15:10:02.596root 11241100x8000000000000000692788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d4585507f026742023-02-07 15:10:02.596root 11241100x8000000000000000692787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d2ab50f0de82fa2023-02-07 15:10:02.596root 11241100x8000000000000000692786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad871da70d596e7a2023-02-07 15:10:02.596root 11241100x8000000000000000692785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bfa396b3f8f5302023-02-07 15:10:02.596root 11241100x8000000000000000692790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4225f5b5f2382a42023-02-07 15:10:02.597root 11241100x8000000000000000692795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be64d602f6cec9c42023-02-07 15:10:03.096root 11241100x8000000000000000692794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8491f70e35d29d42023-02-07 15:10:03.096root 11241100x8000000000000000692793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc98fe6664c9fd52023-02-07 15:10:03.096root 11241100x8000000000000000692792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ffa01c54ca7102023-02-07 15:10:03.096root 11241100x8000000000000000692791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5838999b9375f172023-02-07 15:10:03.096root 11241100x8000000000000000692799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15315f9eab10e1d42023-02-07 15:10:03.097root 11241100x8000000000000000692798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63518c13ad5d2f42023-02-07 15:10:03.097root 11241100x8000000000000000692797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faf319ca0abfb742023-02-07 15:10:03.097root 11241100x8000000000000000692796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3929151976835642023-02-07 15:10:03.097root 11241100x8000000000000000692803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126c5cc154b18ea22023-02-07 15:10:03.595root 11241100x8000000000000000692802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dd028cf3e2467a2023-02-07 15:10:03.595root 11241100x8000000000000000692801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f6212c07d894dc2023-02-07 15:10:03.595root 11241100x8000000000000000692800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023efff839485e202023-02-07 15:10:03.595root 11241100x8000000000000000692807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ec9b24bad68eb2023-02-07 15:10:03.596root 11241100x8000000000000000692806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855562d2e4e030ec2023-02-07 15:10:03.596root 11241100x8000000000000000692805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea27beb985c9d872023-02-07 15:10:03.596root 11241100x8000000000000000692804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e02e872f531d9a2023-02-07 15:10:03.596root 11241100x8000000000000000692808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346e311090309ed02023-02-07 15:10:03.597root 11241100x8000000000000000692811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a44cede1847cf302023-02-07 15:10:04.095root 11241100x8000000000000000692810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5530faba42f218b92023-02-07 15:10:04.095root 11241100x8000000000000000692809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6793664878ff417d2023-02-07 15:10:04.095root 11241100x8000000000000000692817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60930d6ffb00c292023-02-07 15:10:04.096root 11241100x8000000000000000692816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97d948f7c0d4f552023-02-07 15:10:04.096root 11241100x8000000000000000692815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fc76b849c5968e2023-02-07 15:10:04.096root 11241100x8000000000000000692814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7861cb1bdf31bc42023-02-07 15:10:04.096root 11241100x8000000000000000692813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d502ca07f6deb02023-02-07 15:10:04.096root 11241100x8000000000000000692812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da72e11e963efa12023-02-07 15:10:04.096root 354300x8000000000000000692818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.204{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41932-false10.0.1.12-8000- 11241100x8000000000000000692822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eedc02d15820a792023-02-07 15:10:04.595root 11241100x8000000000000000692821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63373e5b24f4555f2023-02-07 15:10:04.595root 11241100x8000000000000000692820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897f6f71ecd61a922023-02-07 15:10:04.595root 11241100x8000000000000000692819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7be816811bc9ad2023-02-07 15:10:04.595root 11241100x8000000000000000692828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700d9f6c8b0e835b2023-02-07 15:10:04.596root 11241100x8000000000000000692827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c8d8f37bf47902023-02-07 15:10:04.596root 11241100x8000000000000000692826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071636fee49ae22f2023-02-07 15:10:04.596root 11241100x8000000000000000692825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979e70c0134d0f52023-02-07 15:10:04.596root 11241100x8000000000000000692824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706167036a0016fd2023-02-07 15:10:04.596root 11241100x8000000000000000692823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d91b54d89b7ea122023-02-07 15:10:04.596root 11241100x8000000000000000692829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ee97d2fcf136a42023-02-07 15:10:05.095root 11241100x8000000000000000692833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a036ba71ddc808e02023-02-07 15:10:05.096root 11241100x8000000000000000692832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695ecf55350cd0b2023-02-07 15:10:05.096root 11241100x8000000000000000692831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43007f1b66431f12023-02-07 15:10:05.096root 11241100x8000000000000000692830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e69a75ee27c2aa92023-02-07 15:10:05.096root 11241100x8000000000000000692838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2400c1c1fe34622023-02-07 15:10:05.097root 11241100x8000000000000000692837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccdc622973b58612023-02-07 15:10:05.097root 11241100x8000000000000000692836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441dae976ee103d2023-02-07 15:10:05.097root 11241100x8000000000000000692835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfa1237d69db75e2023-02-07 15:10:05.097root 11241100x8000000000000000692834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458a4a079cfe7c122023-02-07 15:10:05.097root 11241100x8000000000000000692840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd410d19972267992023-02-07 15:10:05.595root 11241100x8000000000000000692839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b6a72f04c517a2023-02-07 15:10:05.595root 11241100x8000000000000000692844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3743bd35ad4febd2023-02-07 15:10:05.596root 11241100x8000000000000000692843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b43950215f136f2023-02-07 15:10:05.596root 11241100x8000000000000000692842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b50474fa7e7d8e32023-02-07 15:10:05.596root 11241100x8000000000000000692841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6d61ceae46b3552023-02-07 15:10:05.596root 11241100x8000000000000000692848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a371c1911f5b17802023-02-07 15:10:05.597root 11241100x8000000000000000692847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af3eca86cafaf892023-02-07 15:10:05.597root 11241100x8000000000000000692846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86853ad98e73cd12023-02-07 15:10:05.597root 11241100x8000000000000000692845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e1997aa2411712023-02-07 15:10:05.597root 11241100x8000000000000000692850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500c3d6eca6eb722023-02-07 15:10:06.095root 11241100x8000000000000000692849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a1f21487a4d5a72023-02-07 15:10:06.095root 11241100x8000000000000000692853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c103d62900ec4752023-02-07 15:10:06.096root 11241100x8000000000000000692852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb611a6f70830422023-02-07 15:10:06.096root 11241100x8000000000000000692851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff89af05f88b0a432023-02-07 15:10:06.096root 11241100x8000000000000000692856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a82ece6dd5139d52023-02-07 15:10:06.097root 11241100x8000000000000000692855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53840c6cdafe06822023-02-07 15:10:06.097root 11241100x8000000000000000692854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b05d5477572e3b2023-02-07 15:10:06.097root 11241100x8000000000000000692858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd7ab7a933bb65c2023-02-07 15:10:06.098root 11241100x8000000000000000692857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277b58ac35abc87b2023-02-07 15:10:06.098root 11241100x8000000000000000692860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93753451fe45894c2023-02-07 15:10:06.595root 11241100x8000000000000000692859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d064f3eab2b6e2023-02-07 15:10:06.595root 11241100x8000000000000000692864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec0736041ad15c12023-02-07 15:10:06.596root 11241100x8000000000000000692863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794eee48acc5d6272023-02-07 15:10:06.596root 11241100x8000000000000000692862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d76bace8823c382023-02-07 15:10:06.596root 11241100x8000000000000000692861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795b9299f314e832023-02-07 15:10:06.596root 11241100x8000000000000000692868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4643654afca7ace2023-02-07 15:10:06.597root 11241100x8000000000000000692867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e96e93d01752e62023-02-07 15:10:06.597root 11241100x8000000000000000692866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17e56ad98a373f02023-02-07 15:10:06.597root 11241100x8000000000000000692865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d8e033f7228fe82023-02-07 15:10:06.597root 11241100x8000000000000000692871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33f22be73887ede2023-02-07 15:10:07.095root 11241100x8000000000000000692870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6153fbb4b20361e2023-02-07 15:10:07.095root 11241100x8000000000000000692869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b724fa2084d48a2023-02-07 15:10:07.095root 11241100x8000000000000000692875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6963f4aaf04896e82023-02-07 15:10:07.096root 11241100x8000000000000000692874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f333fb8899ea4f642023-02-07 15:10:07.096root 11241100x8000000000000000692873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c850bf5c486c582023-02-07 15:10:07.096root 11241100x8000000000000000692872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02bc02e475568e2023-02-07 15:10:07.096root 11241100x8000000000000000692878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aeef1430bf4ad32023-02-07 15:10:07.097root 11241100x8000000000000000692877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bfaf22e2b3fbad2023-02-07 15:10:07.097root 11241100x8000000000000000692876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea401e545e4e5f2023-02-07 15:10:07.097root 11241100x8000000000000000692883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee719c6a8c3aa0212023-02-07 15:10:07.595root 11241100x8000000000000000692882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641b80455d560082023-02-07 15:10:07.595root 11241100x8000000000000000692881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790b3689c06df512023-02-07 15:10:07.595root 11241100x8000000000000000692880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc1c635c5b13202023-02-07 15:10:07.595root 11241100x8000000000000000692879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03d120412fc12d2023-02-07 15:10:07.595root 11241100x8000000000000000692890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a358e7bd8f3ece2023-02-07 15:10:07.596root 11241100x8000000000000000692889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7094f3b2352ad932023-02-07 15:10:07.596root 11241100x8000000000000000692888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab8d241383c8972023-02-07 15:10:07.596root 11241100x8000000000000000692887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97e476ffd810d892023-02-07 15:10:07.596root 11241100x8000000000000000692886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9b2b76c2d88fe2023-02-07 15:10:07.596root 11241100x8000000000000000692885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a2e916f6b55b3c2023-02-07 15:10:07.596root 11241100x8000000000000000692884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8c2ceca5acad4d2023-02-07 15:10:07.596root 11241100x8000000000000000692893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f719c85ee0bbe382023-02-07 15:10:08.095root 11241100x8000000000000000692892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa85b22d95358062023-02-07 15:10:08.095root 11241100x8000000000000000692891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eb8783c1b996a62023-02-07 15:10:08.095root 11241100x8000000000000000692899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b9b7f76a29b3122023-02-07 15:10:08.096root 11241100x8000000000000000692898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaae0e89bfa2a302023-02-07 15:10:08.096root 11241100x8000000000000000692897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7f7c6f7d4543382023-02-07 15:10:08.096root 11241100x8000000000000000692896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864de45c092c65a2023-02-07 15:10:08.096root 11241100x8000000000000000692895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbad0b807cf8763e2023-02-07 15:10:08.096root 11241100x8000000000000000692894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f4f702431dc452023-02-07 15:10:08.096root 11241100x8000000000000000692900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c650156e684357c2023-02-07 15:10:08.097root 11241100x8000000000000000692902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062791004a51151b2023-02-07 15:10:08.595root 11241100x8000000000000000692901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa7cde49ee034fc2023-02-07 15:10:08.595root 11241100x8000000000000000692909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1493bd0c2a23e7542023-02-07 15:10:08.596root 11241100x8000000000000000692908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5a39d2c2f4dab32023-02-07 15:10:08.596root 11241100x8000000000000000692907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2500e6fc05179232023-02-07 15:10:08.596root 11241100x8000000000000000692906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7cbf46e4bc77b72023-02-07 15:10:08.596root 11241100x8000000000000000692905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4795279c7fb4968d2023-02-07 15:10:08.596root 11241100x8000000000000000692904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d7cc11b3b45a112023-02-07 15:10:08.596root 11241100x8000000000000000692903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcd61461c78899c2023-02-07 15:10:08.596root 11241100x8000000000000000692910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58a1e9019fbd16d2023-02-07 15:10:08.597root 11241100x8000000000000000692912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a06d52e08855462023-02-07 15:10:09.095root 11241100x8000000000000000692911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f15679077fd23d2023-02-07 15:10:09.095root 11241100x8000000000000000692919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcdfee8a510e7962023-02-07 15:10:09.096root 11241100x8000000000000000692918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5453965e09a2d282023-02-07 15:10:09.096root 11241100x8000000000000000692917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f874b9f534579e12023-02-07 15:10:09.096root 11241100x8000000000000000692916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744cacc492624c282023-02-07 15:10:09.096root 11241100x8000000000000000692915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ebf77ca202c6ec2023-02-07 15:10:09.096root 11241100x8000000000000000692914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0736ae13c5836d752023-02-07 15:10:09.096root 11241100x8000000000000000692913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ad361b988390072023-02-07 15:10:09.096root 11241100x8000000000000000692920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80151f23a1ffe80d2023-02-07 15:10:09.097root 354300x8000000000000000692921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.215{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37328-false10.0.1.12-8000- 11241100x8000000000000000692927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe6172e567efa22023-02-07 15:10:09.595root 11241100x8000000000000000692926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c492c33d641a9b2d2023-02-07 15:10:09.595root 11241100x8000000000000000692925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9978caf478ccf73d2023-02-07 15:10:09.595root 11241100x8000000000000000692924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14ac04501e7a40c2023-02-07 15:10:09.595root 11241100x8000000000000000692923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace20333fc0dfd8d2023-02-07 15:10:09.595root 11241100x8000000000000000692922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7776c6c1162b8acd2023-02-07 15:10:09.595root 11241100x8000000000000000692932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d89cdc5ada7c2c22023-02-07 15:10:09.596root 11241100x8000000000000000692931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7801ce73079c0ed72023-02-07 15:10:09.596root 11241100x8000000000000000692930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8f13f77467cda02023-02-07 15:10:09.596root 11241100x8000000000000000692929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844116f99c5cfa972023-02-07 15:10:09.596root 11241100x8000000000000000692928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8d895c0a639fb92023-02-07 15:10:09.596root 11241100x8000000000000000692934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de15720b9945c8a12023-02-07 15:10:10.095root 11241100x8000000000000000692933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734cfc33819e58d62023-02-07 15:10:10.095root 11241100x8000000000000000692943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fe1e10fcc101092023-02-07 15:10:10.096root 11241100x8000000000000000692942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddde1739afa6ac72023-02-07 15:10:10.096root 11241100x8000000000000000692941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5bc66b2c60ee3a2023-02-07 15:10:10.096root 11241100x8000000000000000692940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d29c37fed80aae2023-02-07 15:10:10.096root 11241100x8000000000000000692939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bed700473b8c4c2023-02-07 15:10:10.096root 11241100x8000000000000000692938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001994eb3ef9c5332023-02-07 15:10:10.096root 11241100x8000000000000000692937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bce60a8d3c25d482023-02-07 15:10:10.096root 11241100x8000000000000000692936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e788305111c1ac42023-02-07 15:10:10.096root 11241100x8000000000000000692935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8771d3895dbaaf2023-02-07 15:10:10.096root 11241100x8000000000000000692945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa83339be863f482023-02-07 15:10:10.097root 11241100x8000000000000000692944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a623d22669837632023-02-07 15:10:10.097root 11241100x8000000000000000692949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0926f63de6c7027e2023-02-07 15:10:10.595root 11241100x8000000000000000692948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7095dfb6ce0b25002023-02-07 15:10:10.595root 11241100x8000000000000000692947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b761ff329323e8b2023-02-07 15:10:10.595root 11241100x8000000000000000692946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9750cac738d65ca22023-02-07 15:10:10.595root 11241100x8000000000000000692956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6239244df00ba8552023-02-07 15:10:10.596root 11241100x8000000000000000692955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6b13a8d83537752023-02-07 15:10:10.596root 11241100x8000000000000000692954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfdf6e11d6e77cc2023-02-07 15:10:10.596root 11241100x8000000000000000692953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cf4b78fb27a68c2023-02-07 15:10:10.596root 11241100x8000000000000000692952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bbf95870807a902023-02-07 15:10:10.596root 11241100x8000000000000000692951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa41d7c179373ef52023-02-07 15:10:10.596root 11241100x8000000000000000692950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73233663c79d4d202023-02-07 15:10:10.596root 11241100x8000000000000000692960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dfc3a92bb5e2f72023-02-07 15:10:11.095root 11241100x8000000000000000692959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdbac9cbbe420e72023-02-07 15:10:11.095root 11241100x8000000000000000692958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30a2e0d5e2e3b552023-02-07 15:10:11.095root 11241100x8000000000000000692957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c580bbb58c0a91e2023-02-07 15:10:11.095root 11241100x8000000000000000692966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b409ae09c937410a2023-02-07 15:10:11.096root 11241100x8000000000000000692965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcfd709205525302023-02-07 15:10:11.096root 11241100x8000000000000000692964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1a36ed83717e3a2023-02-07 15:10:11.096root 11241100x8000000000000000692963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652f96e46e232442023-02-07 15:10:11.096root 11241100x8000000000000000692962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218acb2d8e53e52f2023-02-07 15:10:11.096root 11241100x8000000000000000692961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed2d27dfb4556212023-02-07 15:10:11.096root 11241100x8000000000000000692967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc4ce615e23ea072023-02-07 15:10:11.097root 11241100x8000000000000000692970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3be96042570a5d22023-02-07 15:10:11.595root 11241100x8000000000000000692969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38be83a22e82ee02023-02-07 15:10:11.595root 11241100x8000000000000000692968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a922c622ae9cef502023-02-07 15:10:11.595root 11241100x8000000000000000692976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dfa8584b228cd02023-02-07 15:10:11.596root 11241100x8000000000000000692975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a9850d23e9b0ac2023-02-07 15:10:11.596root 11241100x8000000000000000692974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25790a11f243d62023-02-07 15:10:11.596root 11241100x8000000000000000692973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab1277f980ca162023-02-07 15:10:11.596root 11241100x8000000000000000692972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595c73539d6d7fa22023-02-07 15:10:11.596root 11241100x8000000000000000692971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce1998e817726ac2023-02-07 15:10:11.596root 11241100x8000000000000000692978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864aafb197ad57b32023-02-07 15:10:11.597root 11241100x8000000000000000692977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d13ba851d3e88692023-02-07 15:10:11.597root 11241100x8000000000000000692981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc700188933e5b32023-02-07 15:10:12.095root 11241100x8000000000000000692980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdef0f08b3176252023-02-07 15:10:12.095root 11241100x8000000000000000692979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2284bcbb0c1e60892023-02-07 15:10:12.095root 11241100x8000000000000000692987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24e02b5d7d76d952023-02-07 15:10:12.096root 11241100x8000000000000000692986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a32fec2fc284e62023-02-07 15:10:12.096root 11241100x8000000000000000692985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f02bda5041a2412023-02-07 15:10:12.096root 11241100x8000000000000000692984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9656b2f804a8d162023-02-07 15:10:12.096root 11241100x8000000000000000692983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2980a4236664f3a82023-02-07 15:10:12.096root 11241100x8000000000000000692982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26929e37782836cb2023-02-07 15:10:12.096root 11241100x8000000000000000692989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262cfcbba76708c22023-02-07 15:10:12.097root 11241100x8000000000000000692988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513d12a54aac3cfb2023-02-07 15:10:12.097root 11241100x8000000000000000692992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbb0af0008e763c2023-02-07 15:10:12.595root 11241100x8000000000000000692991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8226a4119683cb62023-02-07 15:10:12.595root 11241100x8000000000000000692990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a1bd048b5c95132023-02-07 15:10:12.595root 11241100x8000000000000000692998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97db2e6ab6c3bf7b2023-02-07 15:10:12.596root 11241100x8000000000000000692997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b763c75c52fce1a22023-02-07 15:10:12.596root 11241100x8000000000000000692996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca90255e8b56d422023-02-07 15:10:12.596root 11241100x8000000000000000692995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d686b33491cbff2023-02-07 15:10:12.596root 11241100x8000000000000000692994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32189bccd55409d2023-02-07 15:10:12.596root 11241100x8000000000000000692993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d121ca73f8c66fa02023-02-07 15:10:12.596root 11241100x8000000000000000693000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d7f09cfd972da92023-02-07 15:10:12.597root 11241100x8000000000000000692999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db9d863e355d3b32023-02-07 15:10:12.597root 11241100x8000000000000000693002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e996da206373fa2023-02-07 15:10:13.095root 11241100x8000000000000000693001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a0dabae92608132023-02-07 15:10:13.095root 11241100x8000000000000000693006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3afb3db7ad243a2023-02-07 15:10:13.096root 11241100x8000000000000000693005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b72fa682576ce2023-02-07 15:10:13.096root 11241100x8000000000000000693004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db3bbab88eb8742023-02-07 15:10:13.096root 11241100x8000000000000000693003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4b4caeda75aac72023-02-07 15:10:13.096root 11241100x8000000000000000693011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91700d68499960a12023-02-07 15:10:13.097root 11241100x8000000000000000693010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d320b8492c0cb42023-02-07 15:10:13.097root 11241100x8000000000000000693009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c81db43b02dc4462023-02-07 15:10:13.097root 11241100x8000000000000000693008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37a1d4c53c68b332023-02-07 15:10:13.097root 11241100x8000000000000000693007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7e46acbbb68ae92023-02-07 15:10:13.097root 11241100x8000000000000000693016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adebc0192b54698f2023-02-07 15:10:13.595root 11241100x8000000000000000693015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d40f2230544082023-02-07 15:10:13.595root 11241100x8000000000000000693014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b83fcc5b02b7f92023-02-07 15:10:13.595root 11241100x8000000000000000693013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59417b473bc77d822023-02-07 15:10:13.595root 11241100x8000000000000000693012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffe1b1b0c7c3b362023-02-07 15:10:13.595root 11241100x8000000000000000693022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0c5943779a5bca2023-02-07 15:10:13.596root 11241100x8000000000000000693021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df8cc7e679ba822023-02-07 15:10:13.596root 11241100x8000000000000000693020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e9d009a5f2bbb2023-02-07 15:10:13.596root 11241100x8000000000000000693019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6db5b1ca7efab722023-02-07 15:10:13.596root 11241100x8000000000000000693018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6a78b590acf7bc2023-02-07 15:10:13.596root 11241100x8000000000000000693017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c0ac14db514852023-02-07 15:10:13.596root 11241100x8000000000000000693027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3708c92a98f8a6b2023-02-07 15:10:14.095root 11241100x8000000000000000693026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f57561b5f221dbf2023-02-07 15:10:14.095root 11241100x8000000000000000693025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8331d2c68215cf172023-02-07 15:10:14.095root 11241100x8000000000000000693024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40d72161821d7212023-02-07 15:10:14.095root 11241100x8000000000000000693023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0dea2925136f752023-02-07 15:10:14.095root 11241100x8000000000000000693031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78fb6bc57ddf8882023-02-07 15:10:14.096root 11241100x8000000000000000693030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4c7e10cb2e06fd2023-02-07 15:10:14.096root 11241100x8000000000000000693029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116db0f1fe3dbf52023-02-07 15:10:14.096root 11241100x8000000000000000693028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50707bbb89a6666e2023-02-07 15:10:14.096root 11241100x8000000000000000693033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a392d149480a70c42023-02-07 15:10:14.097root 11241100x8000000000000000693032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17194518aad8ca32023-02-07 15:10:14.097root 354300x8000000000000000693034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.527{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-56222-false10.0.1.12-8089- 11241100x8000000000000000693038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fefb3f6859cdfa2023-02-07 15:10:14.528root 11241100x8000000000000000693037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a3f908988efa192023-02-07 15:10:14.528root 11241100x8000000000000000693036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab175c224fedca2023-02-07 15:10:14.528root 11241100x8000000000000000693035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.528{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713bf75ff1e4160e2023-02-07 15:10:14.528root 11241100x8000000000000000693045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be85ce76500fa3592023-02-07 15:10:14.529root 11241100x8000000000000000693044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215e79d4c140cdd52023-02-07 15:10:14.529root 11241100x8000000000000000693043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1d486a9d7fba062023-02-07 15:10:14.529root 11241100x8000000000000000693042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664d085faa17e5332023-02-07 15:10:14.529root 11241100x8000000000000000693041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21620dae0dca653a2023-02-07 15:10:14.529root 11241100x8000000000000000693040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e3ff27390e8e422023-02-07 15:10:14.529root 11241100x8000000000000000693039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.529{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9a50279f2afb6a2023-02-07 15:10:14.529root 11241100x8000000000000000693046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.530{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88524ea28d4428ab2023-02-07 15:10:14.530root 11241100x8000000000000000693048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edb7defe1abc4792023-02-07 15:10:14.845root 11241100x8000000000000000693047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca6a7fcae62fd952023-02-07 15:10:14.845root 11241100x8000000000000000693058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e97519266a808ee2023-02-07 15:10:14.846root 11241100x8000000000000000693057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927794214c598a252023-02-07 15:10:14.846root 11241100x8000000000000000693056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f074d7254f412efb2023-02-07 15:10:14.846root 11241100x8000000000000000693055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1421377efba5d732023-02-07 15:10:14.846root 11241100x8000000000000000693054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6629c1cb9495a7392023-02-07 15:10:14.846root 11241100x8000000000000000693053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61d629ba311ed162023-02-07 15:10:14.846root 11241100x8000000000000000693052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f0403dbd0734282023-02-07 15:10:14.846root 11241100x8000000000000000693051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a038beb0decd5b2023-02-07 15:10:14.846root 11241100x8000000000000000693050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89e6d9ff9544462023-02-07 15:10:14.846root 11241100x8000000000000000693049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904bf298ca8e85332023-02-07 15:10:14.846root 354300x8000000000000000693059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.055{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37340-false10.0.1.12-8000- 11241100x8000000000000000693063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1525f1cdcebd492023-02-07 15:10:15.346root 11241100x8000000000000000693062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d91b432dd613ca2023-02-07 15:10:15.346root 11241100x8000000000000000693061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a2dd1036b29ff72023-02-07 15:10:15.346root 11241100x8000000000000000693060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f413c78e9a2ae8d02023-02-07 15:10:15.346root 11241100x8000000000000000693069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335cd842b32e6cc72023-02-07 15:10:15.347root 11241100x8000000000000000693068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c468f9a825bff252023-02-07 15:10:15.347root 11241100x8000000000000000693067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dff703e3673a16a2023-02-07 15:10:15.347root 11241100x8000000000000000693066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad8e60b88fbfc672023-02-07 15:10:15.347root 11241100x8000000000000000693065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758ce414da5cff8d2023-02-07 15:10:15.347root 11241100x8000000000000000693064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541a34712827c7f42023-02-07 15:10:15.347root 11241100x8000000000000000693072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6d932e5a2339f2023-02-07 15:10:15.348root 11241100x8000000000000000693071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea93d29c6ba774fe2023-02-07 15:10:15.348root 11241100x8000000000000000693070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963f5b666bda9bac2023-02-07 15:10:15.348root 11241100x8000000000000000693073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab5bf3eb7eee1492023-02-07 15:10:15.845root 11241100x8000000000000000693080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7350ca32fe142762023-02-07 15:10:15.846root 11241100x8000000000000000693079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7c17cfd0b7d7842023-02-07 15:10:15.846root 11241100x8000000000000000693078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4167c8fa679b546a2023-02-07 15:10:15.846root 11241100x8000000000000000693077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90745518806511152023-02-07 15:10:15.846root 11241100x8000000000000000693076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01913a4f3e7111672023-02-07 15:10:15.846root 11241100x8000000000000000693075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791757fdb6f32caa2023-02-07 15:10:15.846root 11241100x8000000000000000693074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc40e487fe280dd62023-02-07 15:10:15.846root 11241100x8000000000000000693085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f600d9a4d7caa62023-02-07 15:10:15.847root 11241100x8000000000000000693084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ec405d152a722f2023-02-07 15:10:15.847root 11241100x8000000000000000693083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d3d2617f42af262023-02-07 15:10:15.847root 11241100x8000000000000000693082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da085475df72d61d2023-02-07 15:10:15.847root 11241100x8000000000000000693081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a853ccc52274d22023-02-07 15:10:15.847root 11241100x8000000000000000693092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba4da75171e828e2023-02-07 15:10:16.346root 11241100x8000000000000000693091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4199f7c1a215020f2023-02-07 15:10:16.346root 11241100x8000000000000000693090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c590bbf3bd3b5412023-02-07 15:10:16.346root 11241100x8000000000000000693089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323f30d9e543fe5c2023-02-07 15:10:16.346root 11241100x8000000000000000693088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c012b55c15fd2932023-02-07 15:10:16.346root 11241100x8000000000000000693087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2de633e2a4494822023-02-07 15:10:16.346root 11241100x8000000000000000693086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482d670c35365ee22023-02-07 15:10:16.346root 11241100x8000000000000000693098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842fdf070dede75a2023-02-07 15:10:16.348root 11241100x8000000000000000693097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac741158c0f3242023-02-07 15:10:16.348root 11241100x8000000000000000693096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593f0ec53ba81b52023-02-07 15:10:16.348root 11241100x8000000000000000693095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6e86c910130ccb2023-02-07 15:10:16.348root 11241100x8000000000000000693094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062c15220bd2fd722023-02-07 15:10:16.348root 11241100x8000000000000000693093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5878b19a00722e5e2023-02-07 15:10:16.348root 11241100x8000000000000000693099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac41d9e1db79b61b2023-02-07 15:10:16.845root 11241100x8000000000000000693106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72e6ce14c1cace52023-02-07 15:10:16.846root 11241100x8000000000000000693105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef5058aabb5c3be2023-02-07 15:10:16.846root 11241100x8000000000000000693104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42d377ff67e474d2023-02-07 15:10:16.846root 11241100x8000000000000000693103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2fd32b719c80cb2023-02-07 15:10:16.846root 11241100x8000000000000000693102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99db3364aaab1082023-02-07 15:10:16.846root 11241100x8000000000000000693101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80bbe47093151a42023-02-07 15:10:16.846root 11241100x8000000000000000693100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b041abd7a089f4932023-02-07 15:10:16.846root 11241100x8000000000000000693111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f4e60b4b9fe2be2023-02-07 15:10:16.847root 11241100x8000000000000000693110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e367223fc3fdfde2023-02-07 15:10:16.847root 11241100x8000000000000000693109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf38cc3d1cba7ba42023-02-07 15:10:16.847root 11241100x8000000000000000693108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a719d72537a07072023-02-07 15:10:16.847root 11241100x8000000000000000693107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad7ecebd0af6d072023-02-07 15:10:16.847root 11241100x8000000000000000693112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c6b50e07e82f8b2023-02-07 15:10:17.345root 11241100x8000000000000000693124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e178de4a71d92d712023-02-07 15:10:17.346root 11241100x8000000000000000693123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2651315778613f12023-02-07 15:10:17.346root 11241100x8000000000000000693122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c364a7c0eaf71402023-02-07 15:10:17.346root 11241100x8000000000000000693121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53afcc6f2ddd55932023-02-07 15:10:17.346root 11241100x8000000000000000693120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7cd194a00e61862023-02-07 15:10:17.346root 11241100x8000000000000000693119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12baede77ec4196f2023-02-07 15:10:17.346root 11241100x8000000000000000693118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525d3da8ce6c40aa2023-02-07 15:10:17.346root 11241100x8000000000000000693117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617da7558ccd84f92023-02-07 15:10:17.346root 11241100x8000000000000000693116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd0f789a245eb92023-02-07 15:10:17.346root 11241100x8000000000000000693115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad71c2e2b3514a462023-02-07 15:10:17.346root 11241100x8000000000000000693114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2dff1ca045851f2023-02-07 15:10:17.346root 11241100x8000000000000000693113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e9995b56aca0102023-02-07 15:10:17.346root 11241100x8000000000000000693125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128b3af1c3c922522023-02-07 15:10:17.845root 11241100x8000000000000000693136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c906029714e8fa2023-02-07 15:10:17.846root 11241100x8000000000000000693135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e049ae920d3b412023-02-07 15:10:17.846root 11241100x8000000000000000693134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1c5020fdff45632023-02-07 15:10:17.846root 11241100x8000000000000000693133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd454a04793b2afd2023-02-07 15:10:17.846root 11241100x8000000000000000693132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783aeeeed3ee3d52023-02-07 15:10:17.846root 11241100x8000000000000000693131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6264660c9d6ed9772023-02-07 15:10:17.846root 11241100x8000000000000000693130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f4436e9c8ce5c2023-02-07 15:10:17.846root 11241100x8000000000000000693129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550d4b16f05d2a932023-02-07 15:10:17.846root 11241100x8000000000000000693128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6efc83a06564ab2023-02-07 15:10:17.846root 11241100x8000000000000000693127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2476c4d0cf45e22023-02-07 15:10:17.846root 11241100x8000000000000000693126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3993665c26dee84b2023-02-07 15:10:17.846root 11241100x8000000000000000693137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f64459ecdcaea7c2023-02-07 15:10:17.847root 11241100x8000000000000000693139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5887495f9dea3802023-02-07 15:10:18.345root 11241100x8000000000000000693138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c904b1cbbf5cb22023-02-07 15:10:18.345root 11241100x8000000000000000693150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e5dc010bea6ada2023-02-07 15:10:18.346root 11241100x8000000000000000693149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eead4ab501fec82023-02-07 15:10:18.346root 11241100x8000000000000000693148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704d023c6b3903e2023-02-07 15:10:18.346root 11241100x8000000000000000693147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc95b1bb5d9fe872023-02-07 15:10:18.346root 11241100x8000000000000000693146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753d1c9593da622a2023-02-07 15:10:18.346root 11241100x8000000000000000693145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382503932cc00cb2023-02-07 15:10:18.346root 11241100x8000000000000000693144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc076fbef70939a2023-02-07 15:10:18.346root 11241100x8000000000000000693143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707e5562694a08e02023-02-07 15:10:18.346root 11241100x8000000000000000693142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bf3c775f8963d52023-02-07 15:10:18.346root 11241100x8000000000000000693141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c77f1566c64513d2023-02-07 15:10:18.346root 11241100x8000000000000000693140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc4356077ccb9192023-02-07 15:10:18.346root 11241100x8000000000000000693151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c5d5c71e98f6f52023-02-07 15:10:18.845root 11241100x8000000000000000693163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dddbd33d6f6fc382023-02-07 15:10:18.846root 11241100x8000000000000000693162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d01d6c16c2a3eb22023-02-07 15:10:18.846root 11241100x8000000000000000693161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb9a13848c06bd42023-02-07 15:10:18.846root 11241100x8000000000000000693160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4a3735d5d69aa82023-02-07 15:10:18.846root 11241100x8000000000000000693159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca18b7eb7128272023-02-07 15:10:18.846root 11241100x8000000000000000693158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1e16627ce74d252023-02-07 15:10:18.846root 11241100x8000000000000000693157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c638fea665364ba2023-02-07 15:10:18.846root 11241100x8000000000000000693156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aab4d038d7f2a1e2023-02-07 15:10:18.846root 11241100x8000000000000000693155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012baa48ad451f3a2023-02-07 15:10:18.846root 11241100x8000000000000000693154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f805d81380865d182023-02-07 15:10:18.846root 11241100x8000000000000000693153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc62f95c94e3a192023-02-07 15:10:18.846root 11241100x8000000000000000693152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62942ea5b50d82082023-02-07 15:10:18.846root 11241100x8000000000000000693164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f10504538e24592023-02-07 15:10:19.345root 11241100x8000000000000000693176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dd5b4e6913d9e02023-02-07 15:10:19.346root 11241100x8000000000000000693175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1175f781642fde2023-02-07 15:10:19.346root 11241100x8000000000000000693174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46bb0a2ecee7bed2023-02-07 15:10:19.346root 11241100x8000000000000000693173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70622ad15dc26c9a2023-02-07 15:10:19.346root 11241100x8000000000000000693172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d6094ecd8b3422023-02-07 15:10:19.346root 11241100x8000000000000000693171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329e6890a569be2d2023-02-07 15:10:19.346root 11241100x8000000000000000693170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fea61ee0a902772023-02-07 15:10:19.346root 11241100x8000000000000000693169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09ed399c7a6384a2023-02-07 15:10:19.346root 11241100x8000000000000000693168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed421a8863ec7b42023-02-07 15:10:19.346root 11241100x8000000000000000693167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3915406a802b3d2023-02-07 15:10:19.346root 11241100x8000000000000000693166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a98cdb5ab8e64e82023-02-07 15:10:19.346root 11241100x8000000000000000693165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca4cb2dc001d432023-02-07 15:10:19.346root 11241100x8000000000000000693177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93781affcbc1dd22023-02-07 15:10:19.845root 11241100x8000000000000000693189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22aee78ab4cedb42023-02-07 15:10:19.846root 11241100x8000000000000000693188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d791c70afcc97d2023-02-07 15:10:19.846root 11241100x8000000000000000693187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cddcb1b71324532023-02-07 15:10:19.846root 11241100x8000000000000000693186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f4edc586e6afe52023-02-07 15:10:19.846root 11241100x8000000000000000693185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f643c081a2ad59e2023-02-07 15:10:19.846root 11241100x8000000000000000693184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5e90714fd85b602023-02-07 15:10:19.846root 11241100x8000000000000000693183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c9ca5e21bec5ab2023-02-07 15:10:19.846root 11241100x8000000000000000693182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d7ae3afc0786822023-02-07 15:10:19.846root 11241100x8000000000000000693181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bdbc6442fbae312023-02-07 15:10:19.846root 11241100x8000000000000000693180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7265bab7ba276532023-02-07 15:10:19.846root 11241100x8000000000000000693179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4310cae029fca8c2023-02-07 15:10:19.846root 11241100x8000000000000000693178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba755fd195d449c2023-02-07 15:10:19.846root 354300x8000000000000000693190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.056{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56224-false10.0.1.12-8000- 11241100x8000000000000000693191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f6502088625eed2023-02-07 15:10:20.345root 11241100x8000000000000000693200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19012ae0e42ac0792023-02-07 15:10:20.346root 11241100x8000000000000000693199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a9208de26b7f042023-02-07 15:10:20.346root 11241100x8000000000000000693198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04574e361d26a5ab2023-02-07 15:10:20.346root 11241100x8000000000000000693197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088a5c5d52ca9d632023-02-07 15:10:20.346root 11241100x8000000000000000693196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922ffadc0cbd70862023-02-07 15:10:20.346root 11241100x8000000000000000693195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba12d79e352e9202023-02-07 15:10:20.346root 11241100x8000000000000000693194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9085b66400e2abb2023-02-07 15:10:20.346root 11241100x8000000000000000693193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f3906bf0edf6e72023-02-07 15:10:20.346root 11241100x8000000000000000693192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99119e06ae7359b2023-02-07 15:10:20.346root 11241100x8000000000000000693202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703c5d94bcf8632f2023-02-07 15:10:20.347root 11241100x8000000000000000693201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5deced033e6fdfd2023-02-07 15:10:20.347root 11241100x8000000000000000693204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a45846b55b5e17a2023-02-07 15:10:20.350root 11241100x8000000000000000693203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a62565c8b049262023-02-07 15:10:20.350root 11241100x8000000000000000693205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef67869be1f4fc7b2023-02-07 15:10:20.845root 11241100x8000000000000000693215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d0cc44564fea762023-02-07 15:10:20.846root 11241100x8000000000000000693214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2722fec248013fa72023-02-07 15:10:20.846root 11241100x8000000000000000693213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4206b56fe2e3c152023-02-07 15:10:20.846root 11241100x8000000000000000693212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6923e7c2c9228f112023-02-07 15:10:20.846root 11241100x8000000000000000693211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb38ef6b64599682023-02-07 15:10:20.846root 11241100x8000000000000000693210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466993fad55bdaba2023-02-07 15:10:20.846root 11241100x8000000000000000693209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec236df0bf479f02023-02-07 15:10:20.846root 11241100x8000000000000000693208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33fc499606b20ff2023-02-07 15:10:20.846root 11241100x8000000000000000693207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7241ac185b89f3842023-02-07 15:10:20.846root 11241100x8000000000000000693206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8a728fe4a250682023-02-07 15:10:20.846root 11241100x8000000000000000693218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81025db1abaae1f42023-02-07 15:10:20.847root 11241100x8000000000000000693217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2de1be65286c8802023-02-07 15:10:20.847root 11241100x8000000000000000693216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e2f7a721014612023-02-07 15:10:20.847root 11241100x8000000000000000693219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f708600b1463eec2023-02-07 15:10:21.345root 11241100x8000000000000000693228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3fb87d7f691a452023-02-07 15:10:21.346root 11241100x8000000000000000693227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffbcb1b10cf67da2023-02-07 15:10:21.346root 11241100x8000000000000000693226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b39b7310de5aeee2023-02-07 15:10:21.346root 11241100x8000000000000000693225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de438d0c487e8d802023-02-07 15:10:21.346root 11241100x8000000000000000693224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd08f92c499b6f72023-02-07 15:10:21.346root 11241100x8000000000000000693223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1ed134935e64212023-02-07 15:10:21.346root 11241100x8000000000000000693222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadb77a0896584892023-02-07 15:10:21.346root 11241100x8000000000000000693221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e171b3f89733eb2023-02-07 15:10:21.346root 11241100x8000000000000000693220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d26debe4b7a6a2023-02-07 15:10:21.346root 11241100x8000000000000000693232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1050e7402d9c9602023-02-07 15:10:21.347root 11241100x8000000000000000693231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca459befbe53f02023-02-07 15:10:21.347root 11241100x8000000000000000693230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8693fd8e69675212023-02-07 15:10:21.347root 11241100x8000000000000000693229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cc23252818381d2023-02-07 15:10:21.347root 11241100x8000000000000000693233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0658cb8778c4042023-02-07 15:10:21.845root 11241100x8000000000000000693241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca86eb4734301622023-02-07 15:10:21.846root 11241100x8000000000000000693240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3468654a26be3cc62023-02-07 15:10:21.846root 11241100x8000000000000000693239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9504c66a171a04ca2023-02-07 15:10:21.846root 11241100x8000000000000000693238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b37bfe142cfe0a2023-02-07 15:10:21.846root 11241100x8000000000000000693237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126d135764d61efd2023-02-07 15:10:21.846root 11241100x8000000000000000693236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6a638b5495ef32023-02-07 15:10:21.846root 11241100x8000000000000000693235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e2a0740134f2c02023-02-07 15:10:21.846root 11241100x8000000000000000693234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa3ad3a784506ea2023-02-07 15:10:21.846root 11241100x8000000000000000693246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565d71ef61b783822023-02-07 15:10:21.847root 11241100x8000000000000000693245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c236a1b8ff394a32023-02-07 15:10:21.847root 11241100x8000000000000000693244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af38c4092b38d9e82023-02-07 15:10:21.847root 11241100x8000000000000000693243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3badec247f7ede32023-02-07 15:10:21.847root 11241100x8000000000000000693242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49777cc1dd7104352023-02-07 15:10:21.847root 11241100x8000000000000000693247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833f412139e8cd292023-02-07 15:10:22.345root 11241100x8000000000000000693260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0418d23d43ed20e2023-02-07 15:10:22.346root 11241100x8000000000000000693259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19563c3fabbb40d92023-02-07 15:10:22.346root 11241100x8000000000000000693258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d871b39147a9e55a2023-02-07 15:10:22.346root 11241100x8000000000000000693257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1df62805d3c0b6d2023-02-07 15:10:22.346root 11241100x8000000000000000693256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39812b01c4632362023-02-07 15:10:22.346root 11241100x8000000000000000693255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044a148298443fd02023-02-07 15:10:22.346root 11241100x8000000000000000693254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f888560cfbd8372023-02-07 15:10:22.346root 11241100x8000000000000000693253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf2ed584b0e084f2023-02-07 15:10:22.346root 11241100x8000000000000000693252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8098ef31d39a2c2023-02-07 15:10:22.346root 11241100x8000000000000000693251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b539e1720123d32023-02-07 15:10:22.346root 11241100x8000000000000000693250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ab041b83f957b12023-02-07 15:10:22.346root 11241100x8000000000000000693249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3776c4cd282d692f2023-02-07 15:10:22.346root 11241100x8000000000000000693248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fb16b33c0cca022023-02-07 15:10:22.346root 11241100x8000000000000000693261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829a1342e73a2d0f2023-02-07 15:10:22.845root 11241100x8000000000000000693274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e856312efa57ddd32023-02-07 15:10:22.846root 11241100x8000000000000000693273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b015cdb5b76b252023-02-07 15:10:22.846root 11241100x8000000000000000693272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd45b412773f86e42023-02-07 15:10:22.846root 11241100x8000000000000000693271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12961771e7bfe4eb2023-02-07 15:10:22.846root 11241100x8000000000000000693270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0494242d9de12d2023-02-07 15:10:22.846root 11241100x8000000000000000693269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076776f8f6699ceb2023-02-07 15:10:22.846root 11241100x8000000000000000693268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ba6f2bcd5e5ca2023-02-07 15:10:22.846root 11241100x8000000000000000693267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24428356147003412023-02-07 15:10:22.846root 11241100x8000000000000000693266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ff9336a512f0452023-02-07 15:10:22.846root 11241100x8000000000000000693265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40938cbc04b514162023-02-07 15:10:22.846root 11241100x8000000000000000693264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a67c9509201a792023-02-07 15:10:22.846root 11241100x8000000000000000693263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764b585f2f932cdc2023-02-07 15:10:22.846root 11241100x8000000000000000693262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac275c6c725bf632023-02-07 15:10:22.846root 11241100x8000000000000000693275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fba3b6a68282d52023-02-07 15:10:23.345root 11241100x8000000000000000693288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d60114fc8c12c0a2023-02-07 15:10:23.346root 11241100x8000000000000000693287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87caafbb1d6815a62023-02-07 15:10:23.346root 11241100x8000000000000000693286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b18db9636828ae2023-02-07 15:10:23.346root 11241100x8000000000000000693285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4720e115e3d09942023-02-07 15:10:23.346root 11241100x8000000000000000693284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7633057dfd245ce82023-02-07 15:10:23.346root 11241100x8000000000000000693283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f8bf016fcaf1d12023-02-07 15:10:23.346root 11241100x8000000000000000693282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0446af82ea968b62023-02-07 15:10:23.346root 11241100x8000000000000000693281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1589b3153de162bb2023-02-07 15:10:23.346root 11241100x8000000000000000693280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6a65ad9a369b812023-02-07 15:10:23.346root 11241100x8000000000000000693279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86089c5e2722f9b2023-02-07 15:10:23.346root 11241100x8000000000000000693278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936360d6b6043072023-02-07 15:10:23.346root 11241100x8000000000000000693277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf21d12a59c7c852023-02-07 15:10:23.346root 11241100x8000000000000000693276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7efa89e458445122023-02-07 15:10:23.346root 11241100x8000000000000000693301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaf36d08995a5352023-02-07 15:10:23.846root 11241100x8000000000000000693300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3392b24290d379b32023-02-07 15:10:23.846root 11241100x8000000000000000693299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8f4346972c48512023-02-07 15:10:23.846root 11241100x8000000000000000693298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dce6943ba4a2dab2023-02-07 15:10:23.846root 11241100x8000000000000000693297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0b21403c0018d72023-02-07 15:10:23.846root 11241100x8000000000000000693296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d09ab298a02f682023-02-07 15:10:23.846root 11241100x8000000000000000693295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c10ef960b70f382023-02-07 15:10:23.846root 11241100x8000000000000000693294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0cd722c15ce5ba2023-02-07 15:10:23.846root 11241100x8000000000000000693293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275f8bd550a44a232023-02-07 15:10:23.846root 11241100x8000000000000000693292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bbdfd78413df702023-02-07 15:10:23.846root 11241100x8000000000000000693291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381b40e7408bd88f2023-02-07 15:10:23.846root 11241100x8000000000000000693290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe4ae32e53099df2023-02-07 15:10:23.846root 11241100x8000000000000000693289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56878f96bb174ee62023-02-07 15:10:23.846root 11241100x8000000000000000693302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc6c785cd4d4932023-02-07 15:10:23.847root 11241100x8000000000000000693303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d670b0442263842023-02-07 15:10:24.345root 11241100x8000000000000000693316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55becbca6e5ba8432023-02-07 15:10:24.346root 11241100x8000000000000000693315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83000e5c88e4a6052023-02-07 15:10:24.346root 11241100x8000000000000000693314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4555a7f64353478c2023-02-07 15:10:24.346root 11241100x8000000000000000693313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2350f91698612bf72023-02-07 15:10:24.346root 11241100x8000000000000000693312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9850e01bdbbd6bce2023-02-07 15:10:24.346root 11241100x8000000000000000693311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629040ef23ccf1b32023-02-07 15:10:24.346root 11241100x8000000000000000693310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae420972d400b082023-02-07 15:10:24.346root 11241100x8000000000000000693309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd00b6ea0fe46cf72023-02-07 15:10:24.346root 11241100x8000000000000000693308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0b5992f571d1e42023-02-07 15:10:24.346root 11241100x8000000000000000693307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de5d9a7335eae72023-02-07 15:10:24.346root 11241100x8000000000000000693306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fbcda3c211c9f52023-02-07 15:10:24.346root 11241100x8000000000000000693305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e33752d45df0942023-02-07 15:10:24.346root 11241100x8000000000000000693304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51490d873aca8c2023-02-07 15:10:24.346root 11241100x8000000000000000693319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9163500dd408e4c2023-02-07 15:10:24.732root 11241100x8000000000000000693318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d658382215aa826a2023-02-07 15:10:24.732root 11241100x8000000000000000693317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.732{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:10:24.732root 11241100x8000000000000000693333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66453a22152e3bdd2023-02-07 15:10:24.733root 11241100x8000000000000000693332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7675c231a9131d92023-02-07 15:10:24.733root 11241100x8000000000000000693331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12144fb073cc6ae2023-02-07 15:10:24.733root 11241100x8000000000000000693330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2877cbe8f84442072023-02-07 15:10:24.733root 11241100x8000000000000000693329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1391c965c666972023-02-07 15:10:24.733root 11241100x8000000000000000693328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1a841f517f6abd2023-02-07 15:10:24.733root 11241100x8000000000000000693327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30074bf8e23132a92023-02-07 15:10:24.733root 11241100x8000000000000000693326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e8098a45024fe12023-02-07 15:10:24.733root 11241100x8000000000000000693325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6a72cacb6b7a992023-02-07 15:10:24.733root 11241100x8000000000000000693324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abf39b715139c502023-02-07 15:10:24.733root 11241100x8000000000000000693323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a04aa5eab4bdae02023-02-07 15:10:24.733root 11241100x8000000000000000693322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4debc353542c0812023-02-07 15:10:24.733root 11241100x8000000000000000693321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c079f7231899993b2023-02-07 15:10:24.733root 11241100x8000000000000000693320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b743612a9c62752023-02-07 15:10:24.733root 11241100x8000000000000000693334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f9bdfe6bd82642023-02-07 15:10:24.734root 11241100x8000000000000000693340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5b812a530fb8f32023-02-07 15:10:25.095root 11241100x8000000000000000693339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c4e5587f8bcc282023-02-07 15:10:25.095root 11241100x8000000000000000693338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7467ce95883fd12023-02-07 15:10:25.095root 11241100x8000000000000000693337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f581eb41e964642023-02-07 15:10:25.095root 11241100x8000000000000000693336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af12938cd6c803852023-02-07 15:10:25.095root 11241100x8000000000000000693335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e14a8c52246b52023-02-07 15:10:25.095root 11241100x8000000000000000693346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b66904d67912232023-02-07 15:10:25.096root 11241100x8000000000000000693345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d7c1004a2b0762023-02-07 15:10:25.096root 11241100x8000000000000000693344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e61dd93cbeb3552023-02-07 15:10:25.096root 11241100x8000000000000000693343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b044cf7657c6342023-02-07 15:10:25.096root 11241100x8000000000000000693342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5700b2a7588b19b92023-02-07 15:10:25.096root 11241100x8000000000000000693341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c598cb4f8c751dc32023-02-07 15:10:25.096root 11241100x8000000000000000693349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ccbf42b7e3fa22023-02-07 15:10:25.097root 11241100x8000000000000000693348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe166d27b13960db2023-02-07 15:10:25.097root 11241100x8000000000000000693347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91de8081b4cffa32023-02-07 15:10:25.097root 354300x8000000000000000693350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.117{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54446-false10.0.1.12-8000- 11241100x8000000000000000693354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbebc479ca2b32e2023-02-07 15:10:25.595root 11241100x8000000000000000693353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd34cd8858a2583b2023-02-07 15:10:25.595root 11241100x8000000000000000693352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70b2670479635fe2023-02-07 15:10:25.595root 11241100x8000000000000000693351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457d13f11f62aa7d2023-02-07 15:10:25.595root 11241100x8000000000000000693362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfee51083b4962422023-02-07 15:10:25.596root 11241100x8000000000000000693361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3abe5e07b19b6342023-02-07 15:10:25.596root 11241100x8000000000000000693360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b75958fc63c232023-02-07 15:10:25.596root 11241100x8000000000000000693359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deff5fa7c4e12cb2023-02-07 15:10:25.596root 11241100x8000000000000000693358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e05ceb64f83f9b2023-02-07 15:10:25.596root 11241100x8000000000000000693357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9fe0413101b472023-02-07 15:10:25.596root 11241100x8000000000000000693356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1183d6e1f3a28aa2023-02-07 15:10:25.596root 11241100x8000000000000000693355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab63e282f79a4e282023-02-07 15:10:25.596root 11241100x8000000000000000693366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ced369174e46d2023-02-07 15:10:25.597root 11241100x8000000000000000693365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c637d6064e1515bb2023-02-07 15:10:25.597root 11241100x8000000000000000693364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04d2b5c2181f9a72023-02-07 15:10:25.597root 11241100x8000000000000000693363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499e0dd10acd1372023-02-07 15:10:25.597root 11241100x8000000000000000693370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81870a4520085fc12023-02-07 15:10:26.095root 11241100x8000000000000000693369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af37e794e6eac7d52023-02-07 15:10:26.095root 11241100x8000000000000000693368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff91f3bf077d751b2023-02-07 15:10:26.095root 11241100x8000000000000000693367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e70daaadfaaaac2023-02-07 15:10:26.095root 11241100x8000000000000000693380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1438850c7558322023-02-07 15:10:26.096root 11241100x8000000000000000693379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece1d25ed76dd6122023-02-07 15:10:26.096root 11241100x8000000000000000693378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910535cc292b24b82023-02-07 15:10:26.096root 11241100x8000000000000000693377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd0bebb7641a4132023-02-07 15:10:26.096root 11241100x8000000000000000693376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b59ed5c185ea42a2023-02-07 15:10:26.096root 11241100x8000000000000000693375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f023cc5673f1281e2023-02-07 15:10:26.096root 11241100x8000000000000000693374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f2395f67f7bc392023-02-07 15:10:26.096root 11241100x8000000000000000693373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb0ff76ba6b0c372023-02-07 15:10:26.096root 11241100x8000000000000000693372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d241ddb0055b9d2023-02-07 15:10:26.096root 11241100x8000000000000000693371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265de191f4826b42023-02-07 15:10:26.096root 11241100x8000000000000000693382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b929dac3785d13ad2023-02-07 15:10:26.097root 11241100x8000000000000000693381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3370376a32bc8c2023-02-07 15:10:26.097root 11241100x8000000000000000693384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c81f6b8e804cc62023-02-07 15:10:26.595root 11241100x8000000000000000693383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7078d4910c352042023-02-07 15:10:26.595root 11241100x8000000000000000693388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9b32540de677272023-02-07 15:10:26.596root 11241100x8000000000000000693387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df944a5aa34bbb792023-02-07 15:10:26.596root 11241100x8000000000000000693386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7005440ba88372422023-02-07 15:10:26.596root 11241100x8000000000000000693385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d8dbca9e2e0b32023-02-07 15:10:26.596root 11241100x8000000000000000693392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8b2e7b680a63a72023-02-07 15:10:26.597root 11241100x8000000000000000693391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52979e5ee9d7b7192023-02-07 15:10:26.597root 11241100x8000000000000000693390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3768aa5ee4f63e9e2023-02-07 15:10:26.597root 11241100x8000000000000000693389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876b17b777e3abe82023-02-07 15:10:26.597root 11241100x8000000000000000693396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c732b043140a12023-02-07 15:10:26.598root 11241100x8000000000000000693395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644b2707a159816a2023-02-07 15:10:26.598root 11241100x8000000000000000693394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aea21702dfd7a42023-02-07 15:10:26.598root 11241100x8000000000000000693393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344d20b93365370e2023-02-07 15:10:26.598root 11241100x8000000000000000693400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f50b3f74b3f9c22023-02-07 15:10:26.599root 11241100x8000000000000000693399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efc3cfd071003352023-02-07 15:10:26.599root 11241100x8000000000000000693398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e64ce9307c530c2023-02-07 15:10:26.599root 11241100x8000000000000000693397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:26.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d2dcec752d2ef2023-02-07 15:10:26.599root 11241100x8000000000000000693402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c492ec7ca90059352023-02-07 15:10:27.095root 11241100x8000000000000000693401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb8875b7abc3e1f2023-02-07 15:10:27.095root 11241100x8000000000000000693412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c8a415dfd064b62023-02-07 15:10:27.096root 11241100x8000000000000000693411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4fcf5be8ba3cd92023-02-07 15:10:27.096root 11241100x8000000000000000693410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842aa9dea92333c02023-02-07 15:10:27.096root 11241100x8000000000000000693409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c225eb281e84902023-02-07 15:10:27.096root 11241100x8000000000000000693408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4000b361c6c95faf2023-02-07 15:10:27.096root 11241100x8000000000000000693407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324c22c873f80f02023-02-07 15:10:27.096root 11241100x8000000000000000693406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f23809beffe7a732023-02-07 15:10:27.096root 11241100x8000000000000000693405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25591d4b2c3009a22023-02-07 15:10:27.096root 11241100x8000000000000000693404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb35ac6f2649e712023-02-07 15:10:27.096root 11241100x8000000000000000693403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15077cd927747b0b2023-02-07 15:10:27.096root 11241100x8000000000000000693417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332b974e5418dd542023-02-07 15:10:27.097root 11241100x8000000000000000693416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4326393840a4b92023-02-07 15:10:27.097root 11241100x8000000000000000693415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df66d3b0d5ebbd22023-02-07 15:10:27.097root 11241100x8000000000000000693414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086b849f9fb4e1b22023-02-07 15:10:27.097root 11241100x8000000000000000693413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d89733d7d4c0e2b2023-02-07 15:10:27.097root 11241100x8000000000000000693420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd29346521560ac2023-02-07 15:10:27.595root 11241100x8000000000000000693419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d66f343609fe9142023-02-07 15:10:27.595root 11241100x8000000000000000693418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaef333188a9c452023-02-07 15:10:27.595root 11241100x8000000000000000693426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ebfdc7d378ef092023-02-07 15:10:27.596root 11241100x8000000000000000693425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbdada70c56cd6d2023-02-07 15:10:27.596root 11241100x8000000000000000693424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d903838b0711242c2023-02-07 15:10:27.596root 11241100x8000000000000000693423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b769e9e03091bc32023-02-07 15:10:27.596root 11241100x8000000000000000693422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3698aaed87613c782023-02-07 15:10:27.596root 11241100x8000000000000000693421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fa8be10ad437842023-02-07 15:10:27.596root 11241100x8000000000000000693432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb28801d4d689e62023-02-07 15:10:27.597root 11241100x8000000000000000693431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01bc5e5663b21f82023-02-07 15:10:27.597root 11241100x8000000000000000693430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad78da6a2063252b2023-02-07 15:10:27.597root 11241100x8000000000000000693429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dc6c457d134b3f2023-02-07 15:10:27.597root 11241100x8000000000000000693428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf099c4ea8782fab2023-02-07 15:10:27.597root 11241100x8000000000000000693427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd8c65fb5d9bdb2023-02-07 15:10:27.597root 11241100x8000000000000000693433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ff3f28cceb0a992023-02-07 15:10:27.598root 23542300x8000000000000000693434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:27.734{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000693439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c304d825e41f3e2023-02-07 15:10:28.095root 11241100x8000000000000000693438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc31d5862bc0bc22023-02-07 15:10:28.095root 11241100x8000000000000000693437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb87b7d65da357f2023-02-07 15:10:28.095root 11241100x8000000000000000693436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad486a0514cbc5472023-02-07 15:10:28.095root 11241100x8000000000000000693435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b05b5b55031a4ca2023-02-07 15:10:28.095root 11241100x8000000000000000693448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b02ba279cafd9912023-02-07 15:10:28.096root 11241100x8000000000000000693447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b794ccf75b27db2023-02-07 15:10:28.096root 11241100x8000000000000000693446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345c94e9634afb3b2023-02-07 15:10:28.096root 11241100x8000000000000000693445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad6b95ab175c4792023-02-07 15:10:28.096root 11241100x8000000000000000693444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d266444b773e80692023-02-07 15:10:28.096root 11241100x8000000000000000693443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec07250c04631602023-02-07 15:10:28.096root 11241100x8000000000000000693442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eea221aa8673202023-02-07 15:10:28.096root 11241100x8000000000000000693441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e76398150f9624b2023-02-07 15:10:28.096root 11241100x8000000000000000693440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc85acae3cbab162023-02-07 15:10:28.096root 11241100x8000000000000000693452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1faacd317bfed5a2023-02-07 15:10:28.097root 11241100x8000000000000000693451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af6f2d123bd4dfe2023-02-07 15:10:28.097root 11241100x8000000000000000693450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394d789fe4c9f5d72023-02-07 15:10:28.097root 11241100x8000000000000000693449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4536f3e45a7255ae2023-02-07 15:10:28.097root 11241100x8000000000000000693457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a466b8f151cf112023-02-07 15:10:28.595root 11241100x8000000000000000693456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21287b62d646bc7b2023-02-07 15:10:28.595root 11241100x8000000000000000693455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c21f98ed9a19012023-02-07 15:10:28.595root 11241100x8000000000000000693454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfaf1ee0c888a682023-02-07 15:10:28.595root 11241100x8000000000000000693453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a23cc8094795c2023-02-07 15:10:28.595root 11241100x8000000000000000693462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1f3cadff5f941b2023-02-07 15:10:28.596root 11241100x8000000000000000693461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bdc1e784d3c9e12023-02-07 15:10:28.596root 11241100x8000000000000000693460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713eb1cb9409e63c2023-02-07 15:10:28.596root 11241100x8000000000000000693459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435d89f03d48f0a72023-02-07 15:10:28.596root 11241100x8000000000000000693458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b3a6125090751e2023-02-07 15:10:28.596root 11241100x8000000000000000693468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c31e31ffbeabcc72023-02-07 15:10:28.597root 11241100x8000000000000000693467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ec37af0ed4788d2023-02-07 15:10:28.597root 11241100x8000000000000000693466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93663b3a89cbd7b2023-02-07 15:10:28.597root 11241100x8000000000000000693465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ff02d03899ac7a2023-02-07 15:10:28.597root 11241100x8000000000000000693464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dec0e655a7b37a2023-02-07 15:10:28.597root 11241100x8000000000000000693463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cd4a0817771f022023-02-07 15:10:28.597root 11241100x8000000000000000693470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5521e05cb0a3ec2023-02-07 15:10:28.598root 11241100x8000000000000000693469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790ecc093fa4dfb92023-02-07 15:10:28.598root 11241100x8000000000000000693474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28853493bd3aa8e2023-02-07 15:10:29.095root 11241100x8000000000000000693473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796b0a8b9e2de0aa2023-02-07 15:10:29.095root 11241100x8000000000000000693472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e2dc2cd1828a092023-02-07 15:10:29.095root 11241100x8000000000000000693471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5bc86dc3d65c9c2023-02-07 15:10:29.095root 11241100x8000000000000000693482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f4f4449e04c1a2023-02-07 15:10:29.096root 11241100x8000000000000000693481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f132a98083b8ce2023-02-07 15:10:29.096root 11241100x8000000000000000693480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4201cebe4e8cd02023-02-07 15:10:29.096root 11241100x8000000000000000693479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c71edb6fddc302023-02-07 15:10:29.096root 11241100x8000000000000000693478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6703f4c3a3baf0e2023-02-07 15:10:29.096root 11241100x8000000000000000693477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7f0aa44a53997f2023-02-07 15:10:29.096root 11241100x8000000000000000693476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb4bed7ea531032023-02-07 15:10:29.096root 11241100x8000000000000000693475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615ed2a908ece6852023-02-07 15:10:29.096root 11241100x8000000000000000693487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d9052e7c16f9502023-02-07 15:10:29.097root 11241100x8000000000000000693486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dffe188a9119c92023-02-07 15:10:29.097root 11241100x8000000000000000693485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281a77a47979bc452023-02-07 15:10:29.097root 11241100x8000000000000000693484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f8e38cf57a6f162023-02-07 15:10:29.097root 11241100x8000000000000000693483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df11ae93db0f7032023-02-07 15:10:29.097root 11241100x8000000000000000693492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a8a20d8a1c06ce2023-02-07 15:10:29.595root 11241100x8000000000000000693491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b668dc4bc8f4392023-02-07 15:10:29.595root 11241100x8000000000000000693490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b699253cf88103e72023-02-07 15:10:29.595root 11241100x8000000000000000693489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f56ca52973262e82023-02-07 15:10:29.595root 11241100x8000000000000000693488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9a392e9f17a2bb2023-02-07 15:10:29.595root 11241100x8000000000000000693499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead80dabf67a5792023-02-07 15:10:29.596root 11241100x8000000000000000693498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b0e585739e03e72023-02-07 15:10:29.596root 11241100x8000000000000000693497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cd2dc3a11c72b92023-02-07 15:10:29.596root 11241100x8000000000000000693496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e59299df4d70e022023-02-07 15:10:29.596root 11241100x8000000000000000693495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177eb1fc9c0391db2023-02-07 15:10:29.596root 11241100x8000000000000000693494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95891ad4b5ef3b2023-02-07 15:10:29.596root 11241100x8000000000000000693493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d455357ac9d009a2023-02-07 15:10:29.596root 11241100x8000000000000000693502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e24dcc4f5368dde2023-02-07 15:10:29.597root 11241100x8000000000000000693501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4946f94650afcf1b2023-02-07 15:10:29.597root 11241100x8000000000000000693500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fa704b344c0f9d2023-02-07 15:10:29.597root 11241100x8000000000000000693505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e8989155c36cc52023-02-07 15:10:29.598root 11241100x8000000000000000693504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e691a480cf9d24d2023-02-07 15:10:29.598root 11241100x8000000000000000693503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d82364c6beaf932023-02-07 15:10:29.598root 11241100x8000000000000000693509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b751952be25849102023-02-07 15:10:30.095root 11241100x8000000000000000693508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b9d9e2d1f876692023-02-07 15:10:30.095root 11241100x8000000000000000693507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382c109c5930f6012023-02-07 15:10:30.095root 11241100x8000000000000000693506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283afcdb717a76772023-02-07 15:10:30.095root 11241100x8000000000000000693516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e09ee059bdcc862023-02-07 15:10:30.096root 11241100x8000000000000000693515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68ad6f3c23523262023-02-07 15:10:30.096root 11241100x8000000000000000693514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e91168949e91b32023-02-07 15:10:30.096root 11241100x8000000000000000693513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11872090e6c8fb722023-02-07 15:10:30.096root 11241100x8000000000000000693512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196ebe5f92f7ccc62023-02-07 15:10:30.096root 11241100x8000000000000000693511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eb9ff11064da7d2023-02-07 15:10:30.096root 11241100x8000000000000000693510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9287901964fdba802023-02-07 15:10:30.096root 11241100x8000000000000000693523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f758aea950b7b2d2023-02-07 15:10:30.097root 11241100x8000000000000000693522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b143c21f65a4542023-02-07 15:10:30.097root 11241100x8000000000000000693521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d493e5e484e43f2023-02-07 15:10:30.097root 11241100x8000000000000000693520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efff738a498b75dd2023-02-07 15:10:30.097root 11241100x8000000000000000693519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc9fd52f4603d192023-02-07 15:10:30.097root 11241100x8000000000000000693518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df637e6d3502c52023-02-07 15:10:30.097root 11241100x8000000000000000693517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff6514b260eff1f2023-02-07 15:10:30.097root 354300x8000000000000000693524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.167{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54462-false10.0.1.12-8000- 11241100x8000000000000000693529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38154404defbcbce2023-02-07 15:10:30.595root 11241100x8000000000000000693528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c05e59ac678776b2023-02-07 15:10:30.595root 11241100x8000000000000000693527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849a1895866142942023-02-07 15:10:30.595root 11241100x8000000000000000693526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d67e7b0a0deda02023-02-07 15:10:30.595root 11241100x8000000000000000693525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033eb5dfb2a8e30d2023-02-07 15:10:30.595root 11241100x8000000000000000693540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef91a0bcb245762023-02-07 15:10:30.596root 11241100x8000000000000000693539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadc1419f1b4a97d2023-02-07 15:10:30.596root 11241100x8000000000000000693538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe149c503a339f2023-02-07 15:10:30.596root 11241100x8000000000000000693537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eddae70e07308292023-02-07 15:10:30.596root 11241100x8000000000000000693536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53848af4c2fe70462023-02-07 15:10:30.596root 11241100x8000000000000000693535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e854ea5db862772023-02-07 15:10:30.596root 11241100x8000000000000000693534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2676cc5a762f092023-02-07 15:10:30.596root 11241100x8000000000000000693533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09e87aefda58f312023-02-07 15:10:30.596root 11241100x8000000000000000693532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb63bb08703429c02023-02-07 15:10:30.596root 11241100x8000000000000000693531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d1f00b730534792023-02-07 15:10:30.596root 11241100x8000000000000000693530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb1ffa33abe51f2023-02-07 15:10:30.596root 11241100x8000000000000000693543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519d2d872e0bd2fb2023-02-07 15:10:30.597root 11241100x8000000000000000693542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45b183bf8179c372023-02-07 15:10:30.597root 11241100x8000000000000000693541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5cf6fd484aa9fc2023-02-07 15:10:30.597root 11241100x8000000000000000693547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ee342ec4b126332023-02-07 15:10:31.095root 11241100x8000000000000000693546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64fd1de3c6d0da02023-02-07 15:10:31.095root 11241100x8000000000000000693545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92572dc9e7548f232023-02-07 15:10:31.095root 11241100x8000000000000000693544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925063c959a749bd2023-02-07 15:10:31.095root 11241100x8000000000000000693554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f7663c596f2e42023-02-07 15:10:31.096root 11241100x8000000000000000693553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7332ebaa1f545b72023-02-07 15:10:31.096root 11241100x8000000000000000693552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598301d50ee664992023-02-07 15:10:31.096root 11241100x8000000000000000693551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d5c1308e1a0fe82023-02-07 15:10:31.096root 11241100x8000000000000000693550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285019b4840677052023-02-07 15:10:31.096root 11241100x8000000000000000693549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29220895905a702023-02-07 15:10:31.096root 11241100x8000000000000000693548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbe7e68f44e8f1b2023-02-07 15:10:31.096root 11241100x8000000000000000693562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a37324fb3b094b2023-02-07 15:10:31.097root 11241100x8000000000000000693561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baab1f0401b8060d2023-02-07 15:10:31.097root 11241100x8000000000000000693560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c9306db9d226b72023-02-07 15:10:31.097root 11241100x8000000000000000693559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ed3399855366aa2023-02-07 15:10:31.097root 11241100x8000000000000000693558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7770d600a772b25e2023-02-07 15:10:31.097root 11241100x8000000000000000693557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1dd2c48a2f75862023-02-07 15:10:31.097root 11241100x8000000000000000693556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3532dacd77f76d02023-02-07 15:10:31.097root 11241100x8000000000000000693555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d28ce4bded56a272023-02-07 15:10:31.097root 11241100x8000000000000000693574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9409f70b835ce0a2023-02-07 15:10:31.596root 11241100x8000000000000000693573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e95459e220c3772023-02-07 15:10:31.596root 11241100x8000000000000000693572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0a17f36d125882023-02-07 15:10:31.596root 11241100x8000000000000000693571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95d9256e17515822023-02-07 15:10:31.596root 11241100x8000000000000000693570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693616ea37fd72b22023-02-07 15:10:31.596root 11241100x8000000000000000693569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324a232471c7ee822023-02-07 15:10:31.596root 11241100x8000000000000000693568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02859c795cafdcaf2023-02-07 15:10:31.596root 11241100x8000000000000000693567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef30373621d4c1a2023-02-07 15:10:31.596root 11241100x8000000000000000693566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564f529b85a715872023-02-07 15:10:31.596root 11241100x8000000000000000693565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0872296c2a4a362023-02-07 15:10:31.596root 11241100x8000000000000000693564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90772625fb8f85012023-02-07 15:10:31.596root 11241100x8000000000000000693563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71ccdf6ae759d2e2023-02-07 15:10:31.596root 11241100x8000000000000000693580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa71cdf92338d5692023-02-07 15:10:31.597root 11241100x8000000000000000693579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaf2b77458a6fc02023-02-07 15:10:31.597root 11241100x8000000000000000693578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f206da869ef68bfa2023-02-07 15:10:31.597root 11241100x8000000000000000693577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055b322c640b25992023-02-07 15:10:31.597root 11241100x8000000000000000693576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd30bd06597de5242023-02-07 15:10:31.597root 11241100x8000000000000000693575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47a35b46e508af82023-02-07 15:10:31.597root 11241100x8000000000000000693583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d383a65c3f4af7372023-02-07 15:10:32.095root 11241100x8000000000000000693582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4449db54975c7a2023-02-07 15:10:32.095root 11241100x8000000000000000693581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bceb2eadbbcef262023-02-07 15:10:32.095root 11241100x8000000000000000693587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fb2dbe688a73952023-02-07 15:10:32.096root 11241100x8000000000000000693586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4e93f1f819cfea2023-02-07 15:10:32.096root 11241100x8000000000000000693585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f4f0a6cfb765032023-02-07 15:10:32.096root 11241100x8000000000000000693584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8081a3f580a15c2023-02-07 15:10:32.096root 11241100x8000000000000000693594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369415ac0f603842023-02-07 15:10:32.097root 11241100x8000000000000000693593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb1a03007b4aaf52023-02-07 15:10:32.097root 11241100x8000000000000000693592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bbe40d57db49112023-02-07 15:10:32.097root 11241100x8000000000000000693591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c4480d26f9ce5d2023-02-07 15:10:32.097root 11241100x8000000000000000693590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8bc389d66c431f2023-02-07 15:10:32.097root 11241100x8000000000000000693589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5cc45c02fa0bb62023-02-07 15:10:32.097root 11241100x8000000000000000693588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aa31cd6bc14b482023-02-07 15:10:32.097root 11241100x8000000000000000693600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54427a87d3758702023-02-07 15:10:32.098root 11241100x8000000000000000693599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0529a131ec513072023-02-07 15:10:32.098root 11241100x8000000000000000693598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bc4b029b260bfc2023-02-07 15:10:32.098root 11241100x8000000000000000693597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7f0c556514c6af2023-02-07 15:10:32.098root 11241100x8000000000000000693596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf5a07095311b3f2023-02-07 15:10:32.098root 11241100x8000000000000000693595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a712a215ddc59a2023-02-07 15:10:32.098root 11241100x8000000000000000693612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44ed2607579622f2023-02-07 15:10:32.596root 11241100x8000000000000000693611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c021a2c658753b32023-02-07 15:10:32.596root 11241100x8000000000000000693610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a4ff33910937a2023-02-07 15:10:32.596root 11241100x8000000000000000693609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10fd019d123f8d12023-02-07 15:10:32.596root 11241100x8000000000000000693608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2e4f339ecc12112023-02-07 15:10:32.596root 11241100x8000000000000000693607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53c44a054ec23c2023-02-07 15:10:32.596root 11241100x8000000000000000693606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4329092ae96e222023-02-07 15:10:32.596root 11241100x8000000000000000693605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfcb44e77e59eb42023-02-07 15:10:32.596root 11241100x8000000000000000693604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f937368b4b6c6c2023-02-07 15:10:32.596root 11241100x8000000000000000693603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b98b57246cfdc92023-02-07 15:10:32.596root 11241100x8000000000000000693602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd2628ca0cdf8b2023-02-07 15:10:32.596root 11241100x8000000000000000693601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4dd7447df3b2242023-02-07 15:10:32.596root 11241100x8000000000000000693618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735b8af654f1a58c2023-02-07 15:10:32.597root 11241100x8000000000000000693617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17321a9731b9d2fe2023-02-07 15:10:32.597root 11241100x8000000000000000693616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba622bdf622166082023-02-07 15:10:32.597root 11241100x8000000000000000693615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1303d16f820925f52023-02-07 15:10:32.597root 11241100x8000000000000000693614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10b7de8dbbfc3752023-02-07 15:10:32.597root 11241100x8000000000000000693613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17e54e9e1e4f7c42023-02-07 15:10:32.597root 11241100x8000000000000000693625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c6796083e632302023-02-07 15:10:33.095root 11241100x8000000000000000693624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98edb188b89240c52023-02-07 15:10:33.095root 11241100x8000000000000000693623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034435a88406118f2023-02-07 15:10:33.095root 11241100x8000000000000000693622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeba3062cd771b92023-02-07 15:10:33.095root 11241100x8000000000000000693621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1617ed175711170c2023-02-07 15:10:33.095root 11241100x8000000000000000693620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c5239484c4a03a2023-02-07 15:10:33.095root 11241100x8000000000000000693619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0c4489a08d54e62023-02-07 15:10:33.095root 11241100x8000000000000000693631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4276ba25f368e7d32023-02-07 15:10:33.096root 11241100x8000000000000000693630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751dc4506792e9a92023-02-07 15:10:33.096root 11241100x8000000000000000693629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62333773bdcd25ef2023-02-07 15:10:33.096root 11241100x8000000000000000693628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d7775c42e9a4422023-02-07 15:10:33.096root 11241100x8000000000000000693627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20e0a9f919d3a962023-02-07 15:10:33.096root 11241100x8000000000000000693626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4efd5fb7b216202023-02-07 15:10:33.096root 11241100x8000000000000000693635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f8b7ba1adb9a82023-02-07 15:10:33.097root 11241100x8000000000000000693634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361719e1f63761712023-02-07 15:10:33.097root 11241100x8000000000000000693633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5606b14f83184d2023-02-07 15:10:33.097root 11241100x8000000000000000693632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6ba6648aeb549b2023-02-07 15:10:33.097root 11241100x8000000000000000693636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b2776d900615652023-02-07 15:10:33.098root 11241100x8000000000000000693640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc198bc6d6d895a2023-02-07 15:10:33.595root 11241100x8000000000000000693639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784a9bc6fa1c3fa62023-02-07 15:10:33.595root 11241100x8000000000000000693638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae970a51797aecc02023-02-07 15:10:33.595root 11241100x8000000000000000693637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced7a92da3f943e92023-02-07 15:10:33.595root 11241100x8000000000000000693648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e54dd92f805da622023-02-07 15:10:33.596root 11241100x8000000000000000693647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd9e2922bc58002023-02-07 15:10:33.596root 11241100x8000000000000000693646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4f29d4846c9832023-02-07 15:10:33.596root 11241100x8000000000000000693645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27767ac1c1e61c172023-02-07 15:10:33.596root 11241100x8000000000000000693644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13473031d763c9d22023-02-07 15:10:33.596root 11241100x8000000000000000693643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65fe96c08e5d69b2023-02-07 15:10:33.596root 11241100x8000000000000000693642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cee4dfc38d65052023-02-07 15:10:33.596root 11241100x8000000000000000693641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8308dbc1cde217a2023-02-07 15:10:33.596root 11241100x8000000000000000693652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8377263e6d8ac92023-02-07 15:10:33.597root 11241100x8000000000000000693651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47713842667de5fb2023-02-07 15:10:33.597root 11241100x8000000000000000693650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add5f494a929edc12023-02-07 15:10:33.597root 11241100x8000000000000000693649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d91c9812faf0c92023-02-07 15:10:33.597root 11241100x8000000000000000693655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffbc9197c05b0352023-02-07 15:10:33.598root 11241100x8000000000000000693654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ca19ed9ffb49e2023-02-07 15:10:33.598root 11241100x8000000000000000693653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3217d76109c58d2023-02-07 15:10:33.598root 11241100x8000000000000000693656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00da1a67220464ff2023-02-07 15:10:34.095root 11241100x8000000000000000693661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ce40b41294cbe92023-02-07 15:10:34.096root 11241100x8000000000000000693660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d940f01e98c8051f2023-02-07 15:10:34.096root 11241100x8000000000000000693659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d01b44ee54fdb2023-02-07 15:10:34.096root 11241100x8000000000000000693658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6997026535bdc42023-02-07 15:10:34.096root 11241100x8000000000000000693657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d724287a996feba92023-02-07 15:10:34.096root 11241100x8000000000000000693668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb2302140dd40b2023-02-07 15:10:34.097root 11241100x8000000000000000693667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9383937d733319b2023-02-07 15:10:34.097root 11241100x8000000000000000693666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8e94671c27c3e92023-02-07 15:10:34.097root 11241100x8000000000000000693665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d4b43ac5aa97182023-02-07 15:10:34.097root 11241100x8000000000000000693664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d676d4e02664c81e2023-02-07 15:10:34.097root 11241100x8000000000000000693663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc237e4cdecfbe2023-02-07 15:10:34.097root 11241100x8000000000000000693662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe4003cfe5475ad2023-02-07 15:10:34.097root 11241100x8000000000000000693673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bb41ebc575233c2023-02-07 15:10:34.098root 11241100x8000000000000000693672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9217a908469165122023-02-07 15:10:34.098root 11241100x8000000000000000693671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1dfaa20a1e38732023-02-07 15:10:34.098root 11241100x8000000000000000693670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6abe4678592f0f2023-02-07 15:10:34.098root 11241100x8000000000000000693669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d8319ca85c59b2023-02-07 15:10:34.098root 11241100x8000000000000000693677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51c042f5c5a40292023-02-07 15:10:34.595root 11241100x8000000000000000693676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994fe71ad2668c932023-02-07 15:10:34.595root 11241100x8000000000000000693675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552b75f0eeeff132023-02-07 15:10:34.595root 11241100x8000000000000000693674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576187b6544539b02023-02-07 15:10:34.595root 11241100x8000000000000000693684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee303f04eb4f31482023-02-07 15:10:34.596root 11241100x8000000000000000693683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fa19eeb9acacf32023-02-07 15:10:34.596root 11241100x8000000000000000693682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ccf3a1c718ae852023-02-07 15:10:34.596root 11241100x8000000000000000693681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d48dfc6da96f6362023-02-07 15:10:34.596root 11241100x8000000000000000693680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1d519af54a4db92023-02-07 15:10:34.596root 11241100x8000000000000000693679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a2fa41cf46fe872023-02-07 15:10:34.596root 11241100x8000000000000000693678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbe024e1bfd7b872023-02-07 15:10:34.596root 11241100x8000000000000000693689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd7221f5b75e9422023-02-07 15:10:34.597root 11241100x8000000000000000693688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ebd393303d41002023-02-07 15:10:34.597root 11241100x8000000000000000693687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afa1a59bab5034c2023-02-07 15:10:34.597root 11241100x8000000000000000693686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf99d8da15c972d62023-02-07 15:10:34.597root 11241100x8000000000000000693685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a02ce123acb9742023-02-07 15:10:34.597root 11241100x8000000000000000693691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4422b886004f05052023-02-07 15:10:34.598root 11241100x8000000000000000693690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f726f5cb1e238f2c2023-02-07 15:10:34.598root 11241100x8000000000000000693703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9984417c7464442023-02-07 15:10:35.096root 11241100x8000000000000000693702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0909e3e8e1961a962023-02-07 15:10:35.096root 11241100x8000000000000000693701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7118d78dd2fef8202023-02-07 15:10:35.096root 11241100x8000000000000000693700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a9951f2aa30a3e2023-02-07 15:10:35.096root 11241100x8000000000000000693699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9676c678fe0b9252023-02-07 15:10:35.096root 11241100x8000000000000000693698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b72ca926483cf2023-02-07 15:10:35.096root 11241100x8000000000000000693697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7add49cfb752f6a42023-02-07 15:10:35.096root 11241100x8000000000000000693696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eee7c0373984f0f2023-02-07 15:10:35.096root 11241100x8000000000000000693695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73513559806ab72023-02-07 15:10:35.096root 11241100x8000000000000000693694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65be1e5bf4e4c82023-02-07 15:10:35.096root 11241100x8000000000000000693693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5016a1716a71d7c62023-02-07 15:10:35.096root 11241100x8000000000000000693692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93d1a8712eec7b92023-02-07 15:10:35.096root 11241100x8000000000000000693709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def0c202acf9498a2023-02-07 15:10:35.097root 11241100x8000000000000000693708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de756f62279025e92023-02-07 15:10:35.097root 11241100x8000000000000000693707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca740a66c523a2f22023-02-07 15:10:35.097root 11241100x8000000000000000693706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6276039570cedfd82023-02-07 15:10:35.097root 11241100x8000000000000000693705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c36e96526758562023-02-07 15:10:35.097root 11241100x8000000000000000693704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191f04d9219630f62023-02-07 15:10:35.097root 354300x8000000000000000693710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.229{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50882-false10.0.1.12-8000- 11241100x8000000000000000693716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcab0263a401fed2023-02-07 15:10:35.595root 11241100x8000000000000000693715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3defdb7320de09172023-02-07 15:10:35.595root 11241100x8000000000000000693714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c72059ede50bdb2023-02-07 15:10:35.595root 11241100x8000000000000000693713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935c73a9b9b5483c2023-02-07 15:10:35.595root 11241100x8000000000000000693712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da4d040c66df1762023-02-07 15:10:35.595root 11241100x8000000000000000693711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5628f1c157193f2023-02-07 15:10:35.595root 11241100x8000000000000000693727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9884d75b5f55e32023-02-07 15:10:35.596root 11241100x8000000000000000693726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81c2a81f2e7dca62023-02-07 15:10:35.596root 11241100x8000000000000000693725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24756448e1e2e272023-02-07 15:10:35.596root 11241100x8000000000000000693724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd46e5b7afca4add2023-02-07 15:10:35.596root 11241100x8000000000000000693723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce86a4c18269f58b2023-02-07 15:10:35.596root 11241100x8000000000000000693722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435ebf64b27fd7ec2023-02-07 15:10:35.596root 11241100x8000000000000000693721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714de76f757c74c42023-02-07 15:10:35.596root 11241100x8000000000000000693720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55faf89e3ff3606b2023-02-07 15:10:35.596root 11241100x8000000000000000693719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025e3cc5e999b7982023-02-07 15:10:35.596root 11241100x8000000000000000693718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756b0eb6c2602a7c2023-02-07 15:10:35.596root 11241100x8000000000000000693717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b59cc0947856ba2023-02-07 15:10:35.596root 11241100x8000000000000000693730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ec3c8148f959332023-02-07 15:10:35.597root 11241100x8000000000000000693729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351059b90077c252023-02-07 15:10:35.597root 11241100x8000000000000000693728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d50770b3761a0c2023-02-07 15:10:35.597root 11241100x8000000000000000693734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6069f24ac869551f2023-02-07 15:10:36.095root 11241100x8000000000000000693733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6c66b1fd808a282023-02-07 15:10:36.095root 11241100x8000000000000000693732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4d58abd77c7312023-02-07 15:10:36.095root 11241100x8000000000000000693731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54ddd3064eb120f2023-02-07 15:10:36.095root 11241100x8000000000000000693739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11a7c97b6bf16d22023-02-07 15:10:36.096root 11241100x8000000000000000693738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51a254f75b28b1e2023-02-07 15:10:36.096root 11241100x8000000000000000693737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38582b7395f513652023-02-07 15:10:36.096root 11241100x8000000000000000693736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4124a1298d4d9c2a2023-02-07 15:10:36.096root 11241100x8000000000000000693735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc84d15e1fc06632023-02-07 15:10:36.096root 11241100x8000000000000000693743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec97cb6aea0424402023-02-07 15:10:36.097root 11241100x8000000000000000693742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb31ceeb3aafae2023-02-07 15:10:36.097root 11241100x8000000000000000693741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132627e0eae43b842023-02-07 15:10:36.097root 11241100x8000000000000000693740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbeb748477b220c2023-02-07 15:10:36.097root 11241100x8000000000000000693749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8db4b0f48067942023-02-07 15:10:36.098root 11241100x8000000000000000693748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fe8c07b9f235362023-02-07 15:10:36.098root 11241100x8000000000000000693747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129fdb39aa4ab6872023-02-07 15:10:36.098root 11241100x8000000000000000693746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd63fb34d50f7cba2023-02-07 15:10:36.098root 11241100x8000000000000000693745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535304c437ecbed32023-02-07 15:10:36.098root 11241100x8000000000000000693744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e580e14fd37af3c2023-02-07 15:10:36.098root 11241100x8000000000000000693751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f45d0cd27c578642023-02-07 15:10:36.099root 11241100x8000000000000000693750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8924e1c914bdac2023-02-07 15:10:36.099root 11241100x8000000000000000693755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40d6a62616a147d2023-02-07 15:10:36.595root 11241100x8000000000000000693754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34afae1e2fa9ad222023-02-07 15:10:36.595root 11241100x8000000000000000693753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd00b06e99c08aa2023-02-07 15:10:36.595root 11241100x8000000000000000693752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e871a60aee5ce002023-02-07 15:10:36.595root 11241100x8000000000000000693758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382bca15f7dbf2392023-02-07 15:10:36.596root 11241100x8000000000000000693757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124691bd82ad8e3a2023-02-07 15:10:36.596root 11241100x8000000000000000693756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dc827ab905b58e2023-02-07 15:10:36.596root 11241100x8000000000000000693761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37868e4ac86658712023-02-07 15:10:36.597root 11241100x8000000000000000693760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068fee6c0d2157b2023-02-07 15:10:36.597root 11241100x8000000000000000693759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d793aac461fe13f82023-02-07 15:10:36.597root 11241100x8000000000000000693764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e5c1bce8a9da7f2023-02-07 15:10:36.598root 11241100x8000000000000000693763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e8d7e66277e5a22023-02-07 15:10:36.598root 11241100x8000000000000000693762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92934cf7d4a5776b2023-02-07 15:10:36.598root 11241100x8000000000000000693767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f13c647c259f9c72023-02-07 15:10:36.599root 11241100x8000000000000000693766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba98e4436e7b57842023-02-07 15:10:36.599root 11241100x8000000000000000693765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc581e4086bc1ba62023-02-07 15:10:36.599root 11241100x8000000000000000693771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fcd1a0a4837b0f2023-02-07 15:10:36.600root 11241100x8000000000000000693770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34cc0a71afcf8ce2023-02-07 15:10:36.600root 11241100x8000000000000000693769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30549a9ff7676f072023-02-07 15:10:36.600root 11241100x8000000000000000693768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08f9c66bfa841e92023-02-07 15:10:36.600root 11241100x8000000000000000693773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee40254d7af4ba92023-02-07 15:10:36.601root 11241100x8000000000000000693772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:36.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87d8625cf76819e2023-02-07 15:10:36.601root 11241100x8000000000000000693774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d7edbd22f647c2023-02-07 15:10:37.095root 11241100x8000000000000000693778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb228cd1b606cc22023-02-07 15:10:37.096root 11241100x8000000000000000693777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b589a877b3d4752023-02-07 15:10:37.096root 11241100x8000000000000000693776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfa8c582012b702023-02-07 15:10:37.096root 11241100x8000000000000000693775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388deb95c60b080e2023-02-07 15:10:37.096root 11241100x8000000000000000693781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f2775351e73c0e2023-02-07 15:10:37.097root 11241100x8000000000000000693780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532265113b9621452023-02-07 15:10:37.097root 11241100x8000000000000000693779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed144591b6755e552023-02-07 15:10:37.097root 11241100x8000000000000000693785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b211eba9c7fc35ef2023-02-07 15:10:37.098root 11241100x8000000000000000693784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfa94665ad7cb822023-02-07 15:10:37.098root 11241100x8000000000000000693783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294058069de142ca2023-02-07 15:10:37.098root 11241100x8000000000000000693782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4f52e1199ef49e2023-02-07 15:10:37.098root 11241100x8000000000000000693790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb90b05c9d19adf2023-02-07 15:10:37.099root 11241100x8000000000000000693789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7221ad097eebf62023-02-07 15:10:37.099root 11241100x8000000000000000693788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f062c200029dd92023-02-07 15:10:37.099root 11241100x8000000000000000693787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93936b323a3c68f32023-02-07 15:10:37.099root 11241100x8000000000000000693786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb8d8b4ce55fbdc2023-02-07 15:10:37.099root 11241100x8000000000000000693792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50a11aea64f47312023-02-07 15:10:37.100root 11241100x8000000000000000693791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed35f62a3b119d72023-02-07 15:10:37.100root 11241100x8000000000000000693795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c62e5d49b97afae2023-02-07 15:10:37.595root 11241100x8000000000000000693794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4317a93630280c2023-02-07 15:10:37.595root 11241100x8000000000000000693793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523537d13312ec122023-02-07 15:10:37.595root 11241100x8000000000000000693800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b736654b35f5e8702023-02-07 15:10:37.596root 11241100x8000000000000000693799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec19b1dbf6f62b212023-02-07 15:10:37.596root 11241100x8000000000000000693798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f03e9c6f319a6f62023-02-07 15:10:37.596root 11241100x8000000000000000693797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc76c876fdda0a62023-02-07 15:10:37.596root 11241100x8000000000000000693796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5556dd841b7f4f102023-02-07 15:10:37.596root 11241100x8000000000000000693804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964c870bf30db552023-02-07 15:10:37.597root 11241100x8000000000000000693803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6036e432b9b3c02023-02-07 15:10:37.597root 11241100x8000000000000000693802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb3c87c73977a772023-02-07 15:10:37.597root 11241100x8000000000000000693801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f75268ba4d36412023-02-07 15:10:37.597root 11241100x8000000000000000693807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa310f0f8455aced2023-02-07 15:10:37.598root 11241100x8000000000000000693806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9288c9abf0275f3c2023-02-07 15:10:37.598root 11241100x8000000000000000693805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc5cc36ea5ec662023-02-07 15:10:37.598root 11241100x8000000000000000693812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f99430f40d5d692023-02-07 15:10:37.599root 11241100x8000000000000000693811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bedaa060eff31df2023-02-07 15:10:37.599root 11241100x8000000000000000693810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af322cb88d6458402023-02-07 15:10:37.599root 11241100x8000000000000000693809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2932bbbf315f452023-02-07 15:10:37.599root 11241100x8000000000000000693808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef2a02f6b4227d52023-02-07 15:10:37.599root 11241100x8000000000000000693814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835cd918663bd2de2023-02-07 15:10:38.095root 11241100x8000000000000000693813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bc0436e585de972023-02-07 15:10:38.095root 11241100x8000000000000000693818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aff8e94bea0f8ae2023-02-07 15:10:38.096root 11241100x8000000000000000693817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d4bb635d53fff22023-02-07 15:10:38.096root 11241100x8000000000000000693816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3493ce571722d9222023-02-07 15:10:38.096root 11241100x8000000000000000693815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9436412e98a652023-02-07 15:10:38.096root 11241100x8000000000000000693822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21b0aedc97442652023-02-07 15:10:38.097root 11241100x8000000000000000693821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226728ec34b4deed2023-02-07 15:10:38.097root 11241100x8000000000000000693820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddc8d28ab1bf3e72023-02-07 15:10:38.097root 11241100x8000000000000000693819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c3ded1097965d2023-02-07 15:10:38.097root 11241100x8000000000000000693824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a0feb3572bc20a2023-02-07 15:10:38.098root 11241100x8000000000000000693823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245285df729416572023-02-07 15:10:38.098root 11241100x8000000000000000693825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6534d226a3401e092023-02-07 15:10:38.102root 11241100x8000000000000000693828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab315db2dc690572023-02-07 15:10:38.103root 11241100x8000000000000000693827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedb30661c3b04c82023-02-07 15:10:38.103root 11241100x8000000000000000693826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f14d51347235f2023-02-07 15:10:38.103root 11241100x8000000000000000693831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ee15d10fbb36fd2023-02-07 15:10:38.104root 11241100x8000000000000000693830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acca71c9b4788c52023-02-07 15:10:38.104root 11241100x8000000000000000693829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9433150ff388192023-02-07 15:10:38.104root 11241100x8000000000000000693833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a418701306fd35ef2023-02-07 15:10:38.595root 11241100x8000000000000000693832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69fb450f757ccd2023-02-07 15:10:38.595root 11241100x8000000000000000693837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac3fa774bb55662023-02-07 15:10:38.596root 11241100x8000000000000000693836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1471398bf87c67692023-02-07 15:10:38.596root 11241100x8000000000000000693835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28448272ea01e0962023-02-07 15:10:38.596root 11241100x8000000000000000693834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84be99fa679d0c332023-02-07 15:10:38.596root 11241100x8000000000000000693840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2614893b8356322023-02-07 15:10:38.597root 11241100x8000000000000000693839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4174a8de5816373e2023-02-07 15:10:38.597root 11241100x8000000000000000693838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf419e3de097c822023-02-07 15:10:38.597root 11241100x8000000000000000693845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2ba63d551bdb542023-02-07 15:10:38.598root 11241100x8000000000000000693844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da47098788fec6c32023-02-07 15:10:38.598root 11241100x8000000000000000693843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c214f0c954e5b962023-02-07 15:10:38.598root 11241100x8000000000000000693842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb15e7f7e44c0d622023-02-07 15:10:38.598root 11241100x8000000000000000693841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b18a0e1eaa1fe52023-02-07 15:10:38.598root 11241100x8000000000000000693849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e5c1b57814a11b2023-02-07 15:10:38.599root 11241100x8000000000000000693848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaefa405d9179672023-02-07 15:10:38.599root 11241100x8000000000000000693847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b560bfffa856a312023-02-07 15:10:38.599root 11241100x8000000000000000693846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bab9bb040cbc7db2023-02-07 15:10:38.599root 11241100x8000000000000000693851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963be9e45cff9ef52023-02-07 15:10:38.600root 11241100x8000000000000000693850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:38.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7eec19b81224df42023-02-07 15:10:38.600root 11241100x8000000000000000693853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b380a1a0223cff8d2023-02-07 15:10:39.095root 11241100x8000000000000000693852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e695c9c92a9a93352023-02-07 15:10:39.095root 11241100x8000000000000000693856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd0a26578665c42023-02-07 15:10:39.096root 11241100x8000000000000000693855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a674d1e43f20d02023-02-07 15:10:39.096root 11241100x8000000000000000693854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed9bd8ec74026862023-02-07 15:10:39.096root 11241100x8000000000000000693860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cc65a74492469a2023-02-07 15:10:39.097root 11241100x8000000000000000693859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234291cf50bb08972023-02-07 15:10:39.097root 11241100x8000000000000000693858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14304d1ffc69a4992023-02-07 15:10:39.097root 11241100x8000000000000000693857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cfce4deb1cafeb2023-02-07 15:10:39.097root 11241100x8000000000000000693864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44552dff4cec9a202023-02-07 15:10:39.098root 11241100x8000000000000000693863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f9a9cfa319ac32023-02-07 15:10:39.098root 11241100x8000000000000000693862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b793389308e126672023-02-07 15:10:39.098root 11241100x8000000000000000693861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abc6668d7aeccfe2023-02-07 15:10:39.098root 11241100x8000000000000000693868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb404b7fefdf42f2023-02-07 15:10:39.099root 11241100x8000000000000000693867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ff76042ce73492023-02-07 15:10:39.099root 11241100x8000000000000000693866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352fbf7d8f42ec5e2023-02-07 15:10:39.099root 11241100x8000000000000000693865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4898251cf185d9c02023-02-07 15:10:39.099root 11241100x8000000000000000693870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1901eca0ddddb202023-02-07 15:10:39.100root 11241100x8000000000000000693869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad130077b1d6d1c82023-02-07 15:10:39.100root 11241100x8000000000000000693872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c14b67e31897a12023-02-07 15:10:39.595root 11241100x8000000000000000693871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdec36ce7f99eea2023-02-07 15:10:39.595root 11241100x8000000000000000693875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7a2d05e43a30ef2023-02-07 15:10:39.596root 11241100x8000000000000000693874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d886580a96ede3422023-02-07 15:10:39.596root 11241100x8000000000000000693873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e0df6274297bc12023-02-07 15:10:39.596root 11241100x8000000000000000693879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbf3c03aee4a1b32023-02-07 15:10:39.597root 11241100x8000000000000000693878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6ce2cbddc207d92023-02-07 15:10:39.597root 11241100x8000000000000000693877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418e7b05540d4a5a2023-02-07 15:10:39.597root 11241100x8000000000000000693876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197b8faaabe39e022023-02-07 15:10:39.597root 11241100x8000000000000000693883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0c32f9666dcb992023-02-07 15:10:39.598root 11241100x8000000000000000693882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745a5514bab2fdc22023-02-07 15:10:39.598root 11241100x8000000000000000693881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7679db267d2720432023-02-07 15:10:39.598root 11241100x8000000000000000693880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246c35092a89d0792023-02-07 15:10:39.598root 11241100x8000000000000000693889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5587c30eed9f53602023-02-07 15:10:39.599root 11241100x8000000000000000693888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2de0281a32cf92023-02-07 15:10:39.599root 11241100x8000000000000000693887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c7ce70decec1862023-02-07 15:10:39.599root 11241100x8000000000000000693886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d74326970d8d262023-02-07 15:10:39.599root 11241100x8000000000000000693885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a56cac007d9ec8e2023-02-07 15:10:39.599root 11241100x8000000000000000693884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754224e6456c34f42023-02-07 15:10:39.599root 11241100x8000000000000000693892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22344b804b10c53e2023-02-07 15:10:40.095root 11241100x8000000000000000693891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03bb209662a47772023-02-07 15:10:40.095root 11241100x8000000000000000693890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6e9b273ce0c79d2023-02-07 15:10:40.095root 11241100x8000000000000000693897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e2ab6eca289752023-02-07 15:10:40.096root 11241100x8000000000000000693896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc2d10354f53f82023-02-07 15:10:40.096root 11241100x8000000000000000693895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ba26b85c7472a82023-02-07 15:10:40.096root 11241100x8000000000000000693894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569bead1c1d6b8af2023-02-07 15:10:40.096root 11241100x8000000000000000693893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b3788d2f2d4f392023-02-07 15:10:40.096root 11241100x8000000000000000693901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c14b4f132b274302023-02-07 15:10:40.097root 11241100x8000000000000000693900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726d2bc367e6b0c12023-02-07 15:10:40.097root 11241100x8000000000000000693899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e4a1b81522d85f2023-02-07 15:10:40.097root 11241100x8000000000000000693898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f798e18c5985d2023-02-07 15:10:40.097root 11241100x8000000000000000693905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f4f8aca721b9b2023-02-07 15:10:40.098root 11241100x8000000000000000693904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9bea75dde441862023-02-07 15:10:40.098root 11241100x8000000000000000693903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0da32cda978d512023-02-07 15:10:40.098root 11241100x8000000000000000693902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b65355a88c9e2a62023-02-07 15:10:40.098root 11241100x8000000000000000693906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a4b583f3d240a2023-02-07 15:10:40.099root 11241100x8000000000000000693908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d1f21e636073ba2023-02-07 15:10:40.100root 11241100x8000000000000000693907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e39ef2379bfc482023-02-07 15:10:40.100root 11241100x8000000000000000693911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e668e4f0c3b004a2023-02-07 15:10:40.595root 11241100x8000000000000000693910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390695464ad2cc002023-02-07 15:10:40.595root 11241100x8000000000000000693909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c31814e4e3b2f52023-02-07 15:10:40.595root 11241100x8000000000000000693915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27991593f3ba38c2023-02-07 15:10:40.596root 11241100x8000000000000000693914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e96e60b486394042023-02-07 15:10:40.596root 11241100x8000000000000000693913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e6c606efb37cc72023-02-07 15:10:40.596root 11241100x8000000000000000693912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2164967e4a5fbff92023-02-07 15:10:40.596root 11241100x8000000000000000693918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271ef0fa7ec0bafc2023-02-07 15:10:40.597root 11241100x8000000000000000693917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b7c082731d6b8e2023-02-07 15:10:40.597root 11241100x8000000000000000693916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fab73e49e475ae2023-02-07 15:10:40.597root 11241100x8000000000000000693923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33ff52adbf1a5c42023-02-07 15:10:40.598root 11241100x8000000000000000693922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b911d67762299fa2023-02-07 15:10:40.598root 11241100x8000000000000000693921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1922e6805e39241d2023-02-07 15:10:40.598root 11241100x8000000000000000693920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c038520ee696c3492023-02-07 15:10:40.598root 11241100x8000000000000000693919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9856ebae8dd1562023-02-07 15:10:40.598root 11241100x8000000000000000693927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c412eb9c2d12e8742023-02-07 15:10:40.599root 11241100x8000000000000000693926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910589d42cc09a1e2023-02-07 15:10:40.599root 11241100x8000000000000000693925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7eae8e6257443c2023-02-07 15:10:40.599root 11241100x8000000000000000693924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043bbac662753e172023-02-07 15:10:40.599root 354300x8000000000000000693928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.061{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50894-false10.0.1.12-8000- 11241100x8000000000000000693935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fadbdd731d7e332023-02-07 15:10:41.062root 11241100x8000000000000000693934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5db1d5e21340ce2023-02-07 15:10:41.062root 11241100x8000000000000000693933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558c9ee5ea85adae2023-02-07 15:10:41.062root 11241100x8000000000000000693932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479ee87f19553b02023-02-07 15:10:41.062root 11241100x8000000000000000693931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b332bf3a7eecd82023-02-07 15:10:41.062root 11241100x8000000000000000693930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0edbc44e54ad7b22023-02-07 15:10:41.062root 11241100x8000000000000000693929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a195d94e77ce42023-02-07 15:10:41.062root 11241100x8000000000000000693939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2973fa356048a8bf2023-02-07 15:10:41.063root 11241100x8000000000000000693938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a87df775aad22172023-02-07 15:10:41.063root 11241100x8000000000000000693937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdb15324dd95f622023-02-07 15:10:41.063root 11241100x8000000000000000693936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4db142233247592023-02-07 15:10:41.063root 11241100x8000000000000000693952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339b4726cdad82f42023-02-07 15:10:41.064root 11241100x8000000000000000693951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43dd133a0054582023-02-07 15:10:41.064root 11241100x8000000000000000693950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6036bfdb835fc6362023-02-07 15:10:41.064root 11241100x8000000000000000693949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2370cd6184ab21c2023-02-07 15:10:41.064root 11241100x8000000000000000693948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d134e494ae176e642023-02-07 15:10:41.064root 11241100x8000000000000000693947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349f4e2559beb1172023-02-07 15:10:41.064root 11241100x8000000000000000693946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59725acaddc8e3ad2023-02-07 15:10:41.064root 11241100x8000000000000000693945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc219a229c83c4612023-02-07 15:10:41.064root 11241100x8000000000000000693944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f95abe45ae01492023-02-07 15:10:41.064root 11241100x8000000000000000693943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b4f84166526e1e2023-02-07 15:10:41.064root 11241100x8000000000000000693942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c30f0da769e15b32023-02-07 15:10:41.064root 11241100x8000000000000000693941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce5d998dfab11c22023-02-07 15:10:41.064root 11241100x8000000000000000693940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eaaee88a0411502023-02-07 15:10:41.064root 11241100x8000000000000000693956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff875c548793add2023-02-07 15:10:41.065root 11241100x8000000000000000693955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df8b310cde56f3a2023-02-07 15:10:41.065root 11241100x8000000000000000693954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929abcfc6702cca92023-02-07 15:10:41.065root 11241100x8000000000000000693953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a1526b7897560f2023-02-07 15:10:41.065root 11241100x8000000000000000693957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8422a8ee5fceb58f2023-02-07 15:10:41.345root 11241100x8000000000000000693967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a39b318e5a8ce772023-02-07 15:10:41.346root 11241100x8000000000000000693966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18954e3428b3d1c2023-02-07 15:10:41.346root 11241100x8000000000000000693965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f3cfc32e0fdc732023-02-07 15:10:41.346root 11241100x8000000000000000693964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c72384bb38f372023-02-07 15:10:41.346root 11241100x8000000000000000693963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9e29ac7e930f582023-02-07 15:10:41.346root 11241100x8000000000000000693962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26851850ccd5a4152023-02-07 15:10:41.346root 11241100x8000000000000000693961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0605521194cd8a762023-02-07 15:10:41.346root 11241100x8000000000000000693960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aad94eb4ea3d0452023-02-07 15:10:41.346root 11241100x8000000000000000693959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c50fad650907b572023-02-07 15:10:41.346root 11241100x8000000000000000693958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639f62e090a4c022023-02-07 15:10:41.346root 11241100x8000000000000000693974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bed75dfd857e1e2023-02-07 15:10:41.347root 11241100x8000000000000000693973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b231b9860427a79d2023-02-07 15:10:41.347root 11241100x8000000000000000693972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0996652227516092023-02-07 15:10:41.347root 11241100x8000000000000000693971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2668069715b22b92023-02-07 15:10:41.347root 11241100x8000000000000000693970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721f5044bc866e0b2023-02-07 15:10:41.347root 11241100x8000000000000000693969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc67620b73686e0f2023-02-07 15:10:41.347root 11241100x8000000000000000693968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faf3ae8b281a1f62023-02-07 15:10:41.347root 11241100x8000000000000000693976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979c8d8e6044b06e2023-02-07 15:10:41.348root 11241100x8000000000000000693975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b384636e82d3d9a32023-02-07 15:10:41.348root 11241100x8000000000000000693978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d0c38142bbca012023-02-07 15:10:41.845root 11241100x8000000000000000693977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702d9a47665fd2242023-02-07 15:10:41.845root 11241100x8000000000000000693984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c7b27d7289c402023-02-07 15:10:41.846root 11241100x8000000000000000693983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab54e09c9c1c212023-02-07 15:10:41.846root 11241100x8000000000000000693982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaaaa6f2532ef8a2023-02-07 15:10:41.846root 11241100x8000000000000000693981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb96c8af8f31c772023-02-07 15:10:41.846root 11241100x8000000000000000693980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffc6598583b0ac2023-02-07 15:10:41.846root 11241100x8000000000000000693979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf36a5f10db5f32023-02-07 15:10:41.846root 11241100x8000000000000000693991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d12f3565556fc32023-02-07 15:10:41.847root 11241100x8000000000000000693990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b78831ac109a12023-02-07 15:10:41.847root 11241100x8000000000000000693989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4030602f3071982023-02-07 15:10:41.847root 11241100x8000000000000000693988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b420d5ff6796a2023-02-07 15:10:41.847root 11241100x8000000000000000693987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0931c0d1fa7d750d2023-02-07 15:10:41.847root 11241100x8000000000000000693986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9fd0ce48c2dc5f2023-02-07 15:10:41.847root 11241100x8000000000000000693985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e8fed9e55160ec2023-02-07 15:10:41.847root 11241100x8000000000000000693998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a209ab51884eac32023-02-07 15:10:41.848root 11241100x8000000000000000693997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7a3a1ea97a07e52023-02-07 15:10:41.848root 11241100x8000000000000000693996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe014f15e14d70f2023-02-07 15:10:41.848root 11241100x8000000000000000693995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65def8e9b7970fc12023-02-07 15:10:41.848root 11241100x8000000000000000693994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e66baec6339be62023-02-07 15:10:41.848root 11241100x8000000000000000693993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7aaffe1823df082023-02-07 15:10:41.848root 11241100x8000000000000000693992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88427ec7dd0028d2023-02-07 15:10:41.848root 11241100x8000000000000000694002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e8830c6b939b9a2023-02-07 15:10:41.849root 11241100x8000000000000000694001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea21b3de40e9f8692023-02-07 15:10:41.849root 11241100x8000000000000000694000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fec694f60c49c92023-02-07 15:10:41.849root 11241100x8000000000000000693999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:41.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca20ee5d13c8e8c62023-02-07 15:10:41.849root 11241100x8000000000000000694009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16313a8b24300e032023-02-07 15:10:42.346root 11241100x8000000000000000694008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9df04ebfba6e502023-02-07 15:10:42.346root 11241100x8000000000000000694007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef5231383115d1d2023-02-07 15:10:42.346root 11241100x8000000000000000694006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c0b00f8653e0b52023-02-07 15:10:42.346root 11241100x8000000000000000694005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557d181fcf6fcaf2023-02-07 15:10:42.346root 11241100x8000000000000000694004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ffa59a78c20ca12023-02-07 15:10:42.346root 11241100x8000000000000000694003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb025c64f84df72023-02-07 15:10:42.346root 11241100x8000000000000000694018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54e4040214ce062023-02-07 15:10:42.347root 11241100x8000000000000000694017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87995698d5ca7532023-02-07 15:10:42.347root 11241100x8000000000000000694016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe40a004a93cb2e2023-02-07 15:10:42.347root 11241100x8000000000000000694015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fda0825ec9fc402023-02-07 15:10:42.347root 11241100x8000000000000000694014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f33e2202484d9282023-02-07 15:10:42.347root 11241100x8000000000000000694013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abea12729f9809b52023-02-07 15:10:42.347root 11241100x8000000000000000694012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02057673f618194b2023-02-07 15:10:42.347root 11241100x8000000000000000694011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b0cc27abb8829b2023-02-07 15:10:42.347root 11241100x8000000000000000694010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070eb48a643148042023-02-07 15:10:42.347root 11241100x8000000000000000694022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33c2e098b1cf3e52023-02-07 15:10:42.348root 11241100x8000000000000000694021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7951cfa4168caadb2023-02-07 15:10:42.348root 11241100x8000000000000000694020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edb25cc28a2f0bb2023-02-07 15:10:42.348root 11241100x8000000000000000694019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315a1c599f08785c2023-02-07 15:10:42.348root 11241100x8000000000000000694023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46897915d25f39952023-02-07 15:10:42.845root 11241100x8000000000000000694029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd578af249ebf7a42023-02-07 15:10:42.846root 11241100x8000000000000000694028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e20345865a40d5f2023-02-07 15:10:42.846root 11241100x8000000000000000694027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cab20faa6161e262023-02-07 15:10:42.846root 11241100x8000000000000000694026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475f6af68c9766642023-02-07 15:10:42.846root 11241100x8000000000000000694025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3f19bed7d4bb902023-02-07 15:10:42.846root 11241100x8000000000000000694024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f1af09a36c5b12023-02-07 15:10:42.846root 11241100x8000000000000000694036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbf8269bae5d34b2023-02-07 15:10:42.847root 11241100x8000000000000000694035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f367062052c0f4a2023-02-07 15:10:42.847root 11241100x8000000000000000694034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcdbdd2e3142fc72023-02-07 15:10:42.847root 11241100x8000000000000000694033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa96ee4d131173e2023-02-07 15:10:42.847root 11241100x8000000000000000694032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc38add011346b2023-02-07 15:10:42.847root 11241100x8000000000000000694031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94c656f852e0c6f2023-02-07 15:10:42.847root 11241100x8000000000000000694030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d795a7a06d201c212023-02-07 15:10:42.847root 11241100x8000000000000000694042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71f2dd0ce5b4f8f2023-02-07 15:10:42.848root 11241100x8000000000000000694041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbff3147956c736d2023-02-07 15:10:42.848root 11241100x8000000000000000694040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc6a059fdce283c2023-02-07 15:10:42.848root 11241100x8000000000000000694039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd7420dd75c26972023-02-07 15:10:42.848root 11241100x8000000000000000694038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a5b12a7cdd0a2a2023-02-07 15:10:42.848root 11241100x8000000000000000694037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3dccf1af7d12f72023-02-07 15:10:42.848root 11241100x8000000000000000694043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfafd710b68915f2023-02-07 15:10:43.345root 11241100x8000000000000000694046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8847f1116dc8b8a02023-02-07 15:10:43.346root 11241100x8000000000000000694045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea32486d5cc4b8a02023-02-07 15:10:43.346root 11241100x8000000000000000694044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bd713d62cd1b882023-02-07 15:10:43.346root 11241100x8000000000000000694049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3ff6abd4c3be152023-02-07 15:10:43.347root 11241100x8000000000000000694048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d8c9482a092abe2023-02-07 15:10:43.347root 11241100x8000000000000000694047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b61c1882c8150b2023-02-07 15:10:43.347root 11241100x8000000000000000694051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8093489f782792023-02-07 15:10:43.348root 11241100x8000000000000000694050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6d06d3ad76e70f2023-02-07 15:10:43.348root 11241100x8000000000000000694060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bcf88ee333a3402023-02-07 15:10:43.349root 11241100x8000000000000000694059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1d15bbcf4ed8f12023-02-07 15:10:43.349root 11241100x8000000000000000694058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62099d761f0c58722023-02-07 15:10:43.349root 11241100x8000000000000000694057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4369acb656c26b2023-02-07 15:10:43.349root 11241100x8000000000000000694056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbafe8e8e8b96e82023-02-07 15:10:43.349root 11241100x8000000000000000694055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1c5c650c8943242023-02-07 15:10:43.349root 11241100x8000000000000000694054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795bac820eb2bb452023-02-07 15:10:43.349root 11241100x8000000000000000694053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474e4b4f7d840f302023-02-07 15:10:43.349root 11241100x8000000000000000694052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2aea39762161462023-02-07 15:10:43.349root 11241100x8000000000000000694063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce33dafc00b2c742023-02-07 15:10:43.350root 11241100x8000000000000000694062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f9f310ba1c3b222023-02-07 15:10:43.350root 11241100x8000000000000000694061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8612b56be6d9f2023-02-07 15:10:43.350root 11241100x8000000000000000694071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73d41b75eb728a72023-02-07 15:10:43.846root 11241100x8000000000000000694070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6357c9db881961c2023-02-07 15:10:43.846root 11241100x8000000000000000694069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298a807b851d42572023-02-07 15:10:43.846root 11241100x8000000000000000694068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9bdd0508f131022023-02-07 15:10:43.846root 11241100x8000000000000000694067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3d41d0e321b6f62023-02-07 15:10:43.846root 11241100x8000000000000000694066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bba41961e2d166b2023-02-07 15:10:43.846root 11241100x8000000000000000694065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3552b9ec41efc622023-02-07 15:10:43.846root 11241100x8000000000000000694064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b1de5eb29145f62023-02-07 15:10:43.846root 11241100x8000000000000000694076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0052dbd66c1e94472023-02-07 15:10:43.847root 11241100x8000000000000000694075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592871a5c69436f2023-02-07 15:10:43.847root 11241100x8000000000000000694074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcfc5566c0f5ff12023-02-07 15:10:43.847root 11241100x8000000000000000694073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d7011705db7d0c2023-02-07 15:10:43.847root 11241100x8000000000000000694072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7effdc83d381e0a72023-02-07 15:10:43.847root 11241100x8000000000000000694080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765a922ca62e604a2023-02-07 15:10:43.848root 11241100x8000000000000000694079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23815cc765655ab32023-02-07 15:10:43.848root 11241100x8000000000000000694078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa9e3ecb77033442023-02-07 15:10:43.848root 11241100x8000000000000000694077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb91c12c6e34a30b2023-02-07 15:10:43.848root 11241100x8000000000000000694083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7281f01e1f22865a2023-02-07 15:10:43.849root 11241100x8000000000000000694082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88d7969a18f4e452023-02-07 15:10:43.849root 11241100x8000000000000000694081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:43.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bbd9f5e8dc92912023-02-07 15:10:43.849root 11241100x8000000000000000694084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902bb7edf681a9be2023-02-07 15:10:44.345root 11241100x8000000000000000694089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0116e114991f38be2023-02-07 15:10:44.346root 11241100x8000000000000000694088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58ed2a660f6e6562023-02-07 15:10:44.346root 11241100x8000000000000000694087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a504d802643092023-02-07 15:10:44.346root 11241100x8000000000000000694086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20d8fcdeee08532023-02-07 15:10:44.346root 11241100x8000000000000000694085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8416cd91f41cbbf2023-02-07 15:10:44.346root 11241100x8000000000000000694093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc3aa6b3c0c91d02023-02-07 15:10:44.347root 11241100x8000000000000000694092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2d2588f95d65e32023-02-07 15:10:44.347root 11241100x8000000000000000694091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7ab6055314dd5f2023-02-07 15:10:44.347root 11241100x8000000000000000694090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf8e0806983df12023-02-07 15:10:44.347root 11241100x8000000000000000694095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4a3e2d21cabd912023-02-07 15:10:44.348root 11241100x8000000000000000694094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d60a538e4163d72023-02-07 15:10:44.348root 11241100x8000000000000000694099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4056e2100899d5e2023-02-07 15:10:44.349root 11241100x8000000000000000694098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84667876b74a92eb2023-02-07 15:10:44.349root 11241100x8000000000000000694097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794c6e84c89f82bc2023-02-07 15:10:44.349root 11241100x8000000000000000694096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f852073427ac49c42023-02-07 15:10:44.349root 11241100x8000000000000000694103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b155df4c5f23a762023-02-07 15:10:44.350root 11241100x8000000000000000694102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53028a834d47a7322023-02-07 15:10:44.350root 11241100x8000000000000000694101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612ddb84bcd463402023-02-07 15:10:44.350root 11241100x8000000000000000694100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e110bac12bd37e2023-02-07 15:10:44.350root 11241100x8000000000000000694112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45a07312f6265772023-02-07 15:10:44.846root 11241100x8000000000000000694111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137e45ab54aa5592023-02-07 15:10:44.846root 11241100x8000000000000000694110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fce69b4b57cd072023-02-07 15:10:44.846root 11241100x8000000000000000694109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ad7561f658ff9c2023-02-07 15:10:44.846root 11241100x8000000000000000694108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79edf4b7d38479282023-02-07 15:10:44.846root 11241100x8000000000000000694107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ec82c2cd35672c2023-02-07 15:10:44.846root 11241100x8000000000000000694106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4486d9529f7d11e32023-02-07 15:10:44.846root 11241100x8000000000000000694105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce774cfeaf189e92023-02-07 15:10:44.846root 11241100x8000000000000000694104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a2876ea0c79c52023-02-07 15:10:44.846root 11241100x8000000000000000694123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f145a8f35eb1cb2a2023-02-07 15:10:44.847root 11241100x8000000000000000694122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357640d6a103ee92023-02-07 15:10:44.847root 11241100x8000000000000000694121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d77631dd47ea3812023-02-07 15:10:44.847root 11241100x8000000000000000694120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5903b4ced832b67d2023-02-07 15:10:44.847root 11241100x8000000000000000694119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86fa594fadddba72023-02-07 15:10:44.847root 11241100x8000000000000000694118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca46a017c8fbd6f12023-02-07 15:10:44.847root 11241100x8000000000000000694117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c27f8ff9f5634a2023-02-07 15:10:44.847root 11241100x8000000000000000694116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1616ebce2c73f6682023-02-07 15:10:44.847root 11241100x8000000000000000694115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f362e0eafb1ffdb2023-02-07 15:10:44.847root 11241100x8000000000000000694114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7ca7acb761ebd22023-02-07 15:10:44.847root 11241100x8000000000000000694113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae536e9f4e2c23a72023-02-07 15:10:44.847root 11241100x8000000000000000694133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e2cf32d912548e2023-02-07 15:10:45.346root 11241100x8000000000000000694132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17953fd9fdcc5da32023-02-07 15:10:45.346root 11241100x8000000000000000694131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ac2be74f708402023-02-07 15:10:45.346root 11241100x8000000000000000694130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccdf9c3d929ed502023-02-07 15:10:45.346root 11241100x8000000000000000694129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683cff98438f5e5c2023-02-07 15:10:45.346root 11241100x8000000000000000694128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf97352b34eb9472023-02-07 15:10:45.346root 11241100x8000000000000000694127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3eabca3713e86652023-02-07 15:10:45.346root 11241100x8000000000000000694126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06f949099880ba62023-02-07 15:10:45.346root 11241100x8000000000000000694125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165152b979d228702023-02-07 15:10:45.346root 11241100x8000000000000000694124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d1079aa435fbf22023-02-07 15:10:45.346root 11241100x8000000000000000694143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b2529aef5cc9dd2023-02-07 15:10:45.347root 11241100x8000000000000000694142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c331736ea21287752023-02-07 15:10:45.347root 11241100x8000000000000000694141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476054586121cd112023-02-07 15:10:45.347root 11241100x8000000000000000694140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf2f6b84fe62c652023-02-07 15:10:45.347root 11241100x8000000000000000694139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28523df5a3c2e5b62023-02-07 15:10:45.347root 11241100x8000000000000000694138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413fe3edf3dc4882023-02-07 15:10:45.347root 11241100x8000000000000000694137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ecfe798c4b24eb2023-02-07 15:10:45.347root 11241100x8000000000000000694136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001b63f0a51b55dc2023-02-07 15:10:45.347root 11241100x8000000000000000694135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41fb2acb071010b2023-02-07 15:10:45.347root 11241100x8000000000000000694134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba1529ed3b2991a2023-02-07 15:10:45.347root 11241100x8000000000000000694145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cf0edb4ae4a3fa2023-02-07 15:10:45.348root 11241100x8000000000000000694144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8209319b0edf252023-02-07 15:10:45.348root 11241100x8000000000000000694147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d500ab342788262023-02-07 15:10:45.845root 11241100x8000000000000000694146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b781b3c1825a512023-02-07 15:10:45.845root 11241100x8000000000000000694156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b75b77477173e6b2023-02-07 15:10:45.846root 11241100x8000000000000000694155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fba549f6759bddc2023-02-07 15:10:45.846root 11241100x8000000000000000694154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46913564572da542023-02-07 15:10:45.846root 11241100x8000000000000000694153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38410b92d2866f922023-02-07 15:10:45.846root 11241100x8000000000000000694152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a4e1d42979d9c22023-02-07 15:10:45.846root 11241100x8000000000000000694151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640c02696da29a2e2023-02-07 15:10:45.846root 11241100x8000000000000000694150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a589ce3e4770e3c2023-02-07 15:10:45.846root 11241100x8000000000000000694149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b644a72be5b23d2023-02-07 15:10:45.846root 11241100x8000000000000000694148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe68a16ea75fcfa2023-02-07 15:10:45.846root 11241100x8000000000000000694165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d562fbddb0cd4f2023-02-07 15:10:45.847root 11241100x8000000000000000694164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5d6a7ce1cd3d82023-02-07 15:10:45.847root 11241100x8000000000000000694163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc291c442c1d772023-02-07 15:10:45.847root 11241100x8000000000000000694162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0c19b26188ff3e2023-02-07 15:10:45.847root 11241100x8000000000000000694161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40df3dded3453d42023-02-07 15:10:45.847root 11241100x8000000000000000694160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d2087ca8ff20c72023-02-07 15:10:45.847root 11241100x8000000000000000694159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc4a42e574c9f282023-02-07 15:10:45.847root 11241100x8000000000000000694158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f3eebcf97e5e742023-02-07 15:10:45.847root 11241100x8000000000000000694157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55e528b2611de832023-02-07 15:10:45.847root 354300x8000000000000000694166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.246{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47886-false10.0.1.12-8000- 11241100x8000000000000000694171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cde88dceaaf35fa2023-02-07 15:10:46.247root 11241100x8000000000000000694170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ed607c204142642023-02-07 15:10:46.247root 11241100x8000000000000000694169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8455b9a037682e72023-02-07 15:10:46.247root 11241100x8000000000000000694168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf68ee4178c64242023-02-07 15:10:46.247root 11241100x8000000000000000694167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c1bb977f2a69b82023-02-07 15:10:46.247root 11241100x8000000000000000694181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222074b7c23599e72023-02-07 15:10:46.248root 11241100x8000000000000000694180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325f58967d1eca272023-02-07 15:10:46.248root 11241100x8000000000000000694179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98d3c7946bfc5ae2023-02-07 15:10:46.248root 11241100x8000000000000000694178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc355c5cdbc2487a2023-02-07 15:10:46.248root 11241100x8000000000000000694177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1d45e7d861b40c2023-02-07 15:10:46.248root 11241100x8000000000000000694176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c8b468d20757ef2023-02-07 15:10:46.248root 11241100x8000000000000000694175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040e84e5068fd0f2023-02-07 15:10:46.248root 11241100x8000000000000000694174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628fabe366ce651a2023-02-07 15:10:46.248root 11241100x8000000000000000694173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a714dda11eb8e1872023-02-07 15:10:46.248root 11241100x8000000000000000694172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadf4fa0fdd1f6d02023-02-07 15:10:46.248root 11241100x8000000000000000694190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649251960e9d3122023-02-07 15:10:46.249root 11241100x8000000000000000694189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f3838131e1b4e72023-02-07 15:10:46.249root 11241100x8000000000000000694188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c3bb2eea95ca322023-02-07 15:10:46.249root 11241100x8000000000000000694187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77dace4d94b33372023-02-07 15:10:46.249root 11241100x8000000000000000694186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a099ac6b0f9161152023-02-07 15:10:46.249root 11241100x8000000000000000694185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4137b5d7cdf1b0102023-02-07 15:10:46.249root 11241100x8000000000000000694184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e276fbb4b8e0a69e2023-02-07 15:10:46.249root 11241100x8000000000000000694183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10d91744472d6a92023-02-07 15:10:46.249root 11241100x8000000000000000694182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f72d557c16ade622023-02-07 15:10:46.249root 11241100x8000000000000000694193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893c3f0334dd79b12023-02-07 15:10:46.595root 11241100x8000000000000000694192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0cbc03788043c72023-02-07 15:10:46.595root 11241100x8000000000000000694191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dc04e1d81b800a2023-02-07 15:10:46.595root 11241100x8000000000000000694201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f206490b82edff02023-02-07 15:10:46.596root 11241100x8000000000000000694200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a98bd7e9fd37f22023-02-07 15:10:46.596root 11241100x8000000000000000694199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53224e3b32bb58f2023-02-07 15:10:46.596root 11241100x8000000000000000694198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b0957fb6f270f82023-02-07 15:10:46.596root 11241100x8000000000000000694197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb59e15b978f4d52023-02-07 15:10:46.596root 11241100x8000000000000000694196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ec4bd449fb6deb2023-02-07 15:10:46.596root 11241100x8000000000000000694195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6e4e16abc4bc272023-02-07 15:10:46.596root 11241100x8000000000000000694194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955d8778bb6a50cb2023-02-07 15:10:46.596root 11241100x8000000000000000694212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b126741ab916a1882023-02-07 15:10:46.597root 11241100x8000000000000000694211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bb15fc2c711abb2023-02-07 15:10:46.597root 11241100x8000000000000000694210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6e133d8f72efcc2023-02-07 15:10:46.597root 11241100x8000000000000000694209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6831aae9dbfb64d2023-02-07 15:10:46.597root 11241100x8000000000000000694208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1874ae32eef94a2023-02-07 15:10:46.597root 11241100x8000000000000000694207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c99b1fa75005fde2023-02-07 15:10:46.597root 11241100x8000000000000000694206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc47c318846542cb2023-02-07 15:10:46.597root 11241100x8000000000000000694205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9730268363ca2cec2023-02-07 15:10:46.597root 11241100x8000000000000000694204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c863cc12d53e00d62023-02-07 15:10:46.597root 11241100x8000000000000000694203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62806f4797308c222023-02-07 15:10:46.597root 11241100x8000000000000000694202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f243a1db261d642023-02-07 15:10:46.597root 11241100x8000000000000000694217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb73d949431688d62023-02-07 15:10:47.095root 11241100x8000000000000000694216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb73bba0a1de302023-02-07 15:10:47.095root 11241100x8000000000000000694215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66365f50421080a52023-02-07 15:10:47.095root 11241100x8000000000000000694214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1636dd4a867a5fa2023-02-07 15:10:47.095root 11241100x8000000000000000694213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12066771d5b870722023-02-07 15:10:47.095root 11241100x8000000000000000694224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d15a6a529fc8fbb2023-02-07 15:10:47.096root 11241100x8000000000000000694223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c5cd2ee83456a12023-02-07 15:10:47.096root 11241100x8000000000000000694222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2ebdb9e9c33e6f2023-02-07 15:10:47.096root 11241100x8000000000000000694221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dacaaee695b4e02023-02-07 15:10:47.096root 11241100x8000000000000000694220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5368348bf65b952023-02-07 15:10:47.096root 11241100x8000000000000000694219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c891fa123cc1dbfd2023-02-07 15:10:47.096root 11241100x8000000000000000694218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09fabde26a511fa2023-02-07 15:10:47.096root 11241100x8000000000000000694232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421ac3e9f95e9032023-02-07 15:10:47.097root 11241100x8000000000000000694231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae56e7ec951e7a2023-02-07 15:10:47.097root 11241100x8000000000000000694230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9ebaaa95a6074e2023-02-07 15:10:47.097root 11241100x8000000000000000694229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3639cbf4f9f204102023-02-07 15:10:47.097root 11241100x8000000000000000694228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e1e2ea0e6763c2023-02-07 15:10:47.097root 11241100x8000000000000000694227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23e980244062e62023-02-07 15:10:47.097root 11241100x8000000000000000694226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b844084f1268b49f2023-02-07 15:10:47.097root 11241100x8000000000000000694225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df2040f72cb2eef2023-02-07 15:10:47.097root 11241100x8000000000000000694235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44ec35a52f839132023-02-07 15:10:47.098root 11241100x8000000000000000694234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085ef04ff17ac4622023-02-07 15:10:47.098root 11241100x8000000000000000694233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce7833193a3ab02023-02-07 15:10:47.098root 11241100x8000000000000000694239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56efb023055fa4902023-02-07 15:10:47.595root 11241100x8000000000000000694238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d1e715fd9e39c2023-02-07 15:10:47.595root 11241100x8000000000000000694237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01aeef9cbe6fddd2023-02-07 15:10:47.595root 11241100x8000000000000000694236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260d97891eb25aa2023-02-07 15:10:47.595root 11241100x8000000000000000694246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d38c3a5620b2bec2023-02-07 15:10:47.596root 11241100x8000000000000000694245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf79d4a1b99f1ba2023-02-07 15:10:47.596root 11241100x8000000000000000694244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877fd07ac8b8f6762023-02-07 15:10:47.596root 11241100x8000000000000000694243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a59128c71e4c522023-02-07 15:10:47.596root 11241100x8000000000000000694242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2bccf4b8e02d072023-02-07 15:10:47.596root 11241100x8000000000000000694241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b11464ef9ce6072023-02-07 15:10:47.596root 11241100x8000000000000000694240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75429069a45204ba2023-02-07 15:10:47.596root 11241100x8000000000000000694251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e51de7af2ec2622023-02-07 15:10:47.597root 11241100x8000000000000000694250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab23950b9bb2d1392023-02-07 15:10:47.597root 11241100x8000000000000000694249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224c932506bba49f2023-02-07 15:10:47.597root 11241100x8000000000000000694248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ae5e9ea40555272023-02-07 15:10:47.597root 11241100x8000000000000000694247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c27f345950a3882023-02-07 15:10:47.597root 11241100x8000000000000000694257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2ef0b1cf73a0ee2023-02-07 15:10:47.598root 11241100x8000000000000000694256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91ed7bf3348287b2023-02-07 15:10:47.598root 11241100x8000000000000000694255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326ef81550a586302023-02-07 15:10:47.598root 11241100x8000000000000000694254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9ce448ae559a3c2023-02-07 15:10:47.598root 11241100x8000000000000000694253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e8ad221d744dd02023-02-07 15:10:47.598root 11241100x8000000000000000694252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c00083136a09b562023-02-07 15:10:47.598root 11241100x8000000000000000694258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:47.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0422d46cd614e52023-02-07 15:10:47.599root 11241100x8000000000000000694259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a993bafc451c628f2023-02-07 15:10:48.095root 11241100x8000000000000000694273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92679fb94c2889792023-02-07 15:10:48.096root 11241100x8000000000000000694272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89369dd6eb5e05952023-02-07 15:10:48.096root 11241100x8000000000000000694271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c029efffe056d712023-02-07 15:10:48.096root 11241100x8000000000000000694270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae133453dcafc76d2023-02-07 15:10:48.096root 11241100x8000000000000000694269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e0d35a558dae62023-02-07 15:10:48.096root 11241100x8000000000000000694268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f98fbbd1995ec2023-02-07 15:10:48.096root 11241100x8000000000000000694267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385a514cb3db9b942023-02-07 15:10:48.096root 11241100x8000000000000000694266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd87e35a6dca7fc2023-02-07 15:10:48.096root 11241100x8000000000000000694265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47f92d6bccc221c2023-02-07 15:10:48.096root 11241100x8000000000000000694264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8f17b39cfb13632023-02-07 15:10:48.096root 11241100x8000000000000000694263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e32e1e558ee0ff2023-02-07 15:10:48.096root 11241100x8000000000000000694262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ebfb5b57972a7b2023-02-07 15:10:48.096root 11241100x8000000000000000694261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692233c9b8315a982023-02-07 15:10:48.096root 11241100x8000000000000000694260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eec632a431aaf522023-02-07 15:10:48.096root 11241100x8000000000000000694280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64702233360d49702023-02-07 15:10:48.097root 11241100x8000000000000000694279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfef0acf20d6d692023-02-07 15:10:48.097root 11241100x8000000000000000694278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d99f284c1586b652023-02-07 15:10:48.097root 11241100x8000000000000000694277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b71134a2a9301c22023-02-07 15:10:48.097root 11241100x8000000000000000694276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9b7480555198922023-02-07 15:10:48.097root 11241100x8000000000000000694275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae2c63c18b0e9f92023-02-07 15:10:48.097root 11241100x8000000000000000694274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f3d3af647f3ed2023-02-07 15:10:48.097root 11241100x8000000000000000694285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7ba520e996bf2b2023-02-07 15:10:48.595root 11241100x8000000000000000694284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692f9da674c12e232023-02-07 15:10:48.595root 11241100x8000000000000000694283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37fe51e9fe97fc2023-02-07 15:10:48.595root 11241100x8000000000000000694282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7fa1e9e0a9c8282023-02-07 15:10:48.595root 11241100x8000000000000000694281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c745fb3cf5036a52023-02-07 15:10:48.595root 11241100x8000000000000000694295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79edfcd1c93a6f502023-02-07 15:10:48.596root 11241100x8000000000000000694294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c592c8038f40f51c2023-02-07 15:10:48.596root 11241100x8000000000000000694293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ddd1b9c21ae2f82023-02-07 15:10:48.596root 11241100x8000000000000000694292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8744aa2cea5ae5b22023-02-07 15:10:48.596root 11241100x8000000000000000694291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043a8748a98d97632023-02-07 15:10:48.596root 11241100x8000000000000000694290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5654187e618bd56d2023-02-07 15:10:48.596root 11241100x8000000000000000694289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e623d3b8b72042023-02-07 15:10:48.596root 11241100x8000000000000000694288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459c882b864c3def2023-02-07 15:10:48.596root 11241100x8000000000000000694287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97266535f90f8e0a2023-02-07 15:10:48.596root 11241100x8000000000000000694286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3b82842a5505a02023-02-07 15:10:48.596root 11241100x8000000000000000694301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4065b5d93f8602023-02-07 15:10:48.597root 11241100x8000000000000000694300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6e295636533d3a2023-02-07 15:10:48.597root 11241100x8000000000000000694299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab00c2c2cacad682023-02-07 15:10:48.597root 11241100x8000000000000000694298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d8f42f99fef0352023-02-07 15:10:48.597root 11241100x8000000000000000694297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeae7aad5a5411012023-02-07 15:10:48.597root 11241100x8000000000000000694296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3c406ff8b42c02023-02-07 15:10:48.597root 11241100x8000000000000000694303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf5287047477d942023-02-07 15:10:48.598root 11241100x8000000000000000694302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7511370b54735f2023-02-07 15:10:48.598root 11241100x8000000000000000694307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699ec8bb761e12c92023-02-07 15:10:49.095root 11241100x8000000000000000694306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d5b2bca789563d2023-02-07 15:10:49.095root 11241100x8000000000000000694305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0331dbf358a84882023-02-07 15:10:49.095root 11241100x8000000000000000694304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074dbbd449c3d44c2023-02-07 15:10:49.095root 11241100x8000000000000000694312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dcdf1ddfc6038a2023-02-07 15:10:49.096root 11241100x8000000000000000694311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1b75a8b7ff18ce2023-02-07 15:10:49.096root 11241100x8000000000000000694310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f3b35ea50016c2023-02-07 15:10:49.096root 11241100x8000000000000000694309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fca48e9d8c96ec32023-02-07 15:10:49.096root 11241100x8000000000000000694308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632525c66cb862d52023-02-07 15:10:49.096root 11241100x8000000000000000694320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8e362cde1361c22023-02-07 15:10:49.097root 11241100x8000000000000000694319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ba4272571b67d02023-02-07 15:10:49.097root 11241100x8000000000000000694318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e168e6b0c4f8991b2023-02-07 15:10:49.097root 11241100x8000000000000000694317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833c1a56c6b9275c2023-02-07 15:10:49.097root 11241100x8000000000000000694316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7115033a7aafb2023-02-07 15:10:49.097root 11241100x8000000000000000694315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71ad47087b14cd42023-02-07 15:10:49.097root 11241100x8000000000000000694314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15cd8bb60c31d172023-02-07 15:10:49.097root 11241100x8000000000000000694313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ffee19ea9b5d582023-02-07 15:10:49.097root 11241100x8000000000000000694327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3654db73d74c41122023-02-07 15:10:49.098root 11241100x8000000000000000694326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d1a6a2cb7028c12023-02-07 15:10:49.098root 11241100x8000000000000000694325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904a50ed2a8af5692023-02-07 15:10:49.098root 11241100x8000000000000000694324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6faa91dbb0f9492023-02-07 15:10:49.098root 11241100x8000000000000000694323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8949db5769b9122a2023-02-07 15:10:49.098root 11241100x8000000000000000694322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b47426bb15887692023-02-07 15:10:49.098root 11241100x8000000000000000694321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe46384862201fe2023-02-07 15:10:49.098root 11241100x8000000000000000694328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee9472d3eb820ff2023-02-07 15:10:49.099root 154100x8000000000000000694329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.132{ec244aba-69f9-63e2-6854-8dbd82550000}6102/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000694330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.144{ec244aba-69f9-63e2-6854-8dbd82550000}6102/bin/psroot 11241100x8000000000000000694334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01268ef275136022023-02-07 15:10:49.595root 11241100x8000000000000000694333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a42358ffc0eaf2023-02-07 15:10:49.595root 11241100x8000000000000000694332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a3cb703121f8592023-02-07 15:10:49.595root 11241100x8000000000000000694331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fddbbb34c4d4452023-02-07 15:10:49.595root 11241100x8000000000000000694341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a745084f99522262023-02-07 15:10:49.596root 11241100x8000000000000000694340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd35716b4e260e42023-02-07 15:10:49.596root 11241100x8000000000000000694339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df29b84bfecd3912023-02-07 15:10:49.596root 11241100x8000000000000000694338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac5edfa6e9d44322023-02-07 15:10:49.596root 11241100x8000000000000000694337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364562c2a2c89f402023-02-07 15:10:49.596root 11241100x8000000000000000694336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912bec8222fb5dc92023-02-07 15:10:49.596root 11241100x8000000000000000694335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf16adcf800ccfd2023-02-07 15:10:49.596root 11241100x8000000000000000694351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e218cc4ef1d4464d2023-02-07 15:10:49.597root 11241100x8000000000000000694350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f4f289f0a3554e2023-02-07 15:10:49.597root 11241100x8000000000000000694349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a685e3e845c8f92023-02-07 15:10:49.597root 11241100x8000000000000000694348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8805ec3da6705f32023-02-07 15:10:49.597root 11241100x8000000000000000694347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af787d35bcff6962023-02-07 15:10:49.597root 11241100x8000000000000000694346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da68563133123ae2023-02-07 15:10:49.597root 11241100x8000000000000000694345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7b52f7fb90a6472023-02-07 15:10:49.597root 11241100x8000000000000000694344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f99e1916204b52023-02-07 15:10:49.597root 11241100x8000000000000000694343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cde71b88ea73e352023-02-07 15:10:49.597root 11241100x8000000000000000694342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c3a841d814bd6b2023-02-07 15:10:49.597root 11241100x8000000000000000694356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d309eb183e237b2023-02-07 15:10:49.598root 11241100x8000000000000000694355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07efdc17dec2a372023-02-07 15:10:49.598root 11241100x8000000000000000694354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7028847e45cadfbb2023-02-07 15:10:49.598root 11241100x8000000000000000694353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77bf3154927b91a2023-02-07 15:10:49.598root 11241100x8000000000000000694352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dc25d03098407c2023-02-07 15:10:49.598root 11241100x8000000000000000694361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c739a803c7243cc2023-02-07 15:10:50.095root 11241100x8000000000000000694360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea9a77466bc44912023-02-07 15:10:50.095root 11241100x8000000000000000694359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccb7f86be11b2a92023-02-07 15:10:50.095root 11241100x8000000000000000694358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7edce50428ff62c2023-02-07 15:10:50.095root 11241100x8000000000000000694357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497859ab356cf64e2023-02-07 15:10:50.095root 11241100x8000000000000000694370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e31fe1d87c8e4362023-02-07 15:10:50.096root 11241100x8000000000000000694369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f8bd0424d8fb1e2023-02-07 15:10:50.096root 11241100x8000000000000000694368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb533d312f7515582023-02-07 15:10:50.096root 11241100x8000000000000000694367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41471b7203c7d5a2023-02-07 15:10:50.096root 11241100x8000000000000000694366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7967c0a7e0a3998e2023-02-07 15:10:50.096root 11241100x8000000000000000694365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e94b84f85c2ed8a2023-02-07 15:10:50.096root 11241100x8000000000000000694364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e26cfb9a74d1d7b2023-02-07 15:10:50.096root 11241100x8000000000000000694363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ab8704dd2bc2ec2023-02-07 15:10:50.096root 11241100x8000000000000000694362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d85c4d315498152023-02-07 15:10:50.096root 11241100x8000000000000000694377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f3f8ba2852efcc2023-02-07 15:10:50.097root 11241100x8000000000000000694376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3287c609b6ad979b2023-02-07 15:10:50.097root 11241100x8000000000000000694375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f90f7d6a6d10c102023-02-07 15:10:50.097root 11241100x8000000000000000694374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b410aca9480da502023-02-07 15:10:50.097root 11241100x8000000000000000694373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d28e4806c8166c82023-02-07 15:10:50.097root 11241100x8000000000000000694372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56411540bb0b27c2023-02-07 15:10:50.097root 11241100x8000000000000000694371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7a10786c17c2552023-02-07 15:10:50.097root 11241100x8000000000000000694384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ee2d7e481005bc2023-02-07 15:10:50.098root 11241100x8000000000000000694383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d3c113cf934f432023-02-07 15:10:50.098root 11241100x8000000000000000694382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de02b8d385fb324c2023-02-07 15:10:50.098root 11241100x8000000000000000694381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea03db4c02f347e2023-02-07 15:10:50.098root 11241100x8000000000000000694380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f393dd5f53a48092023-02-07 15:10:50.098root 11241100x8000000000000000694379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b4870c0ff7ccf72023-02-07 15:10:50.098root 11241100x8000000000000000694378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0354a3966ff6ec902023-02-07 15:10:50.098root 11241100x8000000000000000694385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5246985cab3b84702023-02-07 15:10:50.099root 11241100x8000000000000000694389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e751158e6f4ccf02023-02-07 15:10:50.595root 11241100x8000000000000000694388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9ee05c2ca933f92023-02-07 15:10:50.595root 11241100x8000000000000000694387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ee48d5aaf5187d2023-02-07 15:10:50.595root 11241100x8000000000000000694386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47d2ac3776f9b6f2023-02-07 15:10:50.595root 11241100x8000000000000000694396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e725a4c4e3d9a0082023-02-07 15:10:50.596root 11241100x8000000000000000694395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27340318913bf0f82023-02-07 15:10:50.596root 11241100x8000000000000000694394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f9ab528402b2412023-02-07 15:10:50.596root 11241100x8000000000000000694393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a003d07ec4a6d7d2023-02-07 15:10:50.596root 11241100x8000000000000000694392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa04c80f1c27daf2023-02-07 15:10:50.596root 11241100x8000000000000000694391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee9ac472a2537622023-02-07 15:10:50.596root 11241100x8000000000000000694390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1b254c51a0c0a02023-02-07 15:10:50.596root 11241100x8000000000000000694403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bddaac941628382023-02-07 15:10:50.597root 11241100x8000000000000000694402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244a544b05133fd12023-02-07 15:10:50.597root 11241100x8000000000000000694401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63433891d8002f0b2023-02-07 15:10:50.597root 11241100x8000000000000000694400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ecb220588954402023-02-07 15:10:50.597root 11241100x8000000000000000694399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509f2d1a1d8dbc3b2023-02-07 15:10:50.597root 11241100x8000000000000000694398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ff55f7685e18ee2023-02-07 15:10:50.597root 11241100x8000000000000000694397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c705a9ab5b05442023-02-07 15:10:50.597root 11241100x8000000000000000694406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c4a598982159e82023-02-07 15:10:50.598root 11241100x8000000000000000694405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83800b08aebcb1232023-02-07 15:10:50.598root 11241100x8000000000000000694404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7206956d39ec1a2023-02-07 15:10:50.598root 11241100x8000000000000000694411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd3e162b9afaad52023-02-07 15:10:50.599root 11241100x8000000000000000694410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8454cd219e86eba2023-02-07 15:10:50.599root 11241100x8000000000000000694409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36f65c45accd7e72023-02-07 15:10:50.599root 11241100x8000000000000000694408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78afcbbdf503f26e2023-02-07 15:10:50.599root 11241100x8000000000000000694407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299a91497d92b5882023-02-07 15:10:50.599root 11241100x8000000000000000694416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f5dbe9ccaf89422023-02-07 15:10:51.095root 11241100x8000000000000000694415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d5288dac3a8ff72023-02-07 15:10:51.095root 11241100x8000000000000000694414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aebde7d6b343402023-02-07 15:10:51.095root 11241100x8000000000000000694413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3204e14beb7027972023-02-07 15:10:51.095root 11241100x8000000000000000694412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22501f45a2b0c722023-02-07 15:10:51.095root 11241100x8000000000000000694423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cac3b557a041202023-02-07 15:10:51.096root 11241100x8000000000000000694422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa123cd2c44391572023-02-07 15:10:51.096root 11241100x8000000000000000694421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a470e56f95db9d822023-02-07 15:10:51.096root 11241100x8000000000000000694420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d35bec47583c8372023-02-07 15:10:51.096root 11241100x8000000000000000694419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1292fa6e057823f42023-02-07 15:10:51.096root 11241100x8000000000000000694418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9613be456a7732802023-02-07 15:10:51.096root 11241100x8000000000000000694417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ca60c0faab00472023-02-07 15:10:51.096root 11241100x8000000000000000694430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59ce2a1ab0eeed42023-02-07 15:10:51.097root 11241100x8000000000000000694429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ecf13eb97fe1482023-02-07 15:10:51.097root 11241100x8000000000000000694428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4aad2c5c8b98ff2023-02-07 15:10:51.097root 11241100x8000000000000000694427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaac13b108005202023-02-07 15:10:51.097root 11241100x8000000000000000694426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd2d236e1e305b92023-02-07 15:10:51.097root 11241100x8000000000000000694425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d95813a99bf3cd42023-02-07 15:10:51.097root 11241100x8000000000000000694424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a0f9928a13c6442023-02-07 15:10:51.097root 11241100x8000000000000000694436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e4f1889550f7872023-02-07 15:10:51.098root 11241100x8000000000000000694435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77648779fdc9d82023-02-07 15:10:51.098root 11241100x8000000000000000694434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98d50b501f9dc62023-02-07 15:10:51.098root 11241100x8000000000000000694433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cc9b1b8f97455d2023-02-07 15:10:51.098root 11241100x8000000000000000694432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c278e289d093bf2023-02-07 15:10:51.098root 11241100x8000000000000000694431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22962bbeafd20c2023-02-07 15:10:51.098root 11241100x8000000000000000694437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ce36160bbf65962023-02-07 15:10:51.099root 11241100x8000000000000000694440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481ac12468da92922023-02-07 15:10:51.595root 11241100x8000000000000000694439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdddde6ce430a1a72023-02-07 15:10:51.595root 11241100x8000000000000000694438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb462c31c5543d362023-02-07 15:10:51.595root 11241100x8000000000000000694445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ccc6b04c4593482023-02-07 15:10:51.596root 11241100x8000000000000000694444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27405c37d678f5772023-02-07 15:10:51.596root 11241100x8000000000000000694443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64982c29d1641bd42023-02-07 15:10:51.596root 11241100x8000000000000000694442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab3f8c824540c0f2023-02-07 15:10:51.596root 11241100x8000000000000000694441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2af975b2bdfaab42023-02-07 15:10:51.596root 11241100x8000000000000000694455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25d00c81da7f0442023-02-07 15:10:51.597root 11241100x8000000000000000694454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6b06f92b09e9362023-02-07 15:10:51.597root 11241100x8000000000000000694453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73338714e8f96392023-02-07 15:10:51.597root 11241100x8000000000000000694452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfa76d4510ed0062023-02-07 15:10:51.597root 11241100x8000000000000000694451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a3e775220355af2023-02-07 15:10:51.597root 11241100x8000000000000000694450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8205616f823c67442023-02-07 15:10:51.597root 11241100x8000000000000000694449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8eac899656180372023-02-07 15:10:51.597root 11241100x8000000000000000694448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776124535e4097c2023-02-07 15:10:51.597root 11241100x8000000000000000694447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2438af4120b91a82023-02-07 15:10:51.597root 11241100x8000000000000000694446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2802abbc65436332023-02-07 15:10:51.597root 11241100x8000000000000000694460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992814d083e725d2023-02-07 15:10:51.598root 11241100x8000000000000000694459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac2a3854d89f3462023-02-07 15:10:51.598root 11241100x8000000000000000694458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6eb5e402d524272023-02-07 15:10:51.598root 11241100x8000000000000000694457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f8c79c6389fe1b2023-02-07 15:10:51.598root 11241100x8000000000000000694456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4cc64d51bdddf2023-02-07 15:10:51.598root 11241100x8000000000000000694464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c55fb7b4d135a372023-02-07 15:10:51.599root 11241100x8000000000000000694463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e24f0ff943ae522023-02-07 15:10:51.599root 11241100x8000000000000000694462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5a1b009392da772023-02-07 15:10:51.599root 11241100x8000000000000000694461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864648ea449adbcd2023-02-07 15:10:51.599root 354300x8000000000000000694465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.049{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47890-false10.0.1.12-8000- 11241100x8000000000000000694469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb441022ca029cb2023-02-07 15:10:52.050root 11241100x8000000000000000694468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becaab0faa773fb52023-02-07 15:10:52.050root 11241100x8000000000000000694467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8c75306aa77b802023-02-07 15:10:52.050root 11241100x8000000000000000694466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ba6d06fef07ec32023-02-07 15:10:52.050root 11241100x8000000000000000694474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5578e30751a2dc5f2023-02-07 15:10:52.051root 11241100x8000000000000000694473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5db9ec57158e52023-02-07 15:10:52.051root 11241100x8000000000000000694472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb1034a1732d582023-02-07 15:10:52.051root 11241100x8000000000000000694471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780f045010cbb11b2023-02-07 15:10:52.051root 11241100x8000000000000000694470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad213f70460c2c62023-02-07 15:10:52.051root 11241100x8000000000000000694482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92a54b6a213398b2023-02-07 15:10:52.052root 11241100x8000000000000000694481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c324b49caeee9932023-02-07 15:10:52.052root 11241100x8000000000000000694480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706a517bef9c1a12023-02-07 15:10:52.052root 11241100x8000000000000000694479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6125cf2b6d7fcc2023-02-07 15:10:52.052root 11241100x8000000000000000694478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0c18322b0f36fd2023-02-07 15:10:52.052root 11241100x8000000000000000694477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a55e1ce6eb95b2d2023-02-07 15:10:52.052root 11241100x8000000000000000694476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffffeb50ecff4d92023-02-07 15:10:52.052root 11241100x8000000000000000694475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd6d11dbb4c09f62023-02-07 15:10:52.052root 11241100x8000000000000000694489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd5f80ea028bf4a2023-02-07 15:10:52.053root 11241100x8000000000000000694488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11dd6f117ecf1452023-02-07 15:10:52.053root 11241100x8000000000000000694487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf86bfa6e33b99c02023-02-07 15:10:52.053root 11241100x8000000000000000694486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d0c2b026bf8102023-02-07 15:10:52.053root 11241100x8000000000000000694485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d39c0ace72131e2023-02-07 15:10:52.053root 11241100x8000000000000000694484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d904c537b383a6152023-02-07 15:10:52.053root 11241100x8000000000000000694483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4529d9a8e5fa564a2023-02-07 15:10:52.053root 11241100x8000000000000000694493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c349746265061a2023-02-07 15:10:52.054root 11241100x8000000000000000694492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1242611246541cea2023-02-07 15:10:52.054root 11241100x8000000000000000694491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67314a947b3c8a1c2023-02-07 15:10:52.054root 11241100x8000000000000000694490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ebccdd34eb52342023-02-07 15:10:52.054root 11241100x8000000000000000694494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2e6c07e781480b2023-02-07 15:10:52.345root 11241100x8000000000000000694506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee67a6616624f1452023-02-07 15:10:52.346root 11241100x8000000000000000694505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9634c8c7c5c1a8b32023-02-07 15:10:52.346root 11241100x8000000000000000694504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b5600f86e531632023-02-07 15:10:52.346root 11241100x8000000000000000694503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0bb2f2d5e16b262023-02-07 15:10:52.346root 11241100x8000000000000000694502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbc8cbac68227a22023-02-07 15:10:52.346root 11241100x8000000000000000694501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d285cd33ac117512023-02-07 15:10:52.346root 11241100x8000000000000000694500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842da0d886ebbde2023-02-07 15:10:52.346root 11241100x8000000000000000694499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfa7507b45868f12023-02-07 15:10:52.346root 11241100x8000000000000000694498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ce456e7f67424a2023-02-07 15:10:52.346root 11241100x8000000000000000694497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545d74f850c2e2992023-02-07 15:10:52.346root 11241100x8000000000000000694496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372aba42eacb1ba12023-02-07 15:10:52.346root 11241100x8000000000000000694495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc0426e651819e22023-02-07 15:10:52.346root 11241100x8000000000000000694517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcc690def62e1de2023-02-07 15:10:52.347root 11241100x8000000000000000694516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76afdb39f7d530d42023-02-07 15:10:52.347root 11241100x8000000000000000694515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea994bb5bae96bf2023-02-07 15:10:52.347root 11241100x8000000000000000694514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e10e958b46de7892023-02-07 15:10:52.347root 11241100x8000000000000000694513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc6823e2b744f4a2023-02-07 15:10:52.347root 11241100x8000000000000000694512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9847a7c23f886f2023-02-07 15:10:52.347root 11241100x8000000000000000694511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b806035363a8a82023-02-07 15:10:52.347root 11241100x8000000000000000694510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca313d74c7be2fd62023-02-07 15:10:52.347root 11241100x8000000000000000694509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6937d6ab3fb4a0382023-02-07 15:10:52.347root 11241100x8000000000000000694508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b01410546385ee2023-02-07 15:10:52.347root 11241100x8000000000000000694507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7973072d59b1b7262023-02-07 15:10:52.347root 11241100x8000000000000000694518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a89f63e91e120042023-02-07 15:10:52.845root 11241100x8000000000000000694532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92addfa907c4f372023-02-07 15:10:52.846root 11241100x8000000000000000694531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b327cebe0ac3ab3f2023-02-07 15:10:52.846root 11241100x8000000000000000694530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9349739cec9b7b52023-02-07 15:10:52.846root 11241100x8000000000000000694529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed29a3d4db039932023-02-07 15:10:52.846root 11241100x8000000000000000694528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe2e928f1ccfd72023-02-07 15:10:52.846root 11241100x8000000000000000694527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae5dcf216cf559b2023-02-07 15:10:52.846root 11241100x8000000000000000694526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bf1a87db78be332023-02-07 15:10:52.846root 11241100x8000000000000000694525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3713bce8ccd040b2023-02-07 15:10:52.846root 11241100x8000000000000000694524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e52da756ce8d6942023-02-07 15:10:52.846root 11241100x8000000000000000694523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4587ba05275a972023-02-07 15:10:52.846root 11241100x8000000000000000694522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef2f7990edd33ad2023-02-07 15:10:52.846root 11241100x8000000000000000694521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c021786e1d5f1532023-02-07 15:10:52.846root 11241100x8000000000000000694520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c98c7886675d5382023-02-07 15:10:52.846root 11241100x8000000000000000694519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f140e8d6fa0e122023-02-07 15:10:52.846root 11241100x8000000000000000694541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83812d40a83e60712023-02-07 15:10:52.847root 11241100x8000000000000000694540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9238b612c9166f992023-02-07 15:10:52.847root 11241100x8000000000000000694539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03a5047b5a3f4912023-02-07 15:10:52.847root 11241100x8000000000000000694538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb828c78168106b92023-02-07 15:10:52.847root 11241100x8000000000000000694537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e244446c14737ab2023-02-07 15:10:52.847root 11241100x8000000000000000694536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed1a6cd278bd662023-02-07 15:10:52.847root 11241100x8000000000000000694535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bd94dedb310ce2023-02-07 15:10:52.847root 11241100x8000000000000000694534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb70a32db384352023-02-07 15:10:52.847root 11241100x8000000000000000694533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffac9dc41c37c602023-02-07 15:10:52.847root 11241100x8000000000000000694542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f56604d8cb174912023-02-07 15:10:53.345root 11241100x8000000000000000694547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fab30a61fbde0d2023-02-07 15:10:53.346root 11241100x8000000000000000694546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f28c999ff168012023-02-07 15:10:53.346root 11241100x8000000000000000694545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dfb2d4b8e1a0a42023-02-07 15:10:53.346root 11241100x8000000000000000694544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73904031b661e9f2023-02-07 15:10:53.346root 11241100x8000000000000000694543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcce48f8dba0e052023-02-07 15:10:53.346root 11241100x8000000000000000694561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df319a32759a85752023-02-07 15:10:53.347root 11241100x8000000000000000694560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069b31aae68e63c82023-02-07 15:10:53.347root 11241100x8000000000000000694559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dee070a5c6662e62023-02-07 15:10:53.347root 11241100x8000000000000000694558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80022c62121f9002023-02-07 15:10:53.347root 11241100x8000000000000000694557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e098d51ab6cc3222023-02-07 15:10:53.347root 11241100x8000000000000000694556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1022e4130dea95a02023-02-07 15:10:53.347root 11241100x8000000000000000694555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29e372955dde0d72023-02-07 15:10:53.347root 11241100x8000000000000000694554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7d47fd79b3fef12023-02-07 15:10:53.347root 11241100x8000000000000000694553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064206e68029dcaa2023-02-07 15:10:53.347root 11241100x8000000000000000694552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ac385a4ca35a02023-02-07 15:10:53.347root 11241100x8000000000000000694551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a650f5a57de36af52023-02-07 15:10:53.347root 11241100x8000000000000000694550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc90a2f2a416722023-02-07 15:10:53.347root 11241100x8000000000000000694549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a40989895a78cf42023-02-07 15:10:53.347root 11241100x8000000000000000694548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3307193bdf51172023-02-07 15:10:53.347root 11241100x8000000000000000694565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0639e66d5807e4b82023-02-07 15:10:53.348root 11241100x8000000000000000694564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591b00aefaaa1d392023-02-07 15:10:53.348root 11241100x8000000000000000694563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c9dc5bf3c75f02023-02-07 15:10:53.348root 11241100x8000000000000000694562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eacfb85e05d0d6e2023-02-07 15:10:53.348root 11241100x8000000000000000694566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786adba6752fb28d2023-02-07 15:10:53.845root 11241100x8000000000000000694570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbe4cf789303fb92023-02-07 15:10:53.846root 11241100x8000000000000000694569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2508f377d69433072023-02-07 15:10:53.846root 11241100x8000000000000000694568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6a6e6b015a345a2023-02-07 15:10:53.846root 11241100x8000000000000000694567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b08bf0dd626841d2023-02-07 15:10:53.846root 11241100x8000000000000000694579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8f268d7bddeeb62023-02-07 15:10:53.847root 11241100x8000000000000000694578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549279fad580992e2023-02-07 15:10:53.847root 11241100x8000000000000000694577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ea7ee71079b5f72023-02-07 15:10:53.847root 11241100x8000000000000000694576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2110431ad991f62023-02-07 15:10:53.847root 11241100x8000000000000000694575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b20a008bfe822b12023-02-07 15:10:53.847root 11241100x8000000000000000694574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76defdadf0f1b0ba2023-02-07 15:10:53.847root 11241100x8000000000000000694573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2bed0ff88b76c12023-02-07 15:10:53.847root 11241100x8000000000000000694572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2661afdce7151112023-02-07 15:10:53.847root 11241100x8000000000000000694571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e6eb3c79626c0e2023-02-07 15:10:53.847root 11241100x8000000000000000694584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3808b55708f141f2023-02-07 15:10:53.848root 11241100x8000000000000000694583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f55b5fd49b85c482023-02-07 15:10:53.848root 11241100x8000000000000000694582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709051b1e19af66a2023-02-07 15:10:53.848root 11241100x8000000000000000694581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a553d242e250f2023-02-07 15:10:53.848root 11241100x8000000000000000694580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfb44f48320261b2023-02-07 15:10:53.848root 11241100x8000000000000000694589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b564695347d5dc6a2023-02-07 15:10:53.849root 11241100x8000000000000000694588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e54218417fd45be2023-02-07 15:10:53.849root 11241100x8000000000000000694587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cc5f408236c1192023-02-07 15:10:53.849root 11241100x8000000000000000694586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3656c7553b0b2b162023-02-07 15:10:53.849root 11241100x8000000000000000694585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:53.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93eeacb55dd59d32023-02-07 15:10:53.849root 11241100x8000000000000000694596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a258fc5194dbe52023-02-07 15:10:54.346root 11241100x8000000000000000694595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d216c50ddb64e642023-02-07 15:10:54.346root 11241100x8000000000000000694594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7366a2db92e58142023-02-07 15:10:54.346root 11241100x8000000000000000694593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ad99cf92a66c32023-02-07 15:10:54.346root 11241100x8000000000000000694592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c67e4223df87d32023-02-07 15:10:54.346root 11241100x8000000000000000694591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6470cc71158c752023-02-07 15:10:54.346root 11241100x8000000000000000694590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec690eaaae8b6d1d2023-02-07 15:10:54.346root 11241100x8000000000000000694604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a81d3bc574d0522023-02-07 15:10:54.347root 11241100x8000000000000000694603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fd95d4b4cd34ed2023-02-07 15:10:54.347root 11241100x8000000000000000694602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df61c159dc396882023-02-07 15:10:54.347root 11241100x8000000000000000694601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9202acb401ef4f2023-02-07 15:10:54.347root 11241100x8000000000000000694600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c26b13db5686ff72023-02-07 15:10:54.347root 11241100x8000000000000000694599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee07356df53624db2023-02-07 15:10:54.347root 11241100x8000000000000000694598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1504aa5456b555b92023-02-07 15:10:54.347root 11241100x8000000000000000694597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8664217ac11549502023-02-07 15:10:54.347root 11241100x8000000000000000694612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1fca74e70fdbd02023-02-07 15:10:54.348root 11241100x8000000000000000694611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5684a63769e8462023-02-07 15:10:54.348root 11241100x8000000000000000694610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e29c44ff668abf2023-02-07 15:10:54.348root 11241100x8000000000000000694609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481d36f1c0a58bb42023-02-07 15:10:54.348root 11241100x8000000000000000694608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ab834ae3678be82023-02-07 15:10:54.348root 11241100x8000000000000000694607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa690e625333612023-02-07 15:10:54.348root 11241100x8000000000000000694606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9890a932b52898732023-02-07 15:10:54.348root 11241100x8000000000000000694605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144fa1d5e83d39d42023-02-07 15:10:54.348root 11241100x8000000000000000694613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e73565f1c6dfea62023-02-07 15:10:54.349root 11241100x8000000000000000694614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.731{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:10:54.731root 11241100x8000000000000000694616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3348bd34ff39b4712023-02-07 15:10:54.732root 11241100x8000000000000000694615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f510e28c2979c1332023-02-07 15:10:54.732root 11241100x8000000000000000694619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ef476bb22615c2023-02-07 15:10:54.733root 11241100x8000000000000000694618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1758b55b4f5a5f302023-02-07 15:10:54.733root 11241100x8000000000000000694617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf01d4f1584ee2b2023-02-07 15:10:54.733root 11241100x8000000000000000694623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcba56560f6f12f22023-02-07 15:10:54.734root 11241100x8000000000000000694622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5a5219b6e407c92023-02-07 15:10:54.734root 11241100x8000000000000000694621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6fe11261acdfce2023-02-07 15:10:54.734root 11241100x8000000000000000694620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca8655607a273722023-02-07 15:10:54.734root 11241100x8000000000000000694627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d115e3c59f734292023-02-07 15:10:54.735root 11241100x8000000000000000694626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa81249a30c11452023-02-07 15:10:54.735root 11241100x8000000000000000694625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da7ae59988515782023-02-07 15:10:54.735root 11241100x8000000000000000694624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761760b528f3bd92023-02-07 15:10:54.735root 11241100x8000000000000000694632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe09865ab599c2b2023-02-07 15:10:54.736root 11241100x8000000000000000694631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec1832e51ef402d2023-02-07 15:10:54.736root 11241100x8000000000000000694630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e773e272030e07682023-02-07 15:10:54.736root 11241100x8000000000000000694629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7aa5458990660e2023-02-07 15:10:54.736root 11241100x8000000000000000694628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276e311cd43cc5662023-02-07 15:10:54.736root 11241100x8000000000000000694636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6f17746ac7269d2023-02-07 15:10:54.737root 11241100x8000000000000000694635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c050ef3b300b89b2023-02-07 15:10:54.737root 11241100x8000000000000000694634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1acdb4f0905be22023-02-07 15:10:54.737root 11241100x8000000000000000694633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a937d6823f138072023-02-07 15:10:54.737root 11241100x8000000000000000694642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8ff56d0a51402f2023-02-07 15:10:54.739root 11241100x8000000000000000694641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3e72302f8693ad2023-02-07 15:10:54.739root 11241100x8000000000000000694640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ebf38885d185c92023-02-07 15:10:54.739root 11241100x8000000000000000694639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be77af677fcbe192023-02-07 15:10:54.739root 11241100x8000000000000000694638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1aa6ac4dd6dc8f2023-02-07 15:10:54.739root 11241100x8000000000000000694637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:54.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ba3359d743c56a2023-02-07 15:10:54.739root 11241100x8000000000000000694646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e104951d5f5b4a52023-02-07 15:10:55.095root 11241100x8000000000000000694645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5785a48b5dbf99ce2023-02-07 15:10:55.095root 11241100x8000000000000000694644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3e258e03ac32172023-02-07 15:10:55.095root 11241100x8000000000000000694643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aec7f6a8d010fb2023-02-07 15:10:55.095root 11241100x8000000000000000694656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4729cc3e7ea5f1c82023-02-07 15:10:55.096root 11241100x8000000000000000694655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd50ce9ff1cb36b2023-02-07 15:10:55.096root 11241100x8000000000000000694654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6f7b24cf0e7f4f2023-02-07 15:10:55.096root 11241100x8000000000000000694653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57981b7efcc87e192023-02-07 15:10:55.096root 11241100x8000000000000000694652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56c30b8479090702023-02-07 15:10:55.096root 11241100x8000000000000000694651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6d9b4a8f004152023-02-07 15:10:55.096root 11241100x8000000000000000694650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222bc9f2e54182b22023-02-07 15:10:55.096root 11241100x8000000000000000694649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fef0585fbb40d602023-02-07 15:10:55.096root 11241100x8000000000000000694648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c397113f3c1f7eb2023-02-07 15:10:55.096root 11241100x8000000000000000694647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ab2cd6b6de6fdd2023-02-07 15:10:55.096root 11241100x8000000000000000694665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7840cb25a93a1d332023-02-07 15:10:55.097root 11241100x8000000000000000694664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c61638a12305922023-02-07 15:10:55.097root 11241100x8000000000000000694663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad281926baf6ddf52023-02-07 15:10:55.097root 11241100x8000000000000000694662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c2f071767027dc2023-02-07 15:10:55.097root 11241100x8000000000000000694661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d084464d3bc34aa2023-02-07 15:10:55.097root 11241100x8000000000000000694660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae5ef77522da2c72023-02-07 15:10:55.097root 11241100x8000000000000000694659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409114215ee2a0c92023-02-07 15:10:55.097root 11241100x8000000000000000694658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d00a5752e0dd442023-02-07 15:10:55.097root 11241100x8000000000000000694657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ab9796285bb92b2023-02-07 15:10:55.097root 11241100x8000000000000000694668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1276feaa802ac32023-02-07 15:10:55.098root 11241100x8000000000000000694667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e968f4570d6cc912023-02-07 15:10:55.098root 11241100x8000000000000000694666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d163b10faaba2cc2023-02-07 15:10:55.098root 11241100x8000000000000000694677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ddc022015de11c2023-02-07 15:10:55.596root 11241100x8000000000000000694676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0429c610955f61472023-02-07 15:10:55.596root 11241100x8000000000000000694675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e00a03e3503db12023-02-07 15:10:55.596root 11241100x8000000000000000694674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7270d6764ec52e62023-02-07 15:10:55.596root 11241100x8000000000000000694673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ccbf3ef7c95e542023-02-07 15:10:55.596root 11241100x8000000000000000694672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf2084de7cc92d62023-02-07 15:10:55.596root 11241100x8000000000000000694671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799984f220f141e12023-02-07 15:10:55.596root 11241100x8000000000000000694670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd7484f7a12422b2023-02-07 15:10:55.596root 11241100x8000000000000000694669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b2c905f09ddb812023-02-07 15:10:55.596root 11241100x8000000000000000694687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8feabfab0af5ee2023-02-07 15:10:55.597root 11241100x8000000000000000694686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9903d4b632a96ac22023-02-07 15:10:55.597root 11241100x8000000000000000694685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b6d8d5781779a52023-02-07 15:10:55.597root 11241100x8000000000000000694684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb0a4651eb9e4372023-02-07 15:10:55.597root 11241100x8000000000000000694683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61df9517d6f8daa2023-02-07 15:10:55.597root 11241100x8000000000000000694682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd85d41a930c9342023-02-07 15:10:55.597root 11241100x8000000000000000694681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391d6077304816fc2023-02-07 15:10:55.597root 11241100x8000000000000000694680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5465d4ade82012023-02-07 15:10:55.597root 11241100x8000000000000000694679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4715615bb1bafc1a2023-02-07 15:10:55.597root 11241100x8000000000000000694678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6a56bed6b0a9cd2023-02-07 15:10:55.597root 11241100x8000000000000000694693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02599de465069e12023-02-07 15:10:55.598root 11241100x8000000000000000694692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c057e2f5951f2252023-02-07 15:10:55.598root 11241100x8000000000000000694691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579fc2373ba540a12023-02-07 15:10:55.598root 11241100x8000000000000000694690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c126a3d9bc0884512023-02-07 15:10:55.598root 11241100x8000000000000000694689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca24ac0ad02e1a842023-02-07 15:10:55.598root 11241100x8000000000000000694688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb6784d933d1a4c2023-02-07 15:10:55.598root 11241100x8000000000000000694697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13729d97fe6ef7e22023-02-07 15:10:56.095root 11241100x8000000000000000694696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7555c4fe031c3f2023-02-07 15:10:56.095root 11241100x8000000000000000694695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89f6aef698fbcbf2023-02-07 15:10:56.095root 11241100x8000000000000000694694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8846dcdb42192e2023-02-07 15:10:56.095root 11241100x8000000000000000694703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea306cc08ae97a032023-02-07 15:10:56.096root 11241100x8000000000000000694702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73704a7fe1f5b6b32023-02-07 15:10:56.096root 11241100x8000000000000000694701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f0573cfbdf39d22023-02-07 15:10:56.096root 11241100x8000000000000000694700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815e552f6d4da29e2023-02-07 15:10:56.096root 11241100x8000000000000000694699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf7e033d98f7f722023-02-07 15:10:56.096root 11241100x8000000000000000694698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf743c9b9d9c6972023-02-07 15:10:56.096root 11241100x8000000000000000694711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7408b5774b89d17c2023-02-07 15:10:56.097root 11241100x8000000000000000694710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9476d7f18d9255aa2023-02-07 15:10:56.097root 11241100x8000000000000000694709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d64740d8094ec5d2023-02-07 15:10:56.097root 11241100x8000000000000000694708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e711b33a8264209f2023-02-07 15:10:56.097root 11241100x8000000000000000694707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6691a648b522c8d22023-02-07 15:10:56.097root 11241100x8000000000000000694706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432169e6538925d72023-02-07 15:10:56.097root 11241100x8000000000000000694705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb822b71ac33a32023-02-07 15:10:56.097root 11241100x8000000000000000694704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1395061bc26e329e2023-02-07 15:10:56.097root 11241100x8000000000000000694716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e187a105031f25592023-02-07 15:10:56.098root 11241100x8000000000000000694715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aafa9c5b71a73e62023-02-07 15:10:56.098root 11241100x8000000000000000694714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb39aa3d087f9fb2023-02-07 15:10:56.098root 11241100x8000000000000000694713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf687a9b6c7e2622023-02-07 15:10:56.098root 11241100x8000000000000000694712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd4a780e8b1b60b2023-02-07 15:10:56.098root 11241100x8000000000000000694719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcb5d8e98a71d322023-02-07 15:10:56.099root 11241100x8000000000000000694718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0590ff16617b0cb2023-02-07 15:10:56.099root 11241100x8000000000000000694717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2cecd13c1a79af2023-02-07 15:10:56.099root 11241100x8000000000000000694724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1be0e57b7910632023-02-07 15:10:56.595root 11241100x8000000000000000694723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f46be7ff96b352023-02-07 15:10:56.595root 11241100x8000000000000000694722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366a3925cb49c9e42023-02-07 15:10:56.595root 11241100x8000000000000000694721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa45ebd899c2549a2023-02-07 15:10:56.595root 11241100x8000000000000000694720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f4f62516f03bf2023-02-07 15:10:56.595root 11241100x8000000000000000694731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a2aa727581c92d2023-02-07 15:10:56.596root 11241100x8000000000000000694730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524f91bd47693e32023-02-07 15:10:56.596root 11241100x8000000000000000694729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fa53dfab84184d2023-02-07 15:10:56.596root 11241100x8000000000000000694728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae72a0f4cd2b8a2a2023-02-07 15:10:56.596root 11241100x8000000000000000694727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed4f4cabfb883962023-02-07 15:10:56.596root 11241100x8000000000000000694726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba455387affdaf92023-02-07 15:10:56.596root 11241100x8000000000000000694725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a09c831fe37bc62023-02-07 15:10:56.596root 11241100x8000000000000000694741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410164e3a4296b362023-02-07 15:10:56.597root 11241100x8000000000000000694740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1c2b6d97c6a90b2023-02-07 15:10:56.597root 11241100x8000000000000000694739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24fa2c279539a852023-02-07 15:10:56.597root 11241100x8000000000000000694738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75a4e1f2983cab22023-02-07 15:10:56.597root 11241100x8000000000000000694737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371a971be3c50a512023-02-07 15:10:56.597root 11241100x8000000000000000694736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce4ab6acdb207b42023-02-07 15:10:56.597root 11241100x8000000000000000694735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b94f844ca9a6b2023-02-07 15:10:56.597root 11241100x8000000000000000694734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d389663f1c7556e2023-02-07 15:10:56.597root 11241100x8000000000000000694733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63a1cdb211269482023-02-07 15:10:56.597root 11241100x8000000000000000694732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773383623a8518fb2023-02-07 15:10:56.597root 11241100x8000000000000000694745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19448caecd87420b2023-02-07 15:10:56.598root 11241100x8000000000000000694744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43f19fbd1296ee2023-02-07 15:10:56.598root 11241100x8000000000000000694743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a52f46255014272023-02-07 15:10:56.598root 11241100x8000000000000000694742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578b5077c3c2162a2023-02-07 15:10:56.598root 11241100x8000000000000000694747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e56a4c726667b82023-02-07 15:10:56.599root 11241100x8000000000000000694746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8519b7b082afc5e52023-02-07 15:10:56.599root 11241100x8000000000000000694748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:56.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131cbe26305cfeba2023-02-07 15:10:56.604root 11241100x8000000000000000694750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaa92e26e48fd2d2023-02-07 15:10:57.095root 11241100x8000000000000000694749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9f6509fca026a52023-02-07 15:10:57.095root 11241100x8000000000000000694756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f7d1127b8c89772023-02-07 15:10:57.096root 11241100x8000000000000000694755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b221f6cb94ff9a2023-02-07 15:10:57.096root 11241100x8000000000000000694754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f14375384fb45d2023-02-07 15:10:57.096root 11241100x8000000000000000694753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98889d8975434c92023-02-07 15:10:57.096root 11241100x8000000000000000694752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e842b19fc950a2023-02-07 15:10:57.096root 11241100x8000000000000000694751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767536ffaed8fce12023-02-07 15:10:57.096root 11241100x8000000000000000694760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a03e91e71a234f92023-02-07 15:10:57.097root 11241100x8000000000000000694759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b770a843cd3792023-02-07 15:10:57.097root 11241100x8000000000000000694758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954b639e5f0bfb9e2023-02-07 15:10:57.097root 11241100x8000000000000000694757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1347f32a9092902023-02-07 15:10:57.097root 11241100x8000000000000000694764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02eaa7d1b30f695c2023-02-07 15:10:57.098root 11241100x8000000000000000694763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dea202fb741b372023-02-07 15:10:57.098root 11241100x8000000000000000694762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594cbcfcbcfb217a2023-02-07 15:10:57.098root 11241100x8000000000000000694761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316244c537288fa2023-02-07 15:10:57.098root 11241100x8000000000000000694769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f5876668f533292023-02-07 15:10:57.099root 11241100x8000000000000000694768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103d458d005d7cb52023-02-07 15:10:57.099root 11241100x8000000000000000694767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ab0330a7cf80df2023-02-07 15:10:57.099root 11241100x8000000000000000694766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657ee49370d172042023-02-07 15:10:57.099root 11241100x8000000000000000694765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc86a92e6dcf7e972023-02-07 15:10:57.099root 11241100x8000000000000000694773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe4056cebbef9e52023-02-07 15:10:57.100root 11241100x8000000000000000694772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0895785c9f0a74542023-02-07 15:10:57.100root 11241100x8000000000000000694771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d056234da984a6452023-02-07 15:10:57.100root 11241100x8000000000000000694770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d533d6baa42eb22023-02-07 15:10:57.100root 11241100x8000000000000000694774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59868073ab9e07e82023-02-07 15:10:57.101root 354300x8000000000000000694775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.182{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44604-false10.0.1.12-8000- 11241100x8000000000000000694780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57df14c6d50d9cc02023-02-07 15:10:57.595root 11241100x8000000000000000694779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5027c1c6b2742a372023-02-07 15:10:57.595root 11241100x8000000000000000694778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d482b43c9935f402023-02-07 15:10:57.595root 11241100x8000000000000000694777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6696d29fabd02e2023-02-07 15:10:57.595root 11241100x8000000000000000694776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b7b5ef07350f0e2023-02-07 15:10:57.595root 11241100x8000000000000000694789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939749774958e5862023-02-07 15:10:57.596root 11241100x8000000000000000694788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718394fe64b243402023-02-07 15:10:57.596root 11241100x8000000000000000694787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a58426e23ac883f2023-02-07 15:10:57.596root 11241100x8000000000000000694786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1816fe57cf157c072023-02-07 15:10:57.596root 11241100x8000000000000000694785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4321f9974bcb72092023-02-07 15:10:57.596root 11241100x8000000000000000694784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b81eff0d31aa2a72023-02-07 15:10:57.596root 11241100x8000000000000000694783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897cef0e5d4250392023-02-07 15:10:57.596root 11241100x8000000000000000694782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bd1c3191ca9b062023-02-07 15:10:57.596root 11241100x8000000000000000694781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a5c6b7d06c67662023-02-07 15:10:57.596root 11241100x8000000000000000694798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1dc2d5da4853f2023-02-07 15:10:57.597root 11241100x8000000000000000694797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5983f5a9e1752b422023-02-07 15:10:57.597root 11241100x8000000000000000694796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74823c0144910d882023-02-07 15:10:57.597root 11241100x8000000000000000694795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873e137102f8d3b32023-02-07 15:10:57.597root 11241100x8000000000000000694794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb6c6a2cae891e12023-02-07 15:10:57.597root 11241100x8000000000000000694793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2243740be74b78442023-02-07 15:10:57.597root 11241100x8000000000000000694792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316786c4edecc622023-02-07 15:10:57.597root 11241100x8000000000000000694791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e91cd6b425e4882023-02-07 15:10:57.597root 11241100x8000000000000000694790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e277795b931eca9a2023-02-07 15:10:57.597root 11241100x8000000000000000694803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c197022e89a6792023-02-07 15:10:57.598root 11241100x8000000000000000694802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac7cf8d03775b72023-02-07 15:10:57.598root 11241100x8000000000000000694801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a339d4b8238a5fe22023-02-07 15:10:57.598root 11241100x8000000000000000694800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f3f08842de9d82023-02-07 15:10:57.598root 11241100x8000000000000000694799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0905f582bc43bdc2023-02-07 15:10:57.598root 11241100x8000000000000000694808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11edb024a605142023-02-07 15:10:57.599root 11241100x8000000000000000694807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1193420ddbbfb7672023-02-07 15:10:57.599root 11241100x8000000000000000694806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b3f7e10f58c6c12023-02-07 15:10:57.599root 11241100x8000000000000000694805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa5b420a90c53702023-02-07 15:10:57.599root 11241100x8000000000000000694804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2dc63a192bfdc92023-02-07 15:10:57.599root 23542300x8000000000000000694809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:57.733{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000694811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e899cd24d43445ab2023-02-07 15:10:58.095root 11241100x8000000000000000694810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e077d222ae82e2023-02-07 15:10:58.095root 11241100x8000000000000000694816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e6a913985b12c22023-02-07 15:10:58.096root 11241100x8000000000000000694815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a22db595974ed92023-02-07 15:10:58.096root 11241100x8000000000000000694814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414dfc18b96966b42023-02-07 15:10:58.096root 11241100x8000000000000000694813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3daea4bccaef1482023-02-07 15:10:58.096root 11241100x8000000000000000694812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ceda038780e8262023-02-07 15:10:58.096root 11241100x8000000000000000694820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92450d2368c147ab2023-02-07 15:10:58.097root 11241100x8000000000000000694819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dae7440e02cec672023-02-07 15:10:58.097root 11241100x8000000000000000694818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed9a3dd72e92eea2023-02-07 15:10:58.097root 11241100x8000000000000000694817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319b52a135b32a6f2023-02-07 15:10:58.097root 11241100x8000000000000000694824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779067b35c805312023-02-07 15:10:58.098root 11241100x8000000000000000694823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf2c76766f803162023-02-07 15:10:58.098root 11241100x8000000000000000694822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce3f0918cc129d52023-02-07 15:10:58.098root 11241100x8000000000000000694821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c0717821e237592023-02-07 15:10:58.098root 11241100x8000000000000000694828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a7ec8be0988f7f2023-02-07 15:10:58.099root 11241100x8000000000000000694827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e27faa1ca933b0d2023-02-07 15:10:58.099root 11241100x8000000000000000694826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff48a69782ae5b612023-02-07 15:10:58.099root 11241100x8000000000000000694825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e49623b886b2682023-02-07 15:10:58.099root 11241100x8000000000000000694837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f426f9e0c3d1b22023-02-07 15:10:58.100root 11241100x8000000000000000694836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e623476e7c7cacee2023-02-07 15:10:58.100root 11241100x8000000000000000694835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1f313b8081ca0f2023-02-07 15:10:58.100root 11241100x8000000000000000694834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e31ebcc700444a2023-02-07 15:10:58.100root 11241100x8000000000000000694833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43df3a1d58c9ce72023-02-07 15:10:58.100root 11241100x8000000000000000694832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649150b62b5ff6a62023-02-07 15:10:58.100root 11241100x8000000000000000694831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5febb6980ab404f2023-02-07 15:10:58.100root 11241100x8000000000000000694830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e571bf0a62e49d612023-02-07 15:10:58.100root 11241100x8000000000000000694829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9708842b080ef052023-02-07 15:10:58.100root 11241100x8000000000000000694838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12de5bf19c7b8f322023-02-07 15:10:58.101root 11241100x8000000000000000694841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9a98e98dc342392023-02-07 15:10:58.596root 11241100x8000000000000000694840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24e5dd12e5b1d362023-02-07 15:10:58.596root 11241100x8000000000000000694839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf99e3c965af53e2023-02-07 15:10:58.596root 11241100x8000000000000000694846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f747f24b8ffe7aa2023-02-07 15:10:58.597root 11241100x8000000000000000694845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8700fe6c8e4ac80a2023-02-07 15:10:58.597root 11241100x8000000000000000694844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e45550eb81d5602023-02-07 15:10:58.597root 11241100x8000000000000000694843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae88197a042b852023-02-07 15:10:58.597root 11241100x8000000000000000694842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbd0aefdf790e22023-02-07 15:10:58.597root 11241100x8000000000000000694850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b5d1e83533028b2023-02-07 15:10:58.598root 11241100x8000000000000000694849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5c40de65da57672023-02-07 15:10:58.598root 11241100x8000000000000000694848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677bf8125b392692023-02-07 15:10:58.598root 11241100x8000000000000000694847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7a2c759d3cee6e2023-02-07 15:10:58.598root 11241100x8000000000000000694854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f875318ef183fef2023-02-07 15:10:58.599root 11241100x8000000000000000694853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729950073ccd44ba2023-02-07 15:10:58.599root 11241100x8000000000000000694852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab545285a792708f2023-02-07 15:10:58.599root 11241100x8000000000000000694851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03055cf43f7f50272023-02-07 15:10:58.599root 11241100x8000000000000000694865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a3b6565390ab022023-02-07 15:10:58.600root 11241100x8000000000000000694864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23903112834bceef2023-02-07 15:10:58.600root 11241100x8000000000000000694863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decbc8920c56d6c52023-02-07 15:10:58.600root 11241100x8000000000000000694862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6133e40d84a02b8d2023-02-07 15:10:58.600root 11241100x8000000000000000694861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0cbeb9abdaf3592023-02-07 15:10:58.600root 11241100x8000000000000000694860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3905fcfabb05a4b02023-02-07 15:10:58.600root 11241100x8000000000000000694859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abb096a993fed702023-02-07 15:10:58.600root 11241100x8000000000000000694858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109bbc747fdd3f172023-02-07 15:10:58.600root 11241100x8000000000000000694857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b85a2b1c4aa79e2023-02-07 15:10:58.600root 11241100x8000000000000000694856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8b58eadbf80ba2023-02-07 15:10:58.600root 11241100x8000000000000000694855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e427993f06f57c2023-02-07 15:10:58.600root 11241100x8000000000000000694867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efd3d031ae4d84d2023-02-07 15:10:59.095root 11241100x8000000000000000694866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5193c1944ce982023-02-07 15:10:59.095root 11241100x8000000000000000694873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d394af653997c842023-02-07 15:10:59.096root 11241100x8000000000000000694872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba69a10da3843582023-02-07 15:10:59.096root 11241100x8000000000000000694871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a8e48cda82559a2023-02-07 15:10:59.096root 11241100x8000000000000000694870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25df9f9c3b831b072023-02-07 15:10:59.096root 11241100x8000000000000000694869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda308c8e3ca3572023-02-07 15:10:59.096root 11241100x8000000000000000694868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1d2ba7acef7b2d2023-02-07 15:10:59.096root 11241100x8000000000000000694877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b73673158bc9c2023-02-07 15:10:59.097root 11241100x8000000000000000694876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558d2aabb00a035f2023-02-07 15:10:59.097root 11241100x8000000000000000694875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850947254c17e8622023-02-07 15:10:59.097root 11241100x8000000000000000694874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e918c5679772996e2023-02-07 15:10:59.097root 11241100x8000000000000000694880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ef58763a721cd02023-02-07 15:10:59.098root 11241100x8000000000000000694879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eba1937fe569ab2023-02-07 15:10:59.098root 11241100x8000000000000000694878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d968dcf6bc6e472023-02-07 15:10:59.098root 11241100x8000000000000000694884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028bfc6c21b9b22c2023-02-07 15:10:59.099root 11241100x8000000000000000694883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8638b83029baa352023-02-07 15:10:59.099root 11241100x8000000000000000694882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273e428003efbe12023-02-07 15:10:59.099root 11241100x8000000000000000694881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eecaaf088488b462023-02-07 15:10:59.099root 11241100x8000000000000000694885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d57c43af4f7facf2023-02-07 15:10:59.100root 11241100x8000000000000000694887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefd0516451a8cfa2023-02-07 15:10:59.101root 11241100x8000000000000000694886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ec9acd66673e82023-02-07 15:10:59.101root 11241100x8000000000000000694891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5818ecfcae2dedce2023-02-07 15:10:59.102root 11241100x8000000000000000694890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72253128228ae5702023-02-07 15:10:59.102root 11241100x8000000000000000694889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf588dcf5094092023-02-07 15:10:59.102root 11241100x8000000000000000694888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f023ddf29afae2023-02-07 15:10:59.102root 11241100x8000000000000000694892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1ed0c03e9dabaf2023-02-07 15:10:59.103root 11241100x8000000000000000694895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691a6a608e1318522023-02-07 15:10:59.104root 11241100x8000000000000000694894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafbc35b94b367502023-02-07 15:10:59.104root 11241100x8000000000000000694893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3972e98bfbc338df2023-02-07 15:10:59.104root 11241100x8000000000000000694898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c279dadd60390c522023-02-07 15:10:59.595root 11241100x8000000000000000694897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acfc3c2bc7592112023-02-07 15:10:59.595root 11241100x8000000000000000694896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4081750dd66840212023-02-07 15:10:59.595root 11241100x8000000000000000694903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1518e2bf146b60d12023-02-07 15:10:59.596root 11241100x8000000000000000694902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35c6fd690ac71e82023-02-07 15:10:59.596root 11241100x8000000000000000694901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff8a2c69b410a0f2023-02-07 15:10:59.596root 11241100x8000000000000000694900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e812ff0aa1e1b1962023-02-07 15:10:59.596root 11241100x8000000000000000694899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182f5e5ed23e08be2023-02-07 15:10:59.596root 11241100x8000000000000000694907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b175fcaf75d1fbc32023-02-07 15:10:59.597root 11241100x8000000000000000694906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495daddd00df6d6f2023-02-07 15:10:59.597root 11241100x8000000000000000694905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e06fb607270fd32023-02-07 15:10:59.597root 11241100x8000000000000000694904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04549567b85810b22023-02-07 15:10:59.597root 11241100x8000000000000000694913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03f8063f6d36e02023-02-07 15:10:59.598root 11241100x8000000000000000694912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596859bce40a74e62023-02-07 15:10:59.598root 11241100x8000000000000000694911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86053d93ed1db3f2023-02-07 15:10:59.598root 11241100x8000000000000000694910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be3dac71bb849292023-02-07 15:10:59.598root 11241100x8000000000000000694909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35216e9f3bffb0212023-02-07 15:10:59.598root 11241100x8000000000000000694908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266f3d68ff3f112a2023-02-07 15:10:59.598root 11241100x8000000000000000694915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234e6497fa84b47d2023-02-07 15:10:59.599root 11241100x8000000000000000694914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06ef9f1c0104e3f2023-02-07 15:10:59.599root 11241100x8000000000000000694920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a3a57b5ea515762023-02-07 15:10:59.600root 11241100x8000000000000000694919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a4fdbe67b8ce7a2023-02-07 15:10:59.600root 11241100x8000000000000000694918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320c2be044075dcb2023-02-07 15:10:59.600root 11241100x8000000000000000694917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1585573131a9facd2023-02-07 15:10:59.600root 11241100x8000000000000000694916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9cdf31ff1f7aeb2023-02-07 15:10:59.600root 11241100x8000000000000000694925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761578b2273597132023-02-07 15:10:59.601root 11241100x8000000000000000694924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b37619b302fc4a2023-02-07 15:10:59.601root 11241100x8000000000000000694923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c3e95188065f8c2023-02-07 15:10:59.601root 11241100x8000000000000000694922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34004298b6c6a592023-02-07 15:10:59.601root 11241100x8000000000000000694921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:10:59.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd25e3249be9ed12023-02-07 15:10:59.601root 11241100x8000000000000000694927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ac7e6418a094da2023-02-07 15:11:00.095root 11241100x8000000000000000694926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9485f65852cab0a2023-02-07 15:11:00.095root 11241100x8000000000000000694933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4068379fed240fa2023-02-07 15:11:00.096root 11241100x8000000000000000694932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36926a61afd0477a2023-02-07 15:11:00.096root 11241100x8000000000000000694931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a99acc2adf63d32023-02-07 15:11:00.096root 11241100x8000000000000000694930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5c0e57cc3824772023-02-07 15:11:00.096root 11241100x8000000000000000694929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b8ade15ee7a4552023-02-07 15:11:00.096root 11241100x8000000000000000694928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be83397fe855c9b2023-02-07 15:11:00.096root 11241100x8000000000000000694939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa5b1c3aded3f8f2023-02-07 15:11:00.097root 11241100x8000000000000000694938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecbfe57d277ad7a2023-02-07 15:11:00.097root 11241100x8000000000000000694937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ec9e07350280152023-02-07 15:11:00.097root 11241100x8000000000000000694936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98573f2667cd8acf2023-02-07 15:11:00.097root 11241100x8000000000000000694935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e49ad51584f9812023-02-07 15:11:00.097root 11241100x8000000000000000694934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da9009793364a72023-02-07 15:11:00.097root 11241100x8000000000000000694943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bc1799d908654c2023-02-07 15:11:00.098root 11241100x8000000000000000694942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdf527ca3fa378a2023-02-07 15:11:00.098root 11241100x8000000000000000694941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0e4d75dc58147c2023-02-07 15:11:00.098root 11241100x8000000000000000694940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1521f21d939d6d1c2023-02-07 15:11:00.098root 11241100x8000000000000000694948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fb89b45881929f2023-02-07 15:11:00.099root 11241100x8000000000000000694947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572ded18297ec1022023-02-07 15:11:00.099root 11241100x8000000000000000694946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1872dabc967f08fc2023-02-07 15:11:00.099root 11241100x8000000000000000694945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0756c5d3e7c64ab2023-02-07 15:11:00.099root 11241100x8000000000000000694944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b292f55cb62303d12023-02-07 15:11:00.099root 11241100x8000000000000000694952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f50cdc5a39f67672023-02-07 15:11:00.100root 11241100x8000000000000000694951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7aa601258019622023-02-07 15:11:00.100root 11241100x8000000000000000694950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0386224dd4012972023-02-07 15:11:00.100root 11241100x8000000000000000694949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22479b09f5fe5bc2023-02-07 15:11:00.100root 11241100x8000000000000000694954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132be86eee50c5a82023-02-07 15:11:00.101root 11241100x8000000000000000694953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c9b7b4e1afc0702023-02-07 15:11:00.101root 11241100x8000000000000000694956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4d9b001fef69f62023-02-07 15:11:00.595root 11241100x8000000000000000694955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8ca405cb969532023-02-07 15:11:00.595root 11241100x8000000000000000694961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2936957977430c542023-02-07 15:11:00.596root 11241100x8000000000000000694960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4851d48450d78f2023-02-07 15:11:00.596root 11241100x8000000000000000694959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716dd5a87078a482023-02-07 15:11:00.596root 11241100x8000000000000000694958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cedc4b4cd5a40e52023-02-07 15:11:00.596root 11241100x8000000000000000694957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f86468819c823f2023-02-07 15:11:00.596root 11241100x8000000000000000694966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0290df9219f0e27f2023-02-07 15:11:00.597root 11241100x8000000000000000694965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0199aca84b8866b52023-02-07 15:11:00.597root 11241100x8000000000000000694964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d76ea60ffc10ea42023-02-07 15:11:00.597root 11241100x8000000000000000694963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d838fb93ac682992023-02-07 15:11:00.597root 11241100x8000000000000000694962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea0fdc6429d4a632023-02-07 15:11:00.597root 11241100x8000000000000000694971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b9ba3c2e2152582023-02-07 15:11:00.598root 11241100x8000000000000000694970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2970f51726860a8c2023-02-07 15:11:00.598root 11241100x8000000000000000694969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ac922a94d42d622023-02-07 15:11:00.598root 11241100x8000000000000000694968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a73a2c5a0479d5d2023-02-07 15:11:00.598root 11241100x8000000000000000694967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c894335aa290c502023-02-07 15:11:00.598root 11241100x8000000000000000694974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaadefbaf3dddce2023-02-07 15:11:00.599root 11241100x8000000000000000694973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00783e5e8e5dca912023-02-07 15:11:00.599root 11241100x8000000000000000694972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7fc95c2a7ba11b2023-02-07 15:11:00.599root 11241100x8000000000000000694979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d88312112951322023-02-07 15:11:00.600root 11241100x8000000000000000694978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a265a759c17860a2023-02-07 15:11:00.600root 11241100x8000000000000000694977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22b4d27d38ce4092023-02-07 15:11:00.600root 11241100x8000000000000000694976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fd08e6b566a3ac2023-02-07 15:11:00.600root 11241100x8000000000000000694975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e881f54ffe9612023-02-07 15:11:00.600root 11241100x8000000000000000694982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8bbb157bf02ff72023-02-07 15:11:00.601root 11241100x8000000000000000694981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdd86af954cddac2023-02-07 15:11:00.601root 11241100x8000000000000000694980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f22a68ea086be692023-02-07 15:11:00.601root 11241100x8000000000000000694985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6665d21c66d56fd2023-02-07 15:11:00.602root 11241100x8000000000000000694984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d45cc2a728a8792023-02-07 15:11:00.602root 11241100x8000000000000000694983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db91ad086848d5462023-02-07 15:11:00.602root 11241100x8000000000000000694987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60745f39f9c37d772023-02-07 15:11:01.095root 11241100x8000000000000000694986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc3b7e695b1ec422023-02-07 15:11:01.095root 11241100x8000000000000000694992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93d215df6aafe82023-02-07 15:11:01.096root 11241100x8000000000000000694991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57e3c2f8d36b52f2023-02-07 15:11:01.096root 11241100x8000000000000000694990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6528ca0623588b2023-02-07 15:11:01.096root 11241100x8000000000000000694989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948ec1159bd98cdb2023-02-07 15:11:01.096root 11241100x8000000000000000694988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a12e89698be28152023-02-07 15:11:01.096root 11241100x8000000000000000694995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d263afc9bd2883772023-02-07 15:11:01.097root 11241100x8000000000000000694994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3994f3fbddfe22e42023-02-07 15:11:01.097root 11241100x8000000000000000694993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4639aab3f04f07772023-02-07 15:11:01.097root 11241100x8000000000000000695000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590be56302879b492023-02-07 15:11:01.099root 11241100x8000000000000000694999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b078cf65ac6365a72023-02-07 15:11:01.099root 11241100x8000000000000000694998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73300074b54c412023-02-07 15:11:01.099root 11241100x8000000000000000694997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9d4102770d15c2023-02-07 15:11:01.099root 11241100x8000000000000000694996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d61cef76919e5522023-02-07 15:11:01.099root 11241100x8000000000000000695010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecd043330f32e832023-02-07 15:11:01.100root 11241100x8000000000000000695009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa1f140574ed73f2023-02-07 15:11:01.100root 11241100x8000000000000000695008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4280f4717352b192023-02-07 15:11:01.100root 11241100x8000000000000000695007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb782621489ada72023-02-07 15:11:01.100root 11241100x8000000000000000695006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a58c3988844b512023-02-07 15:11:01.100root 11241100x8000000000000000695005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a48ddd5bc1696d2023-02-07 15:11:01.100root 11241100x8000000000000000695004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc03850fa7166de2023-02-07 15:11:01.100root 11241100x8000000000000000695003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4adb857880a9102023-02-07 15:11:01.100root 11241100x8000000000000000695002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3b41f75bc3a1eb2023-02-07 15:11:01.100root 11241100x8000000000000000695001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffb5436d65619f22023-02-07 15:11:01.100root 11241100x8000000000000000695017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc51d51e833fa6b2023-02-07 15:11:01.101root 11241100x8000000000000000695016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba90248dedc07862023-02-07 15:11:01.101root 11241100x8000000000000000695015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e530bcefc9e85aa02023-02-07 15:11:01.101root 11241100x8000000000000000695014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12369a0b6feeb3ec2023-02-07 15:11:01.101root 11241100x8000000000000000695013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3c3885bb3fd0762023-02-07 15:11:01.101root 11241100x8000000000000000695012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeae996b853a0632023-02-07 15:11:01.101root 11241100x8000000000000000695011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7b3f19534d60722023-02-07 15:11:01.101root 11241100x8000000000000000695025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e295253d75124ad2023-02-07 15:11:01.102root 11241100x8000000000000000695024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e03ba163d6493852023-02-07 15:11:01.102root 11241100x8000000000000000695023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdadd37a65fb6a652023-02-07 15:11:01.102root 11241100x8000000000000000695022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6942fba40a6e86582023-02-07 15:11:01.102root 11241100x8000000000000000695021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870a3de61340281e2023-02-07 15:11:01.102root 11241100x8000000000000000695020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900d956da049c02e2023-02-07 15:11:01.102root 11241100x8000000000000000695019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29861f14d1ae5642023-02-07 15:11:01.102root 11241100x8000000000000000695018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a7e1b607dc0a452023-02-07 15:11:01.102root 11241100x8000000000000000695026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3aef78414227942023-02-07 15:11:01.103root 11241100x8000000000000000695028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fc254422956e2e2023-02-07 15:11:01.595root 11241100x8000000000000000695027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb92224c8e140d692023-02-07 15:11:01.595root 11241100x8000000000000000695035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885c32e529870ef2023-02-07 15:11:01.596root 11241100x8000000000000000695034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9313ae0018fbc9c2023-02-07 15:11:01.596root 11241100x8000000000000000695033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a63042530828372023-02-07 15:11:01.596root 11241100x8000000000000000695032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa6df34e42e98c72023-02-07 15:11:01.596root 11241100x8000000000000000695031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67284a77f56106882023-02-07 15:11:01.596root 11241100x8000000000000000695030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dda384f2ad50c6e2023-02-07 15:11:01.596root 11241100x8000000000000000695029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088f3a2820bc46e72023-02-07 15:11:01.596root 11241100x8000000000000000695041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8787030cd89866ce2023-02-07 15:11:01.597root 11241100x8000000000000000695040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68be8d36e8548ebd2023-02-07 15:11:01.597root 11241100x8000000000000000695039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489293e076579cd02023-02-07 15:11:01.597root 11241100x8000000000000000695038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6b15b692691bd72023-02-07 15:11:01.597root 11241100x8000000000000000695037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d17ae65fdd677832023-02-07 15:11:01.597root 11241100x8000000000000000695036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a022f096a801e7902023-02-07 15:11:01.597root 11241100x8000000000000000695048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c66150215f4dea2023-02-07 15:11:01.598root 11241100x8000000000000000695047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd99cd4c51ccd3a2023-02-07 15:11:01.598root 11241100x8000000000000000695046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7cedae1858d4792023-02-07 15:11:01.598root 11241100x8000000000000000695045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165ac8c91d726f852023-02-07 15:11:01.598root 11241100x8000000000000000695044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a667f0ad49167a2023-02-07 15:11:01.598root 11241100x8000000000000000695043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5992f57874ed242023-02-07 15:11:01.598root 11241100x8000000000000000695042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e23411bc6e09af2023-02-07 15:11:01.598root 11241100x8000000000000000695055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d3a3c61baa056b2023-02-07 15:11:01.599root 11241100x8000000000000000695054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c367fa38fb22cf9e2023-02-07 15:11:01.599root 11241100x8000000000000000695053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe49ebb4f1136912023-02-07 15:11:01.599root 11241100x8000000000000000695052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15f933d92f37cd82023-02-07 15:11:01.599root 11241100x8000000000000000695051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa38097dffdc30572023-02-07 15:11:01.599root 11241100x8000000000000000695050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bee4bcdf4a1d942023-02-07 15:11:01.599root 11241100x8000000000000000695049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea38755be0fa98e2023-02-07 15:11:01.599root 11241100x8000000000000000695057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e39abd36d96a9bb2023-02-07 15:11:01.600root 11241100x8000000000000000695056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:01.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebfafe6269375022023-02-07 15:11:01.600root 11241100x8000000000000000695061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d438671fd667422023-02-07 15:11:02.095root 11241100x8000000000000000695060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fd98d8cf59e39e2023-02-07 15:11:02.095root 11241100x8000000000000000695059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af628f2e0f79ee642023-02-07 15:11:02.095root 11241100x8000000000000000695058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592fdd54620808782023-02-07 15:11:02.095root 11241100x8000000000000000695067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d827c660e6e612023-02-07 15:11:02.096root 11241100x8000000000000000695066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988358d2fcf1e4382023-02-07 15:11:02.096root 11241100x8000000000000000695065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700a413eca392a7c2023-02-07 15:11:02.096root 11241100x8000000000000000695064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59932f414a4cb2142023-02-07 15:11:02.096root 11241100x8000000000000000695063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db2238fc47eac522023-02-07 15:11:02.096root 11241100x8000000000000000695062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef74fb43e279187d2023-02-07 15:11:02.096root 11241100x8000000000000000695072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfae9b732b99605b2023-02-07 15:11:02.097root 11241100x8000000000000000695071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1463f1b257cb892023-02-07 15:11:02.097root 11241100x8000000000000000695070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf1f42eee676e92023-02-07 15:11:02.097root 11241100x8000000000000000695069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbc7b4254f080d22023-02-07 15:11:02.097root 11241100x8000000000000000695068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afb19e4e4192c862023-02-07 15:11:02.097root 11241100x8000000000000000695082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa390ecfaf994e42023-02-07 15:11:02.098root 11241100x8000000000000000695081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98018428da23aba22023-02-07 15:11:02.098root 11241100x8000000000000000695080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6098eeab5cbe3a5b2023-02-07 15:11:02.098root 11241100x8000000000000000695079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5dbebffd7dd1dd2023-02-07 15:11:02.098root 11241100x8000000000000000695078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15edaf3ab494416b2023-02-07 15:11:02.098root 11241100x8000000000000000695077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72c1ac70b504d32023-02-07 15:11:02.098root 11241100x8000000000000000695076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65433aa692559ef2023-02-07 15:11:02.098root 11241100x8000000000000000695075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575adbf5d365121d2023-02-07 15:11:02.098root 11241100x8000000000000000695074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfc8eaddea5e9572023-02-07 15:11:02.098root 11241100x8000000000000000695073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d197f28cdff85652023-02-07 15:11:02.098root 11241100x8000000000000000695086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b1be6c63dbbe072023-02-07 15:11:02.099root 11241100x8000000000000000695085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea909ec7e58b98f2023-02-07 15:11:02.099root 11241100x8000000000000000695084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d60f2e8b729b902023-02-07 15:11:02.099root 11241100x8000000000000000695083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ca215813fd00c12023-02-07 15:11:02.099root 11241100x8000000000000000695091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8f8b63586fbf212023-02-07 15:11:02.100root 11241100x8000000000000000695090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a9ed5212a0c9bb2023-02-07 15:11:02.100root 11241100x8000000000000000695089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77268a0029aeed92023-02-07 15:11:02.100root 11241100x8000000000000000695088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2587def1dd9276a82023-02-07 15:11:02.100root 11241100x8000000000000000695087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dffab8f6ac41462023-02-07 15:11:02.100root 11241100x8000000000000000695093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b972829891c9012023-02-07 15:11:02.595root 11241100x8000000000000000695092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c976fcf0a564d02023-02-07 15:11:02.595root 11241100x8000000000000000695097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61653bc4af5cc272023-02-07 15:11:02.596root 11241100x8000000000000000695096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa286ff38d732d42023-02-07 15:11:02.596root 11241100x8000000000000000695095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6f5a95b8c2e34b2023-02-07 15:11:02.596root 11241100x8000000000000000695094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168644c2d9703ea92023-02-07 15:11:02.596root 11241100x8000000000000000695103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bc65c28affc9f82023-02-07 15:11:02.597root 11241100x8000000000000000695102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03f85bbc43a8e102023-02-07 15:11:02.597root 11241100x8000000000000000695101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0527e54dbeb022e52023-02-07 15:11:02.597root 11241100x8000000000000000695100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682cb029f121f63e2023-02-07 15:11:02.597root 11241100x8000000000000000695099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127a784be09367672023-02-07 15:11:02.597root 11241100x8000000000000000695098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1812cbdab52e690a2023-02-07 15:11:02.597root 11241100x8000000000000000695110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb22862edb24da12023-02-07 15:11:02.598root 11241100x8000000000000000695109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63410d444cd062902023-02-07 15:11:02.598root 11241100x8000000000000000695108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca8e984909f8fd2023-02-07 15:11:02.598root 11241100x8000000000000000695107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b2530b149d8222023-02-07 15:11:02.598root 11241100x8000000000000000695106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a810ddd4cb5d3002023-02-07 15:11:02.598root 11241100x8000000000000000695105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbd8306416a71332023-02-07 15:11:02.598root 11241100x8000000000000000695104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72553a9b7a7a51c2023-02-07 15:11:02.598root 11241100x8000000000000000695118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94744ddbc711ac532023-02-07 15:11:02.599root 11241100x8000000000000000695117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f13fddbca6fb962023-02-07 15:11:02.599root 11241100x8000000000000000695116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5629d435e11c91ef2023-02-07 15:11:02.599root 11241100x8000000000000000695115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2b57c9921d7d062023-02-07 15:11:02.599root 11241100x8000000000000000695114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449e9e871d5a9f282023-02-07 15:11:02.599root 11241100x8000000000000000695113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a2667399e33dad2023-02-07 15:11:02.599root 11241100x8000000000000000695112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50254e7a63b983402023-02-07 15:11:02.599root 11241100x8000000000000000695111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac36789d983d3512023-02-07 15:11:02.599root 11241100x8000000000000000695124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108874e3c426effc2023-02-07 15:11:02.600root 11241100x8000000000000000695123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdf697079b7d2422023-02-07 15:11:02.600root 11241100x8000000000000000695122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430fcfc75bb40002023-02-07 15:11:02.600root 11241100x8000000000000000695121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ab187a71ea485a2023-02-07 15:11:02.600root 11241100x8000000000000000695120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906a70e9f4c8aeac2023-02-07 15:11:02.600root 11241100x8000000000000000695119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9bfa287b87ce922023-02-07 15:11:02.600root 11241100x8000000000000000695129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753966e1f0b411e62023-02-07 15:11:03.095root 11241100x8000000000000000695128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1d40270c23e6c32023-02-07 15:11:03.095root 11241100x8000000000000000695127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f752910577c8cc2023-02-07 15:11:03.095root 11241100x8000000000000000695126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cd2839cd5941d62023-02-07 15:11:03.095root 11241100x8000000000000000695125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a14ba4e018420e22023-02-07 15:11:03.095root 11241100x8000000000000000695133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cedf2ed0b872ec2023-02-07 15:11:03.096root 11241100x8000000000000000695132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033d6e8ca98f1d92023-02-07 15:11:03.096root 11241100x8000000000000000695131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5dbf692843d7372023-02-07 15:11:03.096root 11241100x8000000000000000695130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0580da72d5ef84b62023-02-07 15:11:03.096root 11241100x8000000000000000695137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5950791497445f2023-02-07 15:11:03.097root 11241100x8000000000000000695136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cc6674a04622602023-02-07 15:11:03.097root 11241100x8000000000000000695135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7806a6ac2e25b792023-02-07 15:11:03.097root 11241100x8000000000000000695134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd883cfd1f96e6632023-02-07 15:11:03.097root 11241100x8000000000000000695141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb56024883a2002023-02-07 15:11:03.098root 11241100x8000000000000000695140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e91628098e25aa52023-02-07 15:11:03.098root 11241100x8000000000000000695139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4e906860110c672023-02-07 15:11:03.098root 11241100x8000000000000000695138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1312108c5fc578ec2023-02-07 15:11:03.098root 11241100x8000000000000000695145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42877ad7d5f9fb4b2023-02-07 15:11:03.099root 11241100x8000000000000000695144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b20dfda141da1e2023-02-07 15:11:03.099root 11241100x8000000000000000695143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7f5260f71f1672023-02-07 15:11:03.099root 11241100x8000000000000000695142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aaef6135b94ec12023-02-07 15:11:03.099root 11241100x8000000000000000695148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02becf45cfcd7df12023-02-07 15:11:03.100root 11241100x8000000000000000695147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2665a92df139552023-02-07 15:11:03.100root 11241100x8000000000000000695146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcc81f6925ee6b82023-02-07 15:11:03.100root 11241100x8000000000000000695150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bbdb7de5efe9632023-02-07 15:11:03.101root 11241100x8000000000000000695149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acae7550671581182023-02-07 15:11:03.101root 11241100x8000000000000000695152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922d9a751033bec92023-02-07 15:11:03.102root 11241100x8000000000000000695151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdc1f49a42ebfcc2023-02-07 15:11:03.102root 11241100x8000000000000000695155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e7dfe9ec1736d72023-02-07 15:11:03.103root 11241100x8000000000000000695154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8827d66c17d8b52023-02-07 15:11:03.103root 11241100x8000000000000000695153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfb90ec91b3de3e2023-02-07 15:11:03.103root 11241100x8000000000000000695157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520f1738429431112023-02-07 15:11:03.104root 11241100x8000000000000000695156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2d408468c438282023-02-07 15:11:03.104root 354300x8000000000000000695158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.146{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44608-false10.0.1.12-8000- 11241100x8000000000000000695161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ae790ce82776c22023-02-07 15:11:03.595root 11241100x8000000000000000695160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b285a6f5f408e49f2023-02-07 15:11:03.595root 11241100x8000000000000000695159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5db0b8073cf5b932023-02-07 15:11:03.595root 11241100x8000000000000000695162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c640d88b46984992023-02-07 15:11:03.596root 11241100x8000000000000000695163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdedbb60e664c47a2023-02-07 15:11:03.599root 11241100x8000000000000000695170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6142a57ff12157242023-02-07 15:11:03.600root 11241100x8000000000000000695169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3400a33089509c102023-02-07 15:11:03.600root 11241100x8000000000000000695168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a050339eb0d5662023-02-07 15:11:03.600root 11241100x8000000000000000695167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0366b8fa53f779bc2023-02-07 15:11:03.600root 11241100x8000000000000000695166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7290783c00535cff2023-02-07 15:11:03.600root 11241100x8000000000000000695165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699be5e5ac784ac92023-02-07 15:11:03.600root 11241100x8000000000000000695164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c84e54771c4ae2023-02-07 15:11:03.600root 11241100x8000000000000000695178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5428d42bb87f426f2023-02-07 15:11:03.601root 11241100x8000000000000000695177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27688a4d284a132023-02-07 15:11:03.601root 11241100x8000000000000000695176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101fe5b90209a4b42023-02-07 15:11:03.601root 11241100x8000000000000000695175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2203e34cdfa2952023-02-07 15:11:03.601root 11241100x8000000000000000695174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a422d49f6eb996b2023-02-07 15:11:03.601root 11241100x8000000000000000695173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bf5b511999c54b2023-02-07 15:11:03.601root 11241100x8000000000000000695172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333c0b162fdcd5d2023-02-07 15:11:03.601root 11241100x8000000000000000695171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0955f08bdb87182023-02-07 15:11:03.601root 11241100x8000000000000000695185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9567e868e61b84b92023-02-07 15:11:03.602root 11241100x8000000000000000695184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af46a5942858102023-02-07 15:11:03.602root 11241100x8000000000000000695183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5263c53236f53372023-02-07 15:11:03.602root 11241100x8000000000000000695182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b3d395555c2b8e2023-02-07 15:11:03.602root 11241100x8000000000000000695181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa429317d055c3352023-02-07 15:11:03.602root 11241100x8000000000000000695180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408850066fc300542023-02-07 15:11:03.602root 11241100x8000000000000000695179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c053adea7d9c0b52023-02-07 15:11:03.602root 11241100x8000000000000000695189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bf47ba1a51f29c2023-02-07 15:11:03.603root 11241100x8000000000000000695188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3349f63075c52ea82023-02-07 15:11:03.603root 11241100x8000000000000000695187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd61fa2f127b7e62023-02-07 15:11:03.603root 11241100x8000000000000000695186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:03.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf5acb6c6db571e2023-02-07 15:11:03.603root 11241100x8000000000000000695193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4e4d23c1db33bc2023-02-07 15:11:04.095root 11241100x8000000000000000695192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc67e9dd9fb03932023-02-07 15:11:04.095root 11241100x8000000000000000695191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9320c0c7fe4209f62023-02-07 15:11:04.095root 11241100x8000000000000000695190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2685ac17cc2b00482023-02-07 15:11:04.095root 11241100x8000000000000000695203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a673abe34c32a9d2023-02-07 15:11:04.096root 11241100x8000000000000000695202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e484d05da3f48182023-02-07 15:11:04.096root 11241100x8000000000000000695201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e630449c4ad042023-02-07 15:11:04.096root 11241100x8000000000000000695200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b798cc27d6f4a7b2023-02-07 15:11:04.096root 11241100x8000000000000000695199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c9b7a07dcf41f42023-02-07 15:11:04.096root 11241100x8000000000000000695198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e19c1b0604d79362023-02-07 15:11:04.096root 11241100x8000000000000000695197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54498dcc7c195ce2023-02-07 15:11:04.096root 11241100x8000000000000000695196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4506ab64b4d187f62023-02-07 15:11:04.096root 11241100x8000000000000000695195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c00a455ac397a232023-02-07 15:11:04.096root 11241100x8000000000000000695194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6bf6a4eafcc6d12023-02-07 15:11:04.096root 11241100x8000000000000000695207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a481c9c5f957842023-02-07 15:11:04.097root 11241100x8000000000000000695206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045192767335ebc52023-02-07 15:11:04.097root 11241100x8000000000000000695205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46e457ba66099f2023-02-07 15:11:04.097root 11241100x8000000000000000695204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fffd2567641865d2023-02-07 15:11:04.097root 11241100x8000000000000000695211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc768913c9cba9d2023-02-07 15:11:04.098root 11241100x8000000000000000695210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1d91b26f0842012023-02-07 15:11:04.098root 11241100x8000000000000000695209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960a37921b8ccaba2023-02-07 15:11:04.098root 11241100x8000000000000000695208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e7a48da79320ce2023-02-07 15:11:04.098root 11241100x8000000000000000695217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c74551e57ee426e2023-02-07 15:11:04.099root 11241100x8000000000000000695216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27d6c32d275ce9f2023-02-07 15:11:04.099root 11241100x8000000000000000695215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a545a72ea1f3152023-02-07 15:11:04.099root 11241100x8000000000000000695214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff72f8f2441a19772023-02-07 15:11:04.099root 11241100x8000000000000000695213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca07e5be18e2f992023-02-07 15:11:04.099root 11241100x8000000000000000695212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47196244611fb9a62023-02-07 15:11:04.099root 11241100x8000000000000000695230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b13e9adf2aa52e2023-02-07 15:11:04.100root 11241100x8000000000000000695229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e382b3c8a4970b4e2023-02-07 15:11:04.100root 11241100x8000000000000000695228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408db67f3764d1c2023-02-07 15:11:04.100root 11241100x8000000000000000695227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0636a67a1ee81252023-02-07 15:11:04.100root 11241100x8000000000000000695226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1396f50db2bafe82023-02-07 15:11:04.100root 11241100x8000000000000000695225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ee072d3fe529c52023-02-07 15:11:04.100root 11241100x8000000000000000695224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29212a7d02e304c42023-02-07 15:11:04.100root 11241100x8000000000000000695223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826568917cccffe02023-02-07 15:11:04.100root 11241100x8000000000000000695222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deba32843d5ff7552023-02-07 15:11:04.100root 11241100x8000000000000000695221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec620fd023dcad3b2023-02-07 15:11:04.100root 11241100x8000000000000000695220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d18056e6099c062023-02-07 15:11:04.100root 11241100x8000000000000000695219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b998cfe11937442023-02-07 15:11:04.100root 11241100x8000000000000000695218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0839a4fb0aa4fe052023-02-07 15:11:04.100root 11241100x8000000000000000695234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659bda6c71d6a7d72023-02-07 15:11:04.595root 11241100x8000000000000000695233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277a3091f39c98c82023-02-07 15:11:04.595root 11241100x8000000000000000695232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1da9bcba9cb63092023-02-07 15:11:04.595root 11241100x8000000000000000695231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fc200ddd46061f2023-02-07 15:11:04.595root 11241100x8000000000000000695242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b715ed5dae8ba2023-02-07 15:11:04.596root 11241100x8000000000000000695241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01052a01bb8623d2023-02-07 15:11:04.596root 11241100x8000000000000000695240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6734e2142b07c5ac2023-02-07 15:11:04.596root 11241100x8000000000000000695239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35228965c814d4b52023-02-07 15:11:04.596root 11241100x8000000000000000695238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad225ff500891f72023-02-07 15:11:04.596root 11241100x8000000000000000695237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535656e2837189c62023-02-07 15:11:04.596root 11241100x8000000000000000695236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235dccd39f455d412023-02-07 15:11:04.596root 11241100x8000000000000000695235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c300bb8e1312f2023-02-07 15:11:04.596root 11241100x8000000000000000695248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88371275cbb537322023-02-07 15:11:04.597root 11241100x8000000000000000695247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8d549832b5049f2023-02-07 15:11:04.597root 11241100x8000000000000000695246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d15fd549e71a3e2023-02-07 15:11:04.597root 11241100x8000000000000000695245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb7339100b058802023-02-07 15:11:04.597root 11241100x8000000000000000695244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafc0f8de106326b2023-02-07 15:11:04.597root 11241100x8000000000000000695243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd24719e376ddd2023-02-07 15:11:04.597root 11241100x8000000000000000695251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc52d4b7c7f9f472023-02-07 15:11:04.598root 11241100x8000000000000000695250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caea0f1bad02a04f2023-02-07 15:11:04.598root 11241100x8000000000000000695249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d1a634e060a1282023-02-07 15:11:04.598root 11241100x8000000000000000695254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d7ca6a9517fc7d2023-02-07 15:11:04.602root 11241100x8000000000000000695253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcb5f450867fa682023-02-07 15:11:04.602root 11241100x8000000000000000695252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3558fcae143b6fd92023-02-07 15:11:04.602root 11241100x8000000000000000695258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e3d46b6fb5e9b72023-02-07 15:11:04.603root 11241100x8000000000000000695257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84384cb241bc52b32023-02-07 15:11:04.603root 11241100x8000000000000000695256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf5227f6cde6e032023-02-07 15:11:04.603root 11241100x8000000000000000695255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332ee363ce0ef1982023-02-07 15:11:04.603root 11241100x8000000000000000695264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158c24c2d02458b2023-02-07 15:11:04.604root 11241100x8000000000000000695263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc443ff3fcf136e2023-02-07 15:11:04.604root 11241100x8000000000000000695262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5625d3f6d80841b2023-02-07 15:11:04.604root 11241100x8000000000000000695261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07095dde15ca1dd2023-02-07 15:11:04.604root 11241100x8000000000000000695260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c1774ef1cadbed2023-02-07 15:11:04.604root 11241100x8000000000000000695259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793ecb7c72bde70d2023-02-07 15:11:04.604root 11241100x8000000000000000695265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:04.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e648935bb755962023-02-07 15:11:04.605root 11241100x8000000000000000695267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe0fbb72c9899152023-02-07 15:11:05.095root 11241100x8000000000000000695266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d3a18eda88b1b72023-02-07 15:11:05.095root 11241100x8000000000000000695270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aef4b7e4495d4902023-02-07 15:11:05.096root 11241100x8000000000000000695269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcfd50a16fff5372023-02-07 15:11:05.096root 11241100x8000000000000000695268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7cf9eadabc3d072023-02-07 15:11:05.096root 11241100x8000000000000000695273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543e34093768815a2023-02-07 15:11:05.097root 11241100x8000000000000000695272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980426964668e76c2023-02-07 15:11:05.097root 11241100x8000000000000000695271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a790e1bfa0db582023-02-07 15:11:05.097root 11241100x8000000000000000695280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ee27ee7311a9162023-02-07 15:11:05.098root 11241100x8000000000000000695279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcf0f7d2d943e0e2023-02-07 15:11:05.098root 11241100x8000000000000000695278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f11cf8e8a6f88b2023-02-07 15:11:05.098root 11241100x8000000000000000695277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d928f7fcf6815c2023-02-07 15:11:05.098root 11241100x8000000000000000695276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb6662163a631cf2023-02-07 15:11:05.098root 11241100x8000000000000000695275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5012fbfb2e9149f2023-02-07 15:11:05.098root 11241100x8000000000000000695274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7ac70a8e6b68c02023-02-07 15:11:05.098root 11241100x8000000000000000695290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e97e4b9fc658922023-02-07 15:11:05.099root 11241100x8000000000000000695289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902edec530434e4c2023-02-07 15:11:05.099root 11241100x8000000000000000695288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b9a677843aae382023-02-07 15:11:05.099root 11241100x8000000000000000695287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cde00733e45c612023-02-07 15:11:05.099root 11241100x8000000000000000695286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874654cf2d0ce2d22023-02-07 15:11:05.099root 11241100x8000000000000000695285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea60d6176c975f2e2023-02-07 15:11:05.099root 11241100x8000000000000000695284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c9063ebc4eb48c2023-02-07 15:11:05.099root 11241100x8000000000000000695283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6924451a573e66552023-02-07 15:11:05.099root 11241100x8000000000000000695282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cc206c31e57d6e2023-02-07 15:11:05.099root 11241100x8000000000000000695281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec2de21ba27f4632023-02-07 15:11:05.099root 11241100x8000000000000000695297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19d1167864e4cbe2023-02-07 15:11:05.100root 11241100x8000000000000000695296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc6badcbd2f15d2023-02-07 15:11:05.100root 11241100x8000000000000000695295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c835ee720816b4492023-02-07 15:11:05.100root 11241100x8000000000000000695294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6908ea9297c56fa2023-02-07 15:11:05.100root 11241100x8000000000000000695293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd46a9c35ba2f72023-02-07 15:11:05.100root 11241100x8000000000000000695292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba2e72012bcf6c2023-02-07 15:11:05.100root 11241100x8000000000000000695291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5983c8623f705eb72023-02-07 15:11:05.100root 11241100x8000000000000000695301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04f177fd25736432023-02-07 15:11:05.595root 11241100x8000000000000000695300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f893dfbd5229a4f02023-02-07 15:11:05.595root 11241100x8000000000000000695299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeb2d498b39356b2023-02-07 15:11:05.595root 11241100x8000000000000000695298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c646c083be46812023-02-07 15:11:05.595root 11241100x8000000000000000695307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0126ce96cf03feb2023-02-07 15:11:05.596root 11241100x8000000000000000695306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07011825b5a14322023-02-07 15:11:05.596root 11241100x8000000000000000695305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff27e5c85aeca052023-02-07 15:11:05.596root 11241100x8000000000000000695304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c947fa5a91390072023-02-07 15:11:05.596root 11241100x8000000000000000695303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9064fddf0bf7072023-02-07 15:11:05.596root 11241100x8000000000000000695302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b999db8ab4845a952023-02-07 15:11:05.596root 11241100x8000000000000000695314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e4c06c7a5494ff2023-02-07 15:11:05.597root 11241100x8000000000000000695313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ea6ffdaaf6f0ee2023-02-07 15:11:05.597root 11241100x8000000000000000695312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df0f30b3f78f09a2023-02-07 15:11:05.597root 11241100x8000000000000000695311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45175c830d54792023-02-07 15:11:05.597root 11241100x8000000000000000695310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cbd7f5817a977a2023-02-07 15:11:05.597root 11241100x8000000000000000695309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d755e8b801b9cf02023-02-07 15:11:05.597root 11241100x8000000000000000695308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0cb1735cc1d0072023-02-07 15:11:05.597root 11241100x8000000000000000695321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d062976c4c4d02023-02-07 15:11:05.598root 11241100x8000000000000000695320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724d762ab9e677e2023-02-07 15:11:05.598root 11241100x8000000000000000695319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25c643e2c82b3692023-02-07 15:11:05.598root 11241100x8000000000000000695318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faca5f018d79ad22023-02-07 15:11:05.598root 11241100x8000000000000000695317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3095ee018d45d2042023-02-07 15:11:05.598root 11241100x8000000000000000695316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9b8d855bc5a1f2023-02-07 15:11:05.598root 11241100x8000000000000000695315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671244bc6bd67db12023-02-07 15:11:05.598root 11241100x8000000000000000695329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c6a2e9cf1a38b62023-02-07 15:11:05.599root 11241100x8000000000000000695328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd0be6322ce22a62023-02-07 15:11:05.599root 11241100x8000000000000000695327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a4b3ab4aae61d2023-02-07 15:11:05.599root 11241100x8000000000000000695326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000a21818407c6e92023-02-07 15:11:05.599root 11241100x8000000000000000695325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8433f3b85e4ccf22023-02-07 15:11:05.599root 11241100x8000000000000000695324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d7175a5329f9d12023-02-07 15:11:05.599root 11241100x8000000000000000695323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffdff57fbf718e82023-02-07 15:11:05.599root 11241100x8000000000000000695322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749741c5e48d17282023-02-07 15:11:05.599root 11241100x8000000000000000695331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4fac29b1d303a2023-02-07 15:11:06.095root 11241100x8000000000000000695330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f124190d3556ea12023-02-07 15:11:06.095root 11241100x8000000000000000695332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12f2da1bc5c6b122023-02-07 15:11:06.096root 11241100x8000000000000000695343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fa2af475a06bb02023-02-07 15:11:06.097root 11241100x8000000000000000695342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc28c6c8c1f403f2023-02-07 15:11:06.097root 11241100x8000000000000000695341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b48dd213e4cb4352023-02-07 15:11:06.097root 11241100x8000000000000000695340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3611e8b2850f30f52023-02-07 15:11:06.097root 11241100x8000000000000000695339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a380f85468c2f6102023-02-07 15:11:06.097root 11241100x8000000000000000695338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cf17c605a9d5e82023-02-07 15:11:06.097root 11241100x8000000000000000695337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec86c041578c59f72023-02-07 15:11:06.097root 11241100x8000000000000000695336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870aaf446b5f4a3c2023-02-07 15:11:06.097root 11241100x8000000000000000695335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3775f8caeba051c2023-02-07 15:11:06.097root 11241100x8000000000000000695334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988b44b089af8b3f2023-02-07 15:11:06.097root 11241100x8000000000000000695333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8597c02825d733b52023-02-07 15:11:06.097root 11241100x8000000000000000695358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32642638f12002ef2023-02-07 15:11:06.098root 11241100x8000000000000000695357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac19b112ac970042023-02-07 15:11:06.098root 11241100x8000000000000000695356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7c8faaa133b92a2023-02-07 15:11:06.098root 11241100x8000000000000000695355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769fb9d32a22e542023-02-07 15:11:06.098root 11241100x8000000000000000695354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bc92133df255352023-02-07 15:11:06.098root 11241100x8000000000000000695353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6119ab887dca8b1e2023-02-07 15:11:06.098root 11241100x8000000000000000695352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83be2adf6f8beb92023-02-07 15:11:06.098root 11241100x8000000000000000695351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510f9def3abb0ecf2023-02-07 15:11:06.098root 11241100x8000000000000000695350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdce443556c3d9b2023-02-07 15:11:06.098root 11241100x8000000000000000695349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19af5a9d4c7b48022023-02-07 15:11:06.098root 11241100x8000000000000000695348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91c047b4859beba2023-02-07 15:11:06.098root 11241100x8000000000000000695347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4b0f7cdc84a6132023-02-07 15:11:06.098root 11241100x8000000000000000695346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b239604e4dcd40322023-02-07 15:11:06.098root 11241100x8000000000000000695345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2112d1ee8fe6cdae2023-02-07 15:11:06.098root 11241100x8000000000000000695344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c7009dca499c12023-02-07 15:11:06.098root 11241100x8000000000000000695359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7313f31cf8ecbc2023-02-07 15:11:06.099root 11241100x8000000000000000695363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500754ead3584dbf2023-02-07 15:11:06.595root 11241100x8000000000000000695362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14452aa30ef663e52023-02-07 15:11:06.595root 11241100x8000000000000000695361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e2cd21562b9d32023-02-07 15:11:06.595root 11241100x8000000000000000695360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4516baa84e0975c2023-02-07 15:11:06.595root 11241100x8000000000000000695370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a328397d04b42e62023-02-07 15:11:06.596root 11241100x8000000000000000695369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb6220e8785a1322023-02-07 15:11:06.596root 11241100x8000000000000000695368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54f2cb5b06ed3e52023-02-07 15:11:06.596root 11241100x8000000000000000695367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b3b2821fa673e42023-02-07 15:11:06.596root 11241100x8000000000000000695366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5c6427be1a2ab2023-02-07 15:11:06.596root 11241100x8000000000000000695365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada678d21f624d2f2023-02-07 15:11:06.596root 11241100x8000000000000000695364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170a8a08dbf8b34a2023-02-07 15:11:06.596root 11241100x8000000000000000695375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db16d99fcc1f8aad2023-02-07 15:11:06.597root 11241100x8000000000000000695374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58f970050c550232023-02-07 15:11:06.597root 11241100x8000000000000000695373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf056f9b78c90c42023-02-07 15:11:06.597root 11241100x8000000000000000695372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b6369df08018e2023-02-07 15:11:06.597root 11241100x8000000000000000695371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed15b5fa628119b2023-02-07 15:11:06.597root 11241100x8000000000000000695381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7202edbfa7d96b392023-02-07 15:11:06.598root 11241100x8000000000000000695380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb156094812294782023-02-07 15:11:06.598root 11241100x8000000000000000695379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2537e35b62ee30892023-02-07 15:11:06.598root 11241100x8000000000000000695378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a9f534bd64fcb12023-02-07 15:11:06.598root 11241100x8000000000000000695377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e157f1c2c444297d2023-02-07 15:11:06.598root 11241100x8000000000000000695376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd717e5f974549f22023-02-07 15:11:06.598root 11241100x8000000000000000695387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee431094a3823be2023-02-07 15:11:06.599root 11241100x8000000000000000695386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7818d4720a252f2023-02-07 15:11:06.599root 11241100x8000000000000000695385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270ea74da1fb7292023-02-07 15:11:06.599root 11241100x8000000000000000695384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3475171f0cf2b8a72023-02-07 15:11:06.599root 11241100x8000000000000000695383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f49b3d380dd2e2023-02-07 15:11:06.599root 11241100x8000000000000000695382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fdcd78cb4d60c92023-02-07 15:11:06.599root 11241100x8000000000000000695390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9d167514352a742023-02-07 15:11:06.600root 11241100x8000000000000000695389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024ddd578e1ec9612023-02-07 15:11:06.600root 11241100x8000000000000000695388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e935eb712c5c62592023-02-07 15:11:06.600root 11241100x8000000000000000695392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc9a888903f9d9a2023-02-07 15:11:06.601root 11241100x8000000000000000695391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f69d6604ac8a772023-02-07 15:11:06.601root 11241100x8000000000000000695394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f552a6023777eb962023-02-07 15:11:07.095root 11241100x8000000000000000695393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb23a7e7d20fc732023-02-07 15:11:07.095root 11241100x8000000000000000695397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c90ec8baba357f2023-02-07 15:11:07.096root 11241100x8000000000000000695396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f8183b5b2224b52023-02-07 15:11:07.096root 11241100x8000000000000000695395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafdd117a6ca69462023-02-07 15:11:07.096root 11241100x8000000000000000695402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afc1137682fe7792023-02-07 15:11:07.097root 11241100x8000000000000000695401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7c478b17555cde2023-02-07 15:11:07.097root 11241100x8000000000000000695400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c985e0835e87933d2023-02-07 15:11:07.097root 11241100x8000000000000000695399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd03f0f914b4edd2023-02-07 15:11:07.097root 11241100x8000000000000000695398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e309848232144e2023-02-07 15:11:07.097root 11241100x8000000000000000695411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78ca305b73c49982023-02-07 15:11:07.098root 11241100x8000000000000000695410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3e34f776a3b94f2023-02-07 15:11:07.098root 11241100x8000000000000000695409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46952affd6590cdc2023-02-07 15:11:07.098root 11241100x8000000000000000695408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fefd068455ac3b2023-02-07 15:11:07.098root 11241100x8000000000000000695407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b13b52dbc4795e72023-02-07 15:11:07.098root 11241100x8000000000000000695406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10bcd09d83b161b2023-02-07 15:11:07.098root 11241100x8000000000000000695405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67475248b86aef792023-02-07 15:11:07.098root 11241100x8000000000000000695404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31610b39cb6edb1f2023-02-07 15:11:07.098root 11241100x8000000000000000695403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ec5551f9e34f242023-02-07 15:11:07.098root 11241100x8000000000000000695417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6021328afd138b2023-02-07 15:11:07.099root 11241100x8000000000000000695416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f20de8772dd0562023-02-07 15:11:07.099root 11241100x8000000000000000695415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db9a8571388c2302023-02-07 15:11:07.099root 11241100x8000000000000000695414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36654eef4fb25cd82023-02-07 15:11:07.099root 11241100x8000000000000000695413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8432e5c65064fa882023-02-07 15:11:07.099root 11241100x8000000000000000695412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa92e817ce350b6b2023-02-07 15:11:07.099root 11241100x8000000000000000695422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06e7c434a20d562023-02-07 15:11:07.100root 11241100x8000000000000000695421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab3c28831606e602023-02-07 15:11:07.100root 11241100x8000000000000000695420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9170028b8bc7ef222023-02-07 15:11:07.100root 11241100x8000000000000000695419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733dee876071ca762023-02-07 15:11:07.100root 11241100x8000000000000000695418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20e71a72c97cc522023-02-07 15:11:07.100root 11241100x8000000000000000695426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426747b8ab5e0ea22023-02-07 15:11:07.595root 11241100x8000000000000000695425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4300cf6aba56721b2023-02-07 15:11:07.595root 11241100x8000000000000000695424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef619a6b6632bad42023-02-07 15:11:07.595root 11241100x8000000000000000695423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157ebca3b1e21f172023-02-07 15:11:07.595root 11241100x8000000000000000695434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3088cd5d4103f2c82023-02-07 15:11:07.596root 11241100x8000000000000000695433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce10906c4f279b02023-02-07 15:11:07.596root 11241100x8000000000000000695432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268a0eff07303f902023-02-07 15:11:07.596root 11241100x8000000000000000695431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1532a39ff2dd17c2023-02-07 15:11:07.596root 11241100x8000000000000000695430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b165e8b75a66693b2023-02-07 15:11:07.596root 11241100x8000000000000000695429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494618971eef946c2023-02-07 15:11:07.596root 11241100x8000000000000000695428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beb1a3ec938f8db2023-02-07 15:11:07.596root 11241100x8000000000000000695427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2130b634975b00d52023-02-07 15:11:07.596root 11241100x8000000000000000695438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe76992cc8b79b22023-02-07 15:11:07.597root 11241100x8000000000000000695437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc38043dc85f6772023-02-07 15:11:07.597root 11241100x8000000000000000695436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981e99e174ca7c32023-02-07 15:11:07.597root 11241100x8000000000000000695435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706eccfc2e11ad92023-02-07 15:11:07.597root 11241100x8000000000000000695442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308988f8aa5618b82023-02-07 15:11:07.598root 11241100x8000000000000000695441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa7dce03876003a2023-02-07 15:11:07.598root 11241100x8000000000000000695440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c17bff9babb9d4e2023-02-07 15:11:07.598root 11241100x8000000000000000695439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9915606d6c27d672023-02-07 15:11:07.598root 11241100x8000000000000000695445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8548c3fd3464f9402023-02-07 15:11:07.599root 11241100x8000000000000000695444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7897afcf1ede77172023-02-07 15:11:07.599root 11241100x8000000000000000695443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41d848e5e9d4b602023-02-07 15:11:07.599root 11241100x8000000000000000695449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55664a0361a019e62023-02-07 15:11:07.600root 11241100x8000000000000000695448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b30a49cd052b862023-02-07 15:11:07.600root 11241100x8000000000000000695447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7901465e47711ef62023-02-07 15:11:07.600root 11241100x8000000000000000695446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd73b6e0103c6362023-02-07 15:11:07.600root 11241100x8000000000000000695452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022f525a689b3b02023-02-07 15:11:07.601root 11241100x8000000000000000695451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b2db3564e1f1552023-02-07 15:11:07.601root 11241100x8000000000000000695450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f36f84d4e05e482023-02-07 15:11:07.601root 11241100x8000000000000000695454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6e0e963d32ee1f2023-02-07 15:11:07.602root 11241100x8000000000000000695453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c9f6a0c006f3712023-02-07 15:11:07.602root 11241100x8000000000000000695455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d6589ba5ac35032023-02-07 15:11:07.603root 11241100x8000000000000000695458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526ec280b035c93c2023-02-07 15:11:07.604root 11241100x8000000000000000695457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c3b41f49386de32023-02-07 15:11:07.604root 11241100x8000000000000000695456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fe0c2feea891342023-02-07 15:11:07.604root 11241100x8000000000000000695460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0b9bae700eae342023-02-07 15:11:07.605root 11241100x8000000000000000695459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:07.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7fb7c443dd13572023-02-07 15:11:07.605root 11241100x8000000000000000695462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2225efc3cb4a392023-02-07 15:11:08.095root 11241100x8000000000000000695461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d55db8059e365962023-02-07 15:11:08.095root 11241100x8000000000000000695466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04004d5f0a217302023-02-07 15:11:08.096root 11241100x8000000000000000695465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6c184d0fb0eb342023-02-07 15:11:08.096root 11241100x8000000000000000695464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e98633ae2db153e2023-02-07 15:11:08.096root 11241100x8000000000000000695463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a435de0e3dc8d2023-02-07 15:11:08.096root 11241100x8000000000000000695470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06db373efcce5a42023-02-07 15:11:08.097root 11241100x8000000000000000695469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e97c5f604837d92023-02-07 15:11:08.097root 11241100x8000000000000000695468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6228aefc33d16b2023-02-07 15:11:08.097root 11241100x8000000000000000695467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fead3ae55dd9aab22023-02-07 15:11:08.097root 11241100x8000000000000000695473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac8136f5425be1a2023-02-07 15:11:08.098root 11241100x8000000000000000695472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bc95b6bb59f1662023-02-07 15:11:08.098root 11241100x8000000000000000695471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a50073c32d6e8b42023-02-07 15:11:08.098root 11241100x8000000000000000695474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85db087dcb63d712023-02-07 15:11:08.099root 11241100x8000000000000000695476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ab615054fe08eb2023-02-07 15:11:08.100root 11241100x8000000000000000695475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98bcfe77fb1dc392023-02-07 15:11:08.100root 11241100x8000000000000000695478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abbcd33efc090072023-02-07 15:11:08.101root 11241100x8000000000000000695477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa34e35965b9d832023-02-07 15:11:08.101root 11241100x8000000000000000695480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a84417725c14a92023-02-07 15:11:08.102root 11241100x8000000000000000695479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ddc33ff4b27cbf2023-02-07 15:11:08.102root 11241100x8000000000000000695482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dec04aae8eeca62023-02-07 15:11:08.103root 11241100x8000000000000000695481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c52194af7436f2023-02-07 15:11:08.103root 11241100x8000000000000000695488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a843594401ece332023-02-07 15:11:08.104root 11241100x8000000000000000695487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9c7eda2596e0f22023-02-07 15:11:08.104root 11241100x8000000000000000695486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a782e943d2b672e2023-02-07 15:11:08.104root 11241100x8000000000000000695485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0069c134eb69402023-02-07 15:11:08.104root 11241100x8000000000000000695484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff9f70c47412d392023-02-07 15:11:08.104root 11241100x8000000000000000695483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaf1db130040d142023-02-07 15:11:08.104root 11241100x8000000000000000695492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378352b9758a359c2023-02-07 15:11:08.105root 11241100x8000000000000000695491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79457dd6fd3791f22023-02-07 15:11:08.105root 11241100x8000000000000000695490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86df3b0aaa02876f2023-02-07 15:11:08.105root 11241100x8000000000000000695489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4372d7efb013ca62023-02-07 15:11:08.105root 11241100x8000000000000000695495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac248f7e3f966e1f2023-02-07 15:11:08.595root 11241100x8000000000000000695494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ab71a20207770e2023-02-07 15:11:08.595root 11241100x8000000000000000695493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1e0b123917856f2023-02-07 15:11:08.595root 11241100x8000000000000000695502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20290f08e824cab92023-02-07 15:11:08.596root 11241100x8000000000000000695501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4460d0409413f2023-02-07 15:11:08.596root 11241100x8000000000000000695500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3067b460630d904b2023-02-07 15:11:08.596root 11241100x8000000000000000695499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eacf6108d462f62023-02-07 15:11:08.596root 11241100x8000000000000000695498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a3bcbe31c36e92023-02-07 15:11:08.596root 11241100x8000000000000000695497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb7af089c90075f2023-02-07 15:11:08.596root 11241100x8000000000000000695496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f67c051fe965f2b2023-02-07 15:11:08.596root 11241100x8000000000000000695508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e512074266d74c2023-02-07 15:11:08.597root 11241100x8000000000000000695507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7f50d914e55062023-02-07 15:11:08.597root 11241100x8000000000000000695506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384846d314410a692023-02-07 15:11:08.597root 11241100x8000000000000000695505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9600e3a93d2070e72023-02-07 15:11:08.597root 11241100x8000000000000000695504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d87f639fb7d53a2023-02-07 15:11:08.597root 11241100x8000000000000000695503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1290d893e3d18d622023-02-07 15:11:08.597root 11241100x8000000000000000695515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee840ec58c3b4192023-02-07 15:11:08.598root 11241100x8000000000000000695514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7490450c7cee6e2023-02-07 15:11:08.598root 11241100x8000000000000000695513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1168c469f20ac0152023-02-07 15:11:08.598root 11241100x8000000000000000695512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f63cbcbb463df172023-02-07 15:11:08.598root 11241100x8000000000000000695511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d6fa33e0e9f8872023-02-07 15:11:08.598root 11241100x8000000000000000695510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2bf06d457417e22023-02-07 15:11:08.598root 11241100x8000000000000000695509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298979ceb77a638c2023-02-07 15:11:08.598root 11241100x8000000000000000695523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254a6c1347dcef342023-02-07 15:11:08.599root 11241100x8000000000000000695522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024c6beb8ed1b612023-02-07 15:11:08.599root 11241100x8000000000000000695521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3118d70eadb71392023-02-07 15:11:08.599root 11241100x8000000000000000695520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e2fdfd6c3b0bdf2023-02-07 15:11:08.599root 11241100x8000000000000000695519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc499700ed0d1b782023-02-07 15:11:08.599root 11241100x8000000000000000695518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225f592c7fdf94582023-02-07 15:11:08.599root 11241100x8000000000000000695517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a4e3a71dbac76e2023-02-07 15:11:08.599root 11241100x8000000000000000695516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c42f3876b8625872023-02-07 15:11:08.599root 11241100x8000000000000000695525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265195681605e8852023-02-07 15:11:08.600root 11241100x8000000000000000695524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c104d4b1157554a2023-02-07 15:11:08.600root 354300x8000000000000000695526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.062{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60850-false10.0.1.12-8000- 11241100x8000000000000000695533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1739ddedb8d3317f2023-02-07 15:11:09.063root 11241100x8000000000000000695532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4f16e7689aad832023-02-07 15:11:09.063root 11241100x8000000000000000695531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86c973caabb50192023-02-07 15:11:09.063root 11241100x8000000000000000695530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9753cd659f12e7212023-02-07 15:11:09.063root 11241100x8000000000000000695529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d220ad60f939b92023-02-07 15:11:09.063root 11241100x8000000000000000695528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1b89e46a7a4c72023-02-07 15:11:09.063root 11241100x8000000000000000695527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb92b44f68a67f42023-02-07 15:11:09.063root 11241100x8000000000000000695545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d210731643fb4f32023-02-07 15:11:09.064root 11241100x8000000000000000695544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850edd403c2ef9952023-02-07 15:11:09.064root 11241100x8000000000000000695543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889bc82f4f4198812023-02-07 15:11:09.064root 11241100x8000000000000000695542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b68e8d512ae598a2023-02-07 15:11:09.064root 11241100x8000000000000000695541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bead2470396226c2023-02-07 15:11:09.064root 11241100x8000000000000000695540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e73cbee24e381f2023-02-07 15:11:09.064root 11241100x8000000000000000695539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47cdcde869468c52023-02-07 15:11:09.064root 11241100x8000000000000000695538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d74b4465e0d3a2023-02-07 15:11:09.064root 11241100x8000000000000000695537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bec09b4f6a67782023-02-07 15:11:09.064root 11241100x8000000000000000695536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac939fee204c9be02023-02-07 15:11:09.064root 11241100x8000000000000000695535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68918c425f2e4c252023-02-07 15:11:09.064root 11241100x8000000000000000695534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d402e487f073a3f2023-02-07 15:11:09.064root 11241100x8000000000000000695549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a03a4536fa4e5c2023-02-07 15:11:09.065root 11241100x8000000000000000695548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec5f93eb125d2152023-02-07 15:11:09.065root 11241100x8000000000000000695547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54633802213ff7232023-02-07 15:11:09.065root 11241100x8000000000000000695546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5c6fd7fda722532023-02-07 15:11:09.065root 11241100x8000000000000000695553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc6a672943b387b2023-02-07 15:11:09.066root 11241100x8000000000000000695552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdc4c8c31dfef3b2023-02-07 15:11:09.066root 11241100x8000000000000000695551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06233e854ab4dfc72023-02-07 15:11:09.066root 11241100x8000000000000000695550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7173609ca8457e2023-02-07 15:11:09.066root 11241100x8000000000000000695561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e113523d3269ae2023-02-07 15:11:09.067root 11241100x8000000000000000695560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a25018e2d14b49b2023-02-07 15:11:09.067root 11241100x8000000000000000695559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b98f35ad36672ed2023-02-07 15:11:09.067root 11241100x8000000000000000695558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821f6a775c9be6352023-02-07 15:11:09.067root 11241100x8000000000000000695557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18465d1ec539219a2023-02-07 15:11:09.067root 11241100x8000000000000000695556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828f6dee442137c02023-02-07 15:11:09.067root 11241100x8000000000000000695555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f2a3a3067aa6402023-02-07 15:11:09.067root 11241100x8000000000000000695554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851707a047ab8a672023-02-07 15:11:09.067root 11241100x8000000000000000695566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7605067d60691d82023-02-07 15:11:09.068root 11241100x8000000000000000695565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40a8a0c8b58c302023-02-07 15:11:09.068root 11241100x8000000000000000695564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5cc06bcf8199ab2023-02-07 15:11:09.068root 11241100x8000000000000000695563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8355fb1ebee594db2023-02-07 15:11:09.068root 11241100x8000000000000000695562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c342a2b3a77f598e2023-02-07 15:11:09.068root 11241100x8000000000000000695569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e6df58f757e0c2023-02-07 15:11:09.069root 11241100x8000000000000000695568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3f1ec7ddbff8972023-02-07 15:11:09.069root 11241100x8000000000000000695567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65baf68d3fe77d42023-02-07 15:11:09.069root 11241100x8000000000000000695574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6648c6ec590f8bf2023-02-07 15:11:09.346root 11241100x8000000000000000695573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f208a4a1f6d2df5d2023-02-07 15:11:09.346root 11241100x8000000000000000695572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41292e1b1951234c2023-02-07 15:11:09.346root 11241100x8000000000000000695571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe68d486cfff18312023-02-07 15:11:09.346root 11241100x8000000000000000695570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79513ca95594f3f42023-02-07 15:11:09.346root 11241100x8000000000000000695579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756732e4e22cd98a2023-02-07 15:11:09.347root 11241100x8000000000000000695578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe790321622a692023-02-07 15:11:09.347root 11241100x8000000000000000695577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f780f29ab3742b2023-02-07 15:11:09.347root 11241100x8000000000000000695576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038122bd503c018e2023-02-07 15:11:09.347root 11241100x8000000000000000695575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9da97289f8c6a2023-02-07 15:11:09.347root 11241100x8000000000000000695584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2988cac270ae48dc2023-02-07 15:11:09.348root 11241100x8000000000000000695583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e851c7feee64bd8f2023-02-07 15:11:09.348root 11241100x8000000000000000695582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70acf4734e0edff72023-02-07 15:11:09.348root 11241100x8000000000000000695581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74605c28ed0cadee2023-02-07 15:11:09.348root 11241100x8000000000000000695580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538e7aafd3e3ab0e2023-02-07 15:11:09.348root 11241100x8000000000000000695588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1fa9734d28c6f2023-02-07 15:11:09.349root 11241100x8000000000000000695587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65eccab64aabad32023-02-07 15:11:09.349root 11241100x8000000000000000695586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9545ee2182e6632023-02-07 15:11:09.349root 11241100x8000000000000000695585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c31253db9518c2023-02-07 15:11:09.349root 11241100x8000000000000000695595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87444e3e14849812023-02-07 15:11:09.350root 11241100x8000000000000000695594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1befcf67cc27d72023-02-07 15:11:09.350root 11241100x8000000000000000695593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3f50644ff4818a2023-02-07 15:11:09.350root 11241100x8000000000000000695592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf79afef4b60b722023-02-07 15:11:09.350root 11241100x8000000000000000695591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0827c7dade6fce22023-02-07 15:11:09.350root 11241100x8000000000000000695590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bdf08cb0e7bc902023-02-07 15:11:09.350root 11241100x8000000000000000695589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429abbee42b9264a2023-02-07 15:11:09.350root 11241100x8000000000000000695598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4868b372ba1b6d732023-02-07 15:11:09.351root 11241100x8000000000000000695597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c6ccbd0f474e42023-02-07 15:11:09.351root 11241100x8000000000000000695596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3119a4cbbe205b012023-02-07 15:11:09.351root 11241100x8000000000000000695599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73e36dcc14267942023-02-07 15:11:09.845root 11241100x8000000000000000695602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c3be94040712522023-02-07 15:11:09.846root 11241100x8000000000000000695601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdf0fd9c108f1a52023-02-07 15:11:09.846root 11241100x8000000000000000695600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a893c44f357036e2023-02-07 15:11:09.846root 11241100x8000000000000000695605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e55d485329362f2023-02-07 15:11:09.847root 11241100x8000000000000000695604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d67353cbf4c2a32023-02-07 15:11:09.847root 11241100x8000000000000000695603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7404056ba9ad6b292023-02-07 15:11:09.847root 11241100x8000000000000000695612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d31054661eb922023-02-07 15:11:09.848root 11241100x8000000000000000695611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7319633d34b97122023-02-07 15:11:09.848root 11241100x8000000000000000695610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5237e63f9dd6b972023-02-07 15:11:09.848root 11241100x8000000000000000695609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02fe849cf7b29a22023-02-07 15:11:09.848root 11241100x8000000000000000695608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0344a4f8c0a47a82023-02-07 15:11:09.848root 11241100x8000000000000000695607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531f53fffbac4ba22023-02-07 15:11:09.848root 11241100x8000000000000000695606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4662e28fd6305e822023-02-07 15:11:09.848root 11241100x8000000000000000695619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3774d3320596e3222023-02-07 15:11:09.849root 11241100x8000000000000000695618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510b5f99314a279d2023-02-07 15:11:09.849root 11241100x8000000000000000695617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1480597941d612c2023-02-07 15:11:09.849root 11241100x8000000000000000695616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e576fe5e5dda8562023-02-07 15:11:09.849root 11241100x8000000000000000695615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79893926d368a2162023-02-07 15:11:09.849root 11241100x8000000000000000695614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaac77f8f880e1b2023-02-07 15:11:09.849root 11241100x8000000000000000695613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c6ccace4aab0702023-02-07 15:11:09.849root 11241100x8000000000000000695626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736f436ef940b74a2023-02-07 15:11:09.850root 11241100x8000000000000000695625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f8a50d8af3ac892023-02-07 15:11:09.850root 11241100x8000000000000000695624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8685472651cfcc6e2023-02-07 15:11:09.850root 11241100x8000000000000000695623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110e24b85f09baf82023-02-07 15:11:09.850root 11241100x8000000000000000695622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aeabaa5b1138f52023-02-07 15:11:09.850root 11241100x8000000000000000695621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0e1ddee34311c52023-02-07 15:11:09.850root 11241100x8000000000000000695620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99740fa9e569b862023-02-07 15:11:09.850root 11241100x8000000000000000695628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003ecf3bdc349afc2023-02-07 15:11:09.851root 11241100x8000000000000000695627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:09.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fefd9b38b00d4a2023-02-07 15:11:09.851root 11241100x8000000000000000695632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2080bbc0e2b83b02023-02-07 15:11:10.346root 11241100x8000000000000000695631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9e08814f1c4d592023-02-07 15:11:10.346root 11241100x8000000000000000695630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa83550c1e9af672023-02-07 15:11:10.346root 11241100x8000000000000000695629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405d25ee78f2bfe2023-02-07 15:11:10.346root 11241100x8000000000000000695645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19e4d7003f56e882023-02-07 15:11:10.347root 11241100x8000000000000000695644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94faf1eae07bd6122023-02-07 15:11:10.347root 11241100x8000000000000000695643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9309a69b188a362023-02-07 15:11:10.347root 11241100x8000000000000000695642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb3cb9e552ee6702023-02-07 15:11:10.347root 11241100x8000000000000000695641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fe37fc4f7b843a2023-02-07 15:11:10.347root 11241100x8000000000000000695640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e813421e244a0962023-02-07 15:11:10.347root 11241100x8000000000000000695639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d600a1f7d8047b332023-02-07 15:11:10.347root 11241100x8000000000000000695638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5fda69c200b17a2023-02-07 15:11:10.347root 11241100x8000000000000000695637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9107371fe23fef4f2023-02-07 15:11:10.347root 11241100x8000000000000000695636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f2989879d9ab702023-02-07 15:11:10.347root 11241100x8000000000000000695635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820dd153bec62e392023-02-07 15:11:10.347root 11241100x8000000000000000695634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665ea9f0344b462f2023-02-07 15:11:10.347root 11241100x8000000000000000695633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d784e31ad11dcb92023-02-07 15:11:10.347root 11241100x8000000000000000695655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e973fb34a17152023-02-07 15:11:10.348root 11241100x8000000000000000695654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8acb0ec429e9d192023-02-07 15:11:10.348root 11241100x8000000000000000695653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edb130bbc9094622023-02-07 15:11:10.348root 11241100x8000000000000000695652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d524af7bf60d32212023-02-07 15:11:10.348root 11241100x8000000000000000695651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb038c1595b22cf2023-02-07 15:11:10.348root 11241100x8000000000000000695650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f20821b55a33802023-02-07 15:11:10.348root 11241100x8000000000000000695649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19121f4993ddd0f02023-02-07 15:11:10.348root 11241100x8000000000000000695648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8431af89fa62c3112023-02-07 15:11:10.348root 11241100x8000000000000000695647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600860b8520503c32023-02-07 15:11:10.348root 11241100x8000000000000000695646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce493462cfa42af32023-02-07 15:11:10.348root 11241100x8000000000000000695656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0166aad66c7df32023-02-07 15:11:10.349root 11241100x8000000000000000695657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82973951f65e36fb2023-02-07 15:11:10.350root 11241100x8000000000000000695665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0be0c3734a1b02023-02-07 15:11:10.846root 11241100x8000000000000000695664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f602baadd8080e302023-02-07 15:11:10.846root 11241100x8000000000000000695663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a4367bec1cadd42023-02-07 15:11:10.846root 11241100x8000000000000000695662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c9cbbde6bc83272023-02-07 15:11:10.846root 11241100x8000000000000000695661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646031530d9038c72023-02-07 15:11:10.846root 11241100x8000000000000000695660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c454eb376e44ea2023-02-07 15:11:10.846root 11241100x8000000000000000695659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece0ca56f3e7e8fe2023-02-07 15:11:10.846root 11241100x8000000000000000695658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e63b21e1942c1e42023-02-07 15:11:10.846root 11241100x8000000000000000695670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103922cc2055a71a2023-02-07 15:11:10.847root 11241100x8000000000000000695669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20f913bee4584a02023-02-07 15:11:10.847root 11241100x8000000000000000695668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb222a8f13bb332023-02-07 15:11:10.847root 11241100x8000000000000000695667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d5d004ad1abed2023-02-07 15:11:10.847root 11241100x8000000000000000695666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28d497332b5757c2023-02-07 15:11:10.847root 11241100x8000000000000000695680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe18dd6044db6082023-02-07 15:11:10.848root 11241100x8000000000000000695679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d02c0bd66d559c2023-02-07 15:11:10.848root 11241100x8000000000000000695678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db6b2ca127666282023-02-07 15:11:10.848root 11241100x8000000000000000695677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1af18872200bf742023-02-07 15:11:10.848root 11241100x8000000000000000695676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531de1aba57883f82023-02-07 15:11:10.848root 11241100x8000000000000000695675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a33e94a3a4627612023-02-07 15:11:10.848root 11241100x8000000000000000695674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4685755b566a05d2023-02-07 15:11:10.848root 11241100x8000000000000000695673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92706edc7fed541f2023-02-07 15:11:10.848root 11241100x8000000000000000695672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9505cf85b39a1e2023-02-07 15:11:10.848root 11241100x8000000000000000695671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7eff5db8fe9c682023-02-07 15:11:10.848root 11241100x8000000000000000695686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167927ca22ef7caf2023-02-07 15:11:10.849root 11241100x8000000000000000695685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbf068392ea0e9a2023-02-07 15:11:10.849root 11241100x8000000000000000695684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6446a99bd83612fa2023-02-07 15:11:10.849root 11241100x8000000000000000695683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12d65cb57707bca2023-02-07 15:11:10.849root 11241100x8000000000000000695682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4afe42ece21a102023-02-07 15:11:10.849root 11241100x8000000000000000695681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:10.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0771d2fd4f054902023-02-07 15:11:10.849root 11241100x8000000000000000695688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799a4f55ebfc9352023-02-07 15:11:11.346root 11241100x8000000000000000695687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ccaf31a9fc1962023-02-07 15:11:11.346root 11241100x8000000000000000695692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09578d9f790a48b2023-02-07 15:11:11.347root 11241100x8000000000000000695691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484a710722e0cf2e2023-02-07 15:11:11.347root 11241100x8000000000000000695690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f2480f86cfe6dd2023-02-07 15:11:11.347root 11241100x8000000000000000695689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1522cdc656c15c762023-02-07 15:11:11.347root 11241100x8000000000000000695693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f6af5707f38f9e2023-02-07 15:11:11.348root 11241100x8000000000000000695694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da0860027dbd732023-02-07 15:11:11.349root 11241100x8000000000000000695695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df717de9eff247362023-02-07 15:11:11.350root 11241100x8000000000000000695697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b952f04c090f29352023-02-07 15:11:11.351root 11241100x8000000000000000695696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee5dfdfc17628322023-02-07 15:11:11.351root 11241100x8000000000000000695700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d0f7684b2b63492023-02-07 15:11:11.352root 11241100x8000000000000000695699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118421bb4c275f672023-02-07 15:11:11.352root 11241100x8000000000000000695698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e74b79900605de2023-02-07 15:11:11.352root 11241100x8000000000000000695703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640e583cf35e667b2023-02-07 15:11:11.353root 11241100x8000000000000000695702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a9dce9be7045492023-02-07 15:11:11.353root 11241100x8000000000000000695701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad7afe292c682772023-02-07 15:11:11.353root 11241100x8000000000000000695704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9190496e23e7ff3e2023-02-07 15:11:11.355root 11241100x8000000000000000695713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e238d8f31600c70a2023-02-07 15:11:11.356root 11241100x8000000000000000695712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090800ad315b47042023-02-07 15:11:11.356root 11241100x8000000000000000695711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea10ab11fe834652023-02-07 15:11:11.356root 11241100x8000000000000000695710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f590938328425342023-02-07 15:11:11.356root 11241100x8000000000000000695709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc82ef618a129fe82023-02-07 15:11:11.356root 11241100x8000000000000000695708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5923522a8e9222023-02-07 15:11:11.356root 11241100x8000000000000000695707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b9b667f1fff8c12023-02-07 15:11:11.356root 11241100x8000000000000000695706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ddd6aa0fd3233a2023-02-07 15:11:11.356root 11241100x8000000000000000695705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c31d94e27cf4a062023-02-07 15:11:11.356root 11241100x8000000000000000695715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a7908b88d6ea132023-02-07 15:11:11.357root 11241100x8000000000000000695714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eab1022557d1efd2023-02-07 15:11:11.357root 11241100x8000000000000000695722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7288f07867ea1c0a2023-02-07 15:11:11.846root 11241100x8000000000000000695721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0adab0e6d6df5c72023-02-07 15:11:11.846root 11241100x8000000000000000695720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06381fb16870a4792023-02-07 15:11:11.846root 11241100x8000000000000000695719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f5752acac715dd2023-02-07 15:11:11.846root 11241100x8000000000000000695718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34ca968cb9a96a32023-02-07 15:11:11.846root 11241100x8000000000000000695717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37b5d17e3a833d2023-02-07 15:11:11.846root 11241100x8000000000000000695716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdd39f6da3f5ac12023-02-07 15:11:11.846root 11241100x8000000000000000695728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad64f8414aa34e2023-02-07 15:11:11.847root 11241100x8000000000000000695727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34885d737a7f05b2023-02-07 15:11:11.847root 11241100x8000000000000000695726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbd2a4d80e7a6f62023-02-07 15:11:11.847root 11241100x8000000000000000695725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e3f228b0f9f032023-02-07 15:11:11.847root 11241100x8000000000000000695724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd00524b628af3a2023-02-07 15:11:11.847root 11241100x8000000000000000695723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0700ea9ec73e12023-02-07 15:11:11.847root 11241100x8000000000000000695742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed95778938f8cb472023-02-07 15:11:11.848root 11241100x8000000000000000695741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0036fd5c8e5717582023-02-07 15:11:11.848root 11241100x8000000000000000695740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139c8bc6219d38a82023-02-07 15:11:11.848root 11241100x8000000000000000695739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a8d3c12d16e4d42023-02-07 15:11:11.848root 11241100x8000000000000000695738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584e47ca892cb6382023-02-07 15:11:11.848root 11241100x8000000000000000695737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59faced859e7ae02023-02-07 15:11:11.848root 11241100x8000000000000000695736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6573db7e9eed9a62023-02-07 15:11:11.848root 11241100x8000000000000000695735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1959ca8376716c2023-02-07 15:11:11.848root 11241100x8000000000000000695734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7608d4a55cafa302023-02-07 15:11:11.848root 11241100x8000000000000000695733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef700efd570f062023-02-07 15:11:11.848root 11241100x8000000000000000695732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba704b8c043e6ed2023-02-07 15:11:11.848root 11241100x8000000000000000695731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196bbe8991db4eb52023-02-07 15:11:11.848root 11241100x8000000000000000695730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7410fb45c93d6e4b2023-02-07 15:11:11.848root 11241100x8000000000000000695729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323fdb3c29c364ec2023-02-07 15:11:11.848root 11241100x8000000000000000695744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37044d8e28cc6a5e2023-02-07 15:11:11.849root 11241100x8000000000000000695743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:11.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2ab3ca7bee356c2023-02-07 15:11:11.849root 11241100x8000000000000000695749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299c472234f17b462023-02-07 15:11:12.346root 11241100x8000000000000000695748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2268d71ff488c3cd2023-02-07 15:11:12.346root 11241100x8000000000000000695747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ac84fc8fcd4d42023-02-07 15:11:12.346root 11241100x8000000000000000695746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10913cb36dcc5bea2023-02-07 15:11:12.346root 11241100x8000000000000000695745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c23343c09003fb22023-02-07 15:11:12.346root 11241100x8000000000000000695754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baa6fee6b152cfb2023-02-07 15:11:12.347root 11241100x8000000000000000695753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea730b15b3bce9702023-02-07 15:11:12.347root 11241100x8000000000000000695752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f5e1ad6bfbbbc82023-02-07 15:11:12.347root 11241100x8000000000000000695751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44389855d7df4ba2023-02-07 15:11:12.347root 11241100x8000000000000000695750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389c0e93bded02752023-02-07 15:11:12.347root 11241100x8000000000000000695757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70321a8706647662023-02-07 15:11:12.348root 11241100x8000000000000000695756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6c7d1807a2e3c72023-02-07 15:11:12.348root 11241100x8000000000000000695755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b38df34e89da0b2023-02-07 15:11:12.348root 11241100x8000000000000000695758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f948514e065bd552023-02-07 15:11:12.349root 11241100x8000000000000000695765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471268c82ebd19252023-02-07 15:11:12.350root 11241100x8000000000000000695764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2211a3e65c9f362023-02-07 15:11:12.350root 11241100x8000000000000000695763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5a34d7eee529392023-02-07 15:11:12.350root 11241100x8000000000000000695762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400f7d5ee7279add2023-02-07 15:11:12.350root 11241100x8000000000000000695761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b2499136ef3142023-02-07 15:11:12.350root 11241100x8000000000000000695760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c68134572739282023-02-07 15:11:12.350root 11241100x8000000000000000695759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340f31ae28216d862023-02-07 15:11:12.350root 11241100x8000000000000000695771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e546f3b38399d232023-02-07 15:11:12.351root 11241100x8000000000000000695770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5ca1961f1dfe292023-02-07 15:11:12.351root 11241100x8000000000000000695769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a05d449c0bf4ba2023-02-07 15:11:12.351root 11241100x8000000000000000695768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb9cad83f68cb342023-02-07 15:11:12.351root 11241100x8000000000000000695767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5c9a41716e83d72023-02-07 15:11:12.351root 11241100x8000000000000000695766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1194225e332c962023-02-07 15:11:12.351root 11241100x8000000000000000695773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6331e8f122e7dea52023-02-07 15:11:12.352root 11241100x8000000000000000695772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abed86d99a57e6a52023-02-07 15:11:12.352root 11241100x8000000000000000695778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8741c20a51626152023-02-07 15:11:12.846root 11241100x8000000000000000695777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8703afa932086b162023-02-07 15:11:12.846root 11241100x8000000000000000695776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6592bf2126fff9482023-02-07 15:11:12.846root 11241100x8000000000000000695775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ea5c47610d3b7c2023-02-07 15:11:12.846root 11241100x8000000000000000695774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aea61cc2453fa2d2023-02-07 15:11:12.846root 11241100x8000000000000000695785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f42a2ee77f3cec02023-02-07 15:11:12.847root 11241100x8000000000000000695784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5fa7fe9ea16b52023-02-07 15:11:12.847root 11241100x8000000000000000695783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569f99cdf04b93cb2023-02-07 15:11:12.847root 11241100x8000000000000000695782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fda9a9785a8758d2023-02-07 15:11:12.847root 11241100x8000000000000000695781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7e664f7180412d2023-02-07 15:11:12.847root 11241100x8000000000000000695780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1142861a39cc039a2023-02-07 15:11:12.847root 11241100x8000000000000000695779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb09e838434f600b2023-02-07 15:11:12.847root 11241100x8000000000000000695791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe785a6b2df252942023-02-07 15:11:12.848root 11241100x8000000000000000695790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e837597f618af98e2023-02-07 15:11:12.848root 11241100x8000000000000000695789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943887269353cd142023-02-07 15:11:12.848root 11241100x8000000000000000695788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc536111a19dd322023-02-07 15:11:12.848root 11241100x8000000000000000695787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9d66f59868d42e2023-02-07 15:11:12.848root 11241100x8000000000000000695786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d34b894dce44a2023-02-07 15:11:12.848root 11241100x8000000000000000695797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac6f4ed2a6a8ee2023-02-07 15:11:12.849root 11241100x8000000000000000695796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916864ba7b8f49102023-02-07 15:11:12.849root 11241100x8000000000000000695795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfc11c605f98f3d2023-02-07 15:11:12.849root 11241100x8000000000000000695794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de179ce393c679cc2023-02-07 15:11:12.849root 11241100x8000000000000000695793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4275ed91e554882023-02-07 15:11:12.849root 11241100x8000000000000000695792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17db8204beb9d6a2023-02-07 15:11:12.849root 11241100x8000000000000000695801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1668c8116d7c52c72023-02-07 15:11:12.850root 11241100x8000000000000000695800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d362fb4adeb88bc2023-02-07 15:11:12.850root 11241100x8000000000000000695799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f18d712998685a2023-02-07 15:11:12.850root 11241100x8000000000000000695798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56839a5e2daee9ab2023-02-07 15:11:12.850root 11241100x8000000000000000695802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:12.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e5bbe96cfa00f12023-02-07 15:11:12.851root 11241100x8000000000000000695809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90379cf86b92530b2023-02-07 15:11:13.346root 11241100x8000000000000000695808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afed1b027480844e2023-02-07 15:11:13.346root 11241100x8000000000000000695807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a709a0413d940cf2023-02-07 15:11:13.346root 11241100x8000000000000000695806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabf4e9183a496882023-02-07 15:11:13.346root 11241100x8000000000000000695805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d7b04fe22dee9f2023-02-07 15:11:13.346root 11241100x8000000000000000695804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c6effaf0d173202023-02-07 15:11:13.346root 11241100x8000000000000000695803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d25de5fe78bf122023-02-07 15:11:13.346root 11241100x8000000000000000695813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37214a88807f72a62023-02-07 15:11:13.347root 11241100x8000000000000000695812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174dd9d5a64df2652023-02-07 15:11:13.347root 11241100x8000000000000000695811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04fc0dad07b488d2023-02-07 15:11:13.347root 11241100x8000000000000000695810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca528006b20c42c2023-02-07 15:11:13.347root 11241100x8000000000000000695822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721b377e8c0341682023-02-07 15:11:13.348root 11241100x8000000000000000695821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae763423b9a9f12023-02-07 15:11:13.348root 11241100x8000000000000000695820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fab84c42feeb952023-02-07 15:11:13.348root 11241100x8000000000000000695819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a466e31b8a76d9922023-02-07 15:11:13.348root 11241100x8000000000000000695818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae071611acd7ae2023-02-07 15:11:13.348root 11241100x8000000000000000695817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0b13f27b5c46f22023-02-07 15:11:13.348root 11241100x8000000000000000695816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b8c35eb686fd872023-02-07 15:11:13.348root 11241100x8000000000000000695815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8036b5e22b850ab2023-02-07 15:11:13.348root 11241100x8000000000000000695814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e3b19be8dfc172023-02-07 15:11:13.348root 11241100x8000000000000000695830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e50ce0ac4bdc8742023-02-07 15:11:13.349root 11241100x8000000000000000695829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa290e8b432a3d702023-02-07 15:11:13.349root 11241100x8000000000000000695828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c66581824e9382023-02-07 15:11:13.349root 11241100x8000000000000000695827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d88285ba3e2c0352023-02-07 15:11:13.349root 11241100x8000000000000000695826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606d68969fa98ea42023-02-07 15:11:13.349root 11241100x8000000000000000695825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabaaa69a520a1512023-02-07 15:11:13.349root 11241100x8000000000000000695824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48909ac3542ff9c52023-02-07 15:11:13.349root 11241100x8000000000000000695823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a08bdeeb6baa252023-02-07 15:11:13.349root 11241100x8000000000000000695831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebf149f33f227d02023-02-07 15:11:13.350root 11241100x8000000000000000695835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbca23c20278aff2023-02-07 15:11:13.846root 11241100x8000000000000000695834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb30fefdc9a10c2023-02-07 15:11:13.846root 11241100x8000000000000000695833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f028448c75107c2023-02-07 15:11:13.846root 11241100x8000000000000000695832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28696f95daa2af1d2023-02-07 15:11:13.846root 11241100x8000000000000000695841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2344c9c761eebcfb2023-02-07 15:11:13.847root 11241100x8000000000000000695840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a1e5760a7171562023-02-07 15:11:13.847root 11241100x8000000000000000695839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38e37cef90638492023-02-07 15:11:13.847root 11241100x8000000000000000695838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37317d4d18457ff92023-02-07 15:11:13.847root 11241100x8000000000000000695837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efb92e7be74b4352023-02-07 15:11:13.847root 11241100x8000000000000000695836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958264f813c3cb4a2023-02-07 15:11:13.847root 11241100x8000000000000000695848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d106ddd05edd56802023-02-07 15:11:13.848root 11241100x8000000000000000695847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28d3113513d97e62023-02-07 15:11:13.848root 11241100x8000000000000000695846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51801824a7deaee2023-02-07 15:11:13.848root 11241100x8000000000000000695845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82ec3108b68ef032023-02-07 15:11:13.848root 11241100x8000000000000000695844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b8f28d1f87b7002023-02-07 15:11:13.848root 11241100x8000000000000000695843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4029c7b3977565e2023-02-07 15:11:13.848root 11241100x8000000000000000695842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04d78dc7bb07792023-02-07 15:11:13.848root 11241100x8000000000000000695858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec313ba9d3df65e2023-02-07 15:11:13.849root 11241100x8000000000000000695857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db7e37544253ec72023-02-07 15:11:13.849root 11241100x8000000000000000695856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04381d1cb5482e232023-02-07 15:11:13.849root 11241100x8000000000000000695855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e128c015a837b32023-02-07 15:11:13.849root 11241100x8000000000000000695854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea55cbf14b4e2e82023-02-07 15:11:13.849root 11241100x8000000000000000695853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d69ca30daf0f92023-02-07 15:11:13.849root 11241100x8000000000000000695852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70c8f3f858ec9072023-02-07 15:11:13.849root 11241100x8000000000000000695851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e6db123dc0d3ac2023-02-07 15:11:13.849root 11241100x8000000000000000695850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bba9accaae770322023-02-07 15:11:13.849root 11241100x8000000000000000695849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67361703f29c27c82023-02-07 15:11:13.849root 11241100x8000000000000000695860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ce5a3c5d220f142023-02-07 15:11:13.850root 11241100x8000000000000000695859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:13.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c31aa40ff50e062023-02-07 15:11:13.850root 354300x8000000000000000695861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.079{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60856-false10.0.1.12-8000- 11241100x8000000000000000695865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ead2c68ea538a702023-02-07 15:11:14.346root 11241100x8000000000000000695864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf11716bc9be4792023-02-07 15:11:14.346root 11241100x8000000000000000695863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e83da6f36b09e7c2023-02-07 15:11:14.346root 11241100x8000000000000000695862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcdd621492228db2023-02-07 15:11:14.346root 11241100x8000000000000000695873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92930d18092c8ed2023-02-07 15:11:14.347root 11241100x8000000000000000695872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e9b5aa1e817c092023-02-07 15:11:14.347root 11241100x8000000000000000695871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5318b63e89a0d0912023-02-07 15:11:14.347root 11241100x8000000000000000695870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27694b60b50384602023-02-07 15:11:14.347root 11241100x8000000000000000695869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae27e352d890cce2023-02-07 15:11:14.347root 11241100x8000000000000000695868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bd7599bf060ee92023-02-07 15:11:14.347root 11241100x8000000000000000695867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23edbb0577b3e83b2023-02-07 15:11:14.347root 11241100x8000000000000000695866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07ba3920b51d89d2023-02-07 15:11:14.347root 11241100x8000000000000000695880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfecb6d5da007b52023-02-07 15:11:14.348root 11241100x8000000000000000695879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2e476d656ee08f2023-02-07 15:11:14.348root 11241100x8000000000000000695878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f1187eb437de72023-02-07 15:11:14.348root 11241100x8000000000000000695877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4422032e547839e2023-02-07 15:11:14.348root 11241100x8000000000000000695876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f62aa5a7e20fc942023-02-07 15:11:14.348root 11241100x8000000000000000695875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d616de7ed3ca02bd2023-02-07 15:11:14.348root 11241100x8000000000000000695874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b4947255c870522023-02-07 15:11:14.348root 11241100x8000000000000000695887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88abed39508488642023-02-07 15:11:14.349root 11241100x8000000000000000695886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40201c9397ff69492023-02-07 15:11:14.349root 11241100x8000000000000000695885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1c509cd42b8ca2023-02-07 15:11:14.349root 11241100x8000000000000000695884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87807ef72a28972023-02-07 15:11:14.349root 11241100x8000000000000000695883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd363910304faf42023-02-07 15:11:14.349root 11241100x8000000000000000695882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba42ac1b1badcf42023-02-07 15:11:14.349root 11241100x8000000000000000695881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be964cde07498292023-02-07 15:11:14.349root 11241100x8000000000000000695891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728d9155ecb8b7d12023-02-07 15:11:14.350root 11241100x8000000000000000695890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b9dd9257927ebd2023-02-07 15:11:14.350root 11241100x8000000000000000695889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8852346d3b3fa6062023-02-07 15:11:14.350root 11241100x8000000000000000695888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25524691183750a2023-02-07 15:11:14.350root 354300x8000000000000000695892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.532{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42110-false10.0.1.12-8089- 11241100x8000000000000000695896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b772391ccc41a52023-02-07 15:11:14.846root 11241100x8000000000000000695895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3e83f10e4151302023-02-07 15:11:14.846root 11241100x8000000000000000695894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5871f1c0f432c6d42023-02-07 15:11:14.846root 11241100x8000000000000000695893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d32a8bf6b17047f2023-02-07 15:11:14.846root 11241100x8000000000000000695904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b3f7be03bac2e12023-02-07 15:11:14.847root 11241100x8000000000000000695903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9ac24bbd6e86512023-02-07 15:11:14.847root 11241100x8000000000000000695902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876e18f6043769602023-02-07 15:11:14.847root 11241100x8000000000000000695901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a4494a5b98ac362023-02-07 15:11:14.847root 11241100x8000000000000000695900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee24b59e113f0b42023-02-07 15:11:14.847root 11241100x8000000000000000695899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a652c5b575e01eb2023-02-07 15:11:14.847root 11241100x8000000000000000695898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c25c3e380513782023-02-07 15:11:14.847root 11241100x8000000000000000695897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5492edced81322bb2023-02-07 15:11:14.847root 11241100x8000000000000000695911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a9e52932f529452023-02-07 15:11:14.848root 11241100x8000000000000000695910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8cda033d77471b2023-02-07 15:11:14.848root 11241100x8000000000000000695909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b3b1343bb210bc2023-02-07 15:11:14.848root 11241100x8000000000000000695908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb16afb9ba13bde52023-02-07 15:11:14.848root 11241100x8000000000000000695907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352b6a1cbf1d11e82023-02-07 15:11:14.848root 11241100x8000000000000000695906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b53e610afb569d52023-02-07 15:11:14.848root 11241100x8000000000000000695905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54da098b79672bd52023-02-07 15:11:14.848root 11241100x8000000000000000695918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385d62a98ec4f9f22023-02-07 15:11:14.851root 11241100x8000000000000000695917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aece8f83ac05b1732023-02-07 15:11:14.851root 11241100x8000000000000000695916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb700b58f0357492023-02-07 15:11:14.851root 11241100x8000000000000000695915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d97dfbfcc052442023-02-07 15:11:14.851root 11241100x8000000000000000695914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70f187798ec82b92023-02-07 15:11:14.851root 11241100x8000000000000000695913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d078a32e8f1ddbf32023-02-07 15:11:14.851root 11241100x8000000000000000695912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf78970985035f622023-02-07 15:11:14.851root 11241100x8000000000000000695923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f362f7bb6675452023-02-07 15:11:14.852root 11241100x8000000000000000695922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed3812e913290f2023-02-07 15:11:14.852root 11241100x8000000000000000695921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44d6a7a39d06e82023-02-07 15:11:14.852root 11241100x8000000000000000695920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb262c00906a042023-02-07 15:11:14.852root 11241100x8000000000000000695919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:14.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78eeff3cee80eb2023-02-07 15:11:14.852root 11241100x8000000000000000695925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc691a75ba5d572023-02-07 15:11:15.346root 11241100x8000000000000000695924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51ee8c4b58a8b7d2023-02-07 15:11:15.346root 11241100x8000000000000000695933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb138ffaf32e4c12023-02-07 15:11:15.347root 11241100x8000000000000000695932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f91eb54c2bec2b2023-02-07 15:11:15.347root 11241100x8000000000000000695931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9a7c3d1afc57c62023-02-07 15:11:15.347root 11241100x8000000000000000695930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3417343ddd1acb062023-02-07 15:11:15.347root 11241100x8000000000000000695929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6fe489239283752023-02-07 15:11:15.347root 11241100x8000000000000000695928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268ebbfb1ac771ca2023-02-07 15:11:15.347root 11241100x8000000000000000695927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02dbfbd245cf37a2023-02-07 15:11:15.347root 11241100x8000000000000000695926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed89df5c4476fe2023-02-07 15:11:15.347root 11241100x8000000000000000695936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b8da4cdf32ac32023-02-07 15:11:15.348root 11241100x8000000000000000695935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277380f655ed8a1e2023-02-07 15:11:15.348root 11241100x8000000000000000695934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55ede5ec6f2336e2023-02-07 15:11:15.348root 11241100x8000000000000000695938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a990a210f9099c2023-02-07 15:11:15.349root 11241100x8000000000000000695937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9851668dde4f1ff2023-02-07 15:11:15.349root 11241100x8000000000000000695940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034974c8724383dd2023-02-07 15:11:15.350root 11241100x8000000000000000695939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6782953b10a127c92023-02-07 15:11:15.350root 11241100x8000000000000000695941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bab1b0b5acc9faf2023-02-07 15:11:15.351root 11241100x8000000000000000695942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469e6ba384a5ec6b2023-02-07 15:11:15.352root 11241100x8000000000000000695943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66191c8c7078af42023-02-07 15:11:15.353root 11241100x8000000000000000695944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e471589f5d8e8f3b2023-02-07 15:11:15.354root 11241100x8000000000000000695946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5bc16c7b2792e92023-02-07 15:11:15.355root 11241100x8000000000000000695945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b285ba87fb34e42023-02-07 15:11:15.355root 11241100x8000000000000000695947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.356{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412198a24b1541622023-02-07 15:11:15.356root 11241100x8000000000000000695951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea567a40e163d82023-02-07 15:11:15.357root 11241100x8000000000000000695950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd73b795b02420972023-02-07 15:11:15.357root 11241100x8000000000000000695949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8212a5cd6fbb51b2023-02-07 15:11:15.357root 11241100x8000000000000000695948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.357{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd126bb4b7403c2023-02-07 15:11:15.357root 11241100x8000000000000000695953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84263a17821f2b212023-02-07 15:11:15.358root 11241100x8000000000000000695952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1fa69346dc10c22023-02-07 15:11:15.358root 11241100x8000000000000000695954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.359{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f69e522e5f73a82023-02-07 15:11:15.359root 11241100x8000000000000000695958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64c42b05008e91d2023-02-07 15:11:15.846root 11241100x8000000000000000695957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b3f33d3eb4d7b72023-02-07 15:11:15.846root 11241100x8000000000000000695956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222416912de4c82e2023-02-07 15:11:15.846root 11241100x8000000000000000695955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcfa9ae8d6e89cd2023-02-07 15:11:15.846root 11241100x8000000000000000695969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aef9cdba2387f72023-02-07 15:11:15.847root 11241100x8000000000000000695968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de3a95617aab56a2023-02-07 15:11:15.847root 11241100x8000000000000000695967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cf1bdc9abb407a2023-02-07 15:11:15.847root 11241100x8000000000000000695966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33469d672d9bfe82023-02-07 15:11:15.847root 11241100x8000000000000000695965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a6b49d485b51f2023-02-07 15:11:15.847root 11241100x8000000000000000695964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31463b83717663e22023-02-07 15:11:15.847root 11241100x8000000000000000695963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752f949b67a33d462023-02-07 15:11:15.847root 11241100x8000000000000000695962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42c8cd737ba39e92023-02-07 15:11:15.847root 11241100x8000000000000000695961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bea24722302aec42023-02-07 15:11:15.847root 11241100x8000000000000000695960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f53044a438f2412023-02-07 15:11:15.847root 11241100x8000000000000000695959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c300b787a79386a2023-02-07 15:11:15.847root 11241100x8000000000000000695979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534930e73db26b622023-02-07 15:11:15.848root 11241100x8000000000000000695978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a46945c58fd61f2023-02-07 15:11:15.848root 11241100x8000000000000000695977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d9a6cc1fb072722023-02-07 15:11:15.848root 11241100x8000000000000000695976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc294d071db2314d2023-02-07 15:11:15.848root 11241100x8000000000000000695975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a97e9264c54a89b2023-02-07 15:11:15.848root 11241100x8000000000000000695974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa016abbe1fa825c2023-02-07 15:11:15.848root 11241100x8000000000000000695973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86449c0118042d5f2023-02-07 15:11:15.848root 11241100x8000000000000000695972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c088ecabdf2a2bad2023-02-07 15:11:15.848root 11241100x8000000000000000695971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccd275fccea059a2023-02-07 15:11:15.848root 11241100x8000000000000000695970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483dd043c149e79c2023-02-07 15:11:15.848root 11241100x8000000000000000695985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34922b16d7f4ce82023-02-07 15:11:15.849root 11241100x8000000000000000695984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cbbc4e61a688c42023-02-07 15:11:15.849root 11241100x8000000000000000695983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3adbff3cde11782023-02-07 15:11:15.849root 11241100x8000000000000000695982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac715827e9ba97762023-02-07 15:11:15.849root 11241100x8000000000000000695981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821eef118181a0082023-02-07 15:11:15.849root 11241100x8000000000000000695980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158eed9dc8a7442a2023-02-07 15:11:15.849root 11241100x8000000000000000695988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c872b486f470c22023-02-07 15:11:16.346root 11241100x8000000000000000695987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0808eee39c524a2023-02-07 15:11:16.346root 11241100x8000000000000000695986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb44f46261e12c5a2023-02-07 15:11:16.346root 11241100x8000000000000000695997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e271402c5326c62023-02-07 15:11:16.347root 11241100x8000000000000000695996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a1d97d7236d812023-02-07 15:11:16.347root 11241100x8000000000000000695995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71589b191e623b232023-02-07 15:11:16.347root 11241100x8000000000000000695994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e4b70277e56e902023-02-07 15:11:16.347root 11241100x8000000000000000695993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d39bbb1d8e050f02023-02-07 15:11:16.347root 11241100x8000000000000000695992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906ab8a5932d72a2023-02-07 15:11:16.347root 11241100x8000000000000000695991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604f0abbf44c6aea2023-02-07 15:11:16.347root 11241100x8000000000000000695990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6b0a237c0617202023-02-07 15:11:16.347root 11241100x8000000000000000695989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ab5f1b4c5235a2023-02-07 15:11:16.347root 11241100x8000000000000000696003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9833fa87d70b74d2023-02-07 15:11:16.348root 11241100x8000000000000000696002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f882892b111c6132023-02-07 15:11:16.348root 11241100x8000000000000000696001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e69395937d981b02023-02-07 15:11:16.348root 11241100x8000000000000000696000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de31742f1ceab80e2023-02-07 15:11:16.348root 11241100x8000000000000000695999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1ae8b292ae3d3f2023-02-07 15:11:16.348root 11241100x8000000000000000695998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069bb40d2dc457592023-02-07 15:11:16.348root 11241100x8000000000000000696008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aff49593a2f52d2023-02-07 15:11:16.349root 11241100x8000000000000000696007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4133128460ca852023-02-07 15:11:16.349root 11241100x8000000000000000696006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403187a167315e4d2023-02-07 15:11:16.349root 11241100x8000000000000000696005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0dacbb0c3730ed2023-02-07 15:11:16.349root 11241100x8000000000000000696004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd08153db483725c2023-02-07 15:11:16.349root 11241100x8000000000000000696011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dbd34d68b7d22e2023-02-07 15:11:16.350root 11241100x8000000000000000696010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e86b8e9fe95faf82023-02-07 15:11:16.350root 11241100x8000000000000000696009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f0e33422a6a7022023-02-07 15:11:16.350root 11241100x8000000000000000696015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc98e9e52c70bc2023-02-07 15:11:16.351root 11241100x8000000000000000696014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec40d0e2718e42872023-02-07 15:11:16.351root 11241100x8000000000000000696013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805eeda6c42437582023-02-07 15:11:16.351root 11241100x8000000000000000696012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cf910483f74d592023-02-07 15:11:16.351root 11241100x8000000000000000696016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf73c03eff4e181e2023-02-07 15:11:16.352root 11241100x8000000000000000696019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901ddb4c9c0204852023-02-07 15:11:16.846root 11241100x8000000000000000696018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e5cb62f93cfef12023-02-07 15:11:16.846root 11241100x8000000000000000696017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1589d3ee6364271b2023-02-07 15:11:16.846root 11241100x8000000000000000696026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e2bf7ce218c0792023-02-07 15:11:16.847root 11241100x8000000000000000696025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbabead6cdd0a072023-02-07 15:11:16.847root 11241100x8000000000000000696024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c035a5d02b15e422023-02-07 15:11:16.847root 11241100x8000000000000000696023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8830e9986270bb0f2023-02-07 15:11:16.847root 11241100x8000000000000000696022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f8281b0e164e112023-02-07 15:11:16.847root 11241100x8000000000000000696021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c4cbff827ba5392023-02-07 15:11:16.847root 11241100x8000000000000000696020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d876349bc10e32023-02-07 15:11:16.847root 11241100x8000000000000000696041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c650149e5ff2d62023-02-07 15:11:16.848root 11241100x8000000000000000696040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab44be3861a4164f2023-02-07 15:11:16.848root 11241100x8000000000000000696039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b038ac15796ecb52023-02-07 15:11:16.848root 11241100x8000000000000000696038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b807709cc1d44a2023-02-07 15:11:16.848root 11241100x8000000000000000696037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8441f92eaac69f3f2023-02-07 15:11:16.848root 11241100x8000000000000000696036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5659c9c61f4d436d2023-02-07 15:11:16.848root 11241100x8000000000000000696035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c25ca18472356e2023-02-07 15:11:16.848root 11241100x8000000000000000696034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e8b2444f9155852023-02-07 15:11:16.848root 11241100x8000000000000000696033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f92f5b20cbe539f2023-02-07 15:11:16.848root 11241100x8000000000000000696032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d347bb7dc9fd962023-02-07 15:11:16.848root 11241100x8000000000000000696031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0237304e9abc4be2023-02-07 15:11:16.848root 11241100x8000000000000000696030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb263252fae6282023-02-07 15:11:16.848root 11241100x8000000000000000696029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086c3a8f608fbe2b2023-02-07 15:11:16.848root 11241100x8000000000000000696028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00a94ad55a5d6dd2023-02-07 15:11:16.848root 11241100x8000000000000000696027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55a9d5f423e47c2023-02-07 15:11:16.848root 11241100x8000000000000000696047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a858ded23852b0a2023-02-07 15:11:16.849root 11241100x8000000000000000696046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317ced3699dfa6ae2023-02-07 15:11:16.849root 11241100x8000000000000000696045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48926f572c57d0012023-02-07 15:11:16.849root 11241100x8000000000000000696044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5196b353028583c52023-02-07 15:11:16.849root 11241100x8000000000000000696043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95e42b42758a9ea2023-02-07 15:11:16.849root 11241100x8000000000000000696042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b238fab06208f022023-02-07 15:11:16.849root 11241100x8000000000000000696053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5dec74500fe1742023-02-07 15:11:17.346root 11241100x8000000000000000696052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9addb9766d1cf142023-02-07 15:11:17.346root 11241100x8000000000000000696051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbacdbbaed90c8a42023-02-07 15:11:17.346root 11241100x8000000000000000696050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757c5b3edf94eb62023-02-07 15:11:17.346root 11241100x8000000000000000696049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7963aa89a2265dea2023-02-07 15:11:17.346root 11241100x8000000000000000696048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b721137ef8d2532023-02-07 15:11:17.346root 11241100x8000000000000000696059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee912fde9071bcea2023-02-07 15:11:17.347root 11241100x8000000000000000696058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096c57e5a5abfba22023-02-07 15:11:17.347root 11241100x8000000000000000696057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06522585c083f1c52023-02-07 15:11:17.347root 11241100x8000000000000000696056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ead1545f8e9ac2023-02-07 15:11:17.347root 11241100x8000000000000000696055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9c8cce0bf4e8bd2023-02-07 15:11:17.347root 11241100x8000000000000000696054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37adcea53183f2f22023-02-07 15:11:17.347root 11241100x8000000000000000696069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15545a7727c4596b2023-02-07 15:11:17.349root 11241100x8000000000000000696068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7512b1ab80f5ed2023-02-07 15:11:17.349root 11241100x8000000000000000696067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d099a226f0484d22023-02-07 15:11:17.349root 11241100x8000000000000000696066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e953d7c3375c12a32023-02-07 15:11:17.349root 11241100x8000000000000000696065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79251809c5a81c0b2023-02-07 15:11:17.349root 11241100x8000000000000000696064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50729e724d07a5122023-02-07 15:11:17.349root 11241100x8000000000000000696063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b4b3a1cd845c4f2023-02-07 15:11:17.349root 11241100x8000000000000000696062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce57960079ce6bd2023-02-07 15:11:17.349root 11241100x8000000000000000696061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7ae3a4b02e4cbd2023-02-07 15:11:17.349root 11241100x8000000000000000696060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4f9b4e4430b4472023-02-07 15:11:17.349root 11241100x8000000000000000696070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54441adb99adf28d2023-02-07 15:11:17.350root 11241100x8000000000000000696078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06348fc2622ada8a2023-02-07 15:11:17.351root 11241100x8000000000000000696077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a07a85c6f76ddd62023-02-07 15:11:17.351root 11241100x8000000000000000696076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2649420da9df3f0b2023-02-07 15:11:17.351root 11241100x8000000000000000696075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47183ae2b21e40152023-02-07 15:11:17.351root 11241100x8000000000000000696074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f47dacd197c9ad2023-02-07 15:11:17.351root 11241100x8000000000000000696073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83aca3b80fff8a342023-02-07 15:11:17.351root 11241100x8000000000000000696072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f9a1da00748b22023-02-07 15:11:17.351root 11241100x8000000000000000696071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d8399072b4a6092023-02-07 15:11:17.351root 11241100x8000000000000000696082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d9449fff2dc422023-02-07 15:11:17.846root 11241100x8000000000000000696081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c344faf8153f60f22023-02-07 15:11:17.846root 11241100x8000000000000000696080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdb315be0b2494f2023-02-07 15:11:17.846root 11241100x8000000000000000696079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81361c728579438e2023-02-07 15:11:17.846root 11241100x8000000000000000696088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a027f00afa9890522023-02-07 15:11:17.847root 11241100x8000000000000000696087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e2c91c8dd0a8302023-02-07 15:11:17.847root 11241100x8000000000000000696086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c729589a712da22023-02-07 15:11:17.847root 11241100x8000000000000000696085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef95aab654c34d62023-02-07 15:11:17.847root 11241100x8000000000000000696084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0d4415550c0b2e2023-02-07 15:11:17.847root 11241100x8000000000000000696083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295cc43334b0fab2023-02-07 15:11:17.847root 11241100x8000000000000000696091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58917fc029fd43162023-02-07 15:11:17.848root 11241100x8000000000000000696090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a773f8060648526d2023-02-07 15:11:17.848root 11241100x8000000000000000696089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce899dfe8b1e0ba42023-02-07 15:11:17.848root 11241100x8000000000000000696093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441fc1b3a17e0e962023-02-07 15:11:17.849root 11241100x8000000000000000696092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2695c84ecd2cc0372023-02-07 15:11:17.849root 11241100x8000000000000000696096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ab07fdd46820182023-02-07 15:11:17.850root 11241100x8000000000000000696095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b935916f32a30fb52023-02-07 15:11:17.850root 11241100x8000000000000000696094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad403df4a50ac842023-02-07 15:11:17.850root 11241100x8000000000000000696104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a15344e04dda7e52023-02-07 15:11:17.851root 11241100x8000000000000000696103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6479e6869a5da0382023-02-07 15:11:17.851root 11241100x8000000000000000696102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd50aac7dbdb1412023-02-07 15:11:17.851root 11241100x8000000000000000696101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7af3f5fc430ebc2023-02-07 15:11:17.851root 11241100x8000000000000000696100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f825e9a5a8ff0ff52023-02-07 15:11:17.851root 11241100x8000000000000000696099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fc571820a8c7c12023-02-07 15:11:17.851root 11241100x8000000000000000696098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74ab28b6ae0c5a52023-02-07 15:11:17.851root 11241100x8000000000000000696097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe3ad2aeba7416a2023-02-07 15:11:17.851root 11241100x8000000000000000696106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e042bb26cd67cfb52023-02-07 15:11:17.852root 11241100x8000000000000000696105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1085a3c28a32f74b2023-02-07 15:11:17.852root 11241100x8000000000000000696107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539268db67b880b72023-02-07 15:11:17.853root 11241100x8000000000000000696109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2442a727aaa3592023-02-07 15:11:17.854root 11241100x8000000000000000696108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:17.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162ad3c9455b9bbf2023-02-07 15:11:17.854root 11241100x8000000000000000696115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9327cac3e69c8e92023-02-07 15:11:18.346root 11241100x8000000000000000696114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980113cd1fc5a1122023-02-07 15:11:18.346root 11241100x8000000000000000696113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162ce272a78fbbd42023-02-07 15:11:18.346root 11241100x8000000000000000696112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febb6ddcccd79eac2023-02-07 15:11:18.346root 11241100x8000000000000000696111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9076a09519eefd2023-02-07 15:11:18.346root 11241100x8000000000000000696110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b744f0fe4e535ba22023-02-07 15:11:18.346root 11241100x8000000000000000696130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54280b1bdde5238d2023-02-07 15:11:18.347root 11241100x8000000000000000696129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5137e4f4b7781d2023-02-07 15:11:18.347root 11241100x8000000000000000696128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d61c8589730b112023-02-07 15:11:18.347root 11241100x8000000000000000696127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2852266d01b7d56c2023-02-07 15:11:18.347root 11241100x8000000000000000696126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c7c6a3b91b3e9b2023-02-07 15:11:18.347root 11241100x8000000000000000696125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc40ca0a6a972ca2023-02-07 15:11:18.347root 11241100x8000000000000000696124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18167ef1abe6c21f2023-02-07 15:11:18.347root 11241100x8000000000000000696123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd347bbf63e01dc2023-02-07 15:11:18.347root 11241100x8000000000000000696122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faf7c22f9ca33c52023-02-07 15:11:18.347root 11241100x8000000000000000696121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bb49451cdf62e72023-02-07 15:11:18.347root 11241100x8000000000000000696120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c59cb1fb0d49a82023-02-07 15:11:18.347root 11241100x8000000000000000696119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee249c0d7e2e9fe2023-02-07 15:11:18.347root 11241100x8000000000000000696118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ed0ac5f7eefc1a2023-02-07 15:11:18.347root 11241100x8000000000000000696117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9d6e681596bb4a2023-02-07 15:11:18.347root 11241100x8000000000000000696116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dccdade5d90913f2023-02-07 15:11:18.347root 11241100x8000000000000000696140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76acd33e73b6b652023-02-07 15:11:18.348root 11241100x8000000000000000696139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59e443d1eb57a852023-02-07 15:11:18.348root 11241100x8000000000000000696138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c794709bac89260f2023-02-07 15:11:18.348root 11241100x8000000000000000696137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489bf4d3eb6eeb592023-02-07 15:11:18.348root 11241100x8000000000000000696136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7903b63ce93eab72023-02-07 15:11:18.348root 11241100x8000000000000000696135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2ae0f48cd32782023-02-07 15:11:18.348root 11241100x8000000000000000696134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c5f02ea7fde842023-02-07 15:11:18.348root 11241100x8000000000000000696133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70e7bfab6736bfb2023-02-07 15:11:18.348root 11241100x8000000000000000696132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1af612a2e9022a2023-02-07 15:11:18.348root 11241100x8000000000000000696131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f4336ec466d422023-02-07 15:11:18.348root 11241100x8000000000000000696147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc040679224c592023-02-07 15:11:18.846root 11241100x8000000000000000696146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4fde98bf322dd72023-02-07 15:11:18.846root 11241100x8000000000000000696145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9021cda01d04f442023-02-07 15:11:18.846root 11241100x8000000000000000696144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b6c55b4e441ae2023-02-07 15:11:18.846root 11241100x8000000000000000696143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff101d72303e0b32023-02-07 15:11:18.846root 11241100x8000000000000000696142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d71fda7cc94da402023-02-07 15:11:18.846root 11241100x8000000000000000696141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffe637a41e614d2023-02-07 15:11:18.846root 11241100x8000000000000000696161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3762eee0fa12bfcf2023-02-07 15:11:18.847root 11241100x8000000000000000696160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58210a5bb6771d8f2023-02-07 15:11:18.847root 11241100x8000000000000000696159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9758461cd1b5532023-02-07 15:11:18.847root 11241100x8000000000000000696158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb694ac1de2e53322023-02-07 15:11:18.847root 11241100x8000000000000000696157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c260922b373a1792023-02-07 15:11:18.847root 11241100x8000000000000000696156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532415ceb835418c2023-02-07 15:11:18.847root 11241100x8000000000000000696155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb5b885b00535ac2023-02-07 15:11:18.847root 11241100x8000000000000000696154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1d35bebe73a2fd2023-02-07 15:11:18.847root 11241100x8000000000000000696153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f04f34fff5dd5fb2023-02-07 15:11:18.847root 11241100x8000000000000000696152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec0423a13a7bd272023-02-07 15:11:18.847root 11241100x8000000000000000696151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e656adf98bc9a86e2023-02-07 15:11:18.847root 11241100x8000000000000000696150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa043062c1209002023-02-07 15:11:18.847root 11241100x8000000000000000696149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844f99faa27a941b2023-02-07 15:11:18.847root 11241100x8000000000000000696148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4aef0166b60da32023-02-07 15:11:18.847root 11241100x8000000000000000696171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6098d25aa71cb1d2023-02-07 15:11:18.848root 11241100x8000000000000000696170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f59ab8f8951e2f22023-02-07 15:11:18.848root 11241100x8000000000000000696169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee97c2239e0a6592023-02-07 15:11:18.848root 11241100x8000000000000000696168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d060336d2861142023-02-07 15:11:18.848root 11241100x8000000000000000696167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5f1c79935f4bdc2023-02-07 15:11:18.848root 11241100x8000000000000000696166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c692620c761ea2e92023-02-07 15:11:18.848root 11241100x8000000000000000696165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d031c9477cf7582023-02-07 15:11:18.848root 11241100x8000000000000000696164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e812cd4ad2b31b362023-02-07 15:11:18.848root 11241100x8000000000000000696163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b7bffbfcf89dc32023-02-07 15:11:18.848root 11241100x8000000000000000696162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e47264d841740a2023-02-07 15:11:18.848root 11241100x8000000000000000696180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842463abbe9dccfc2023-02-07 15:11:19.347root 11241100x8000000000000000696179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e209dc838f48396b2023-02-07 15:11:19.347root 11241100x8000000000000000696178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b967e26ebb0d5d2023-02-07 15:11:19.347root 11241100x8000000000000000696177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbf896c4039d0152023-02-07 15:11:19.347root 11241100x8000000000000000696176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5beda6ffa43d89a72023-02-07 15:11:19.347root 11241100x8000000000000000696175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb7f86e77c7ee32023-02-07 15:11:19.347root 11241100x8000000000000000696174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3118ef41155b5f2023-02-07 15:11:19.347root 11241100x8000000000000000696173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742e064d54ac7d4e2023-02-07 15:11:19.347root 11241100x8000000000000000696172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cb80e4b0794e462023-02-07 15:11:19.347root 11241100x8000000000000000696184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33d3359f964b7ea2023-02-07 15:11:19.348root 11241100x8000000000000000696183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8171ca771c50712d2023-02-07 15:11:19.348root 11241100x8000000000000000696182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba059a3c7d96c422023-02-07 15:11:19.348root 11241100x8000000000000000696181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ff4dd287105a792023-02-07 15:11:19.348root 11241100x8000000000000000696194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8da7738450d0c2023-02-07 15:11:19.349root 11241100x8000000000000000696193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cc31246fede6022023-02-07 15:11:19.349root 11241100x8000000000000000696192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a770c137dc68ad2023-02-07 15:11:19.349root 11241100x8000000000000000696191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd8cc571019ad5c2023-02-07 15:11:19.349root 11241100x8000000000000000696190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca2d317e719a20e2023-02-07 15:11:19.349root 11241100x8000000000000000696189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60f7706735b1d52023-02-07 15:11:19.349root 11241100x8000000000000000696188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc514732d9d7de7c2023-02-07 15:11:19.349root 11241100x8000000000000000696187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16ce576537072152023-02-07 15:11:19.349root 11241100x8000000000000000696186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7596816db242a22023-02-07 15:11:19.349root 11241100x8000000000000000696185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e46d00d7caa08d52023-02-07 15:11:19.349root 11241100x8000000000000000696202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e032a1eee790c622023-02-07 15:11:19.350root 11241100x8000000000000000696201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb9d764891c7e42023-02-07 15:11:19.350root 11241100x8000000000000000696200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c6525301ef01a02023-02-07 15:11:19.350root 11241100x8000000000000000696199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f500829136e7e02023-02-07 15:11:19.350root 11241100x8000000000000000696198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de856519161f11042023-02-07 15:11:19.350root 11241100x8000000000000000696197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fb155b9594ac5a2023-02-07 15:11:19.350root 11241100x8000000000000000696196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561149c1cd804dd82023-02-07 15:11:19.350root 11241100x8000000000000000696195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d21e82f377e0472023-02-07 15:11:19.350root 11241100x8000000000000000696207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02109cab8880f13b2023-02-07 15:11:19.846root 11241100x8000000000000000696206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aacd3636160df342023-02-07 15:11:19.846root 11241100x8000000000000000696205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e10b676a935f4c02023-02-07 15:11:19.846root 11241100x8000000000000000696204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7bfbfb0e34bae52023-02-07 15:11:19.846root 11241100x8000000000000000696203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa48616e7578bdf52023-02-07 15:11:19.846root 11241100x8000000000000000696212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da25d5d532db7562023-02-07 15:11:19.847root 11241100x8000000000000000696211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7a512f1c91ad1d2023-02-07 15:11:19.847root 11241100x8000000000000000696210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6426b3d9db5025a42023-02-07 15:11:19.847root 11241100x8000000000000000696209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5e7befc516bbc2023-02-07 15:11:19.847root 11241100x8000000000000000696208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0dcea8be8d5d332023-02-07 15:11:19.847root 11241100x8000000000000000696221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79bda5c2e09de342023-02-07 15:11:19.848root 11241100x8000000000000000696220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295c3a4ac730162a2023-02-07 15:11:19.848root 11241100x8000000000000000696219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49358d878030c0c2023-02-07 15:11:19.848root 11241100x8000000000000000696218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb1e85cbbda1f9e2023-02-07 15:11:19.848root 11241100x8000000000000000696217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b773d2bef38032023-02-07 15:11:19.848root 11241100x8000000000000000696216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd8f612f3f9c0e12023-02-07 15:11:19.848root 11241100x8000000000000000696215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20120d71a4a7122023-02-07 15:11:19.848root 11241100x8000000000000000696214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f28890fb95d9fa2023-02-07 15:11:19.848root 11241100x8000000000000000696213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8417f78a777eee12023-02-07 15:11:19.848root 11241100x8000000000000000696229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645713dcdb65553c2023-02-07 15:11:19.849root 11241100x8000000000000000696228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e85025e5d35622023-02-07 15:11:19.849root 11241100x8000000000000000696227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e12ae970381502023-02-07 15:11:19.849root 11241100x8000000000000000696226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f631915026aa3112023-02-07 15:11:19.849root 11241100x8000000000000000696225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323dfac6a9de4ba32023-02-07 15:11:19.849root 11241100x8000000000000000696224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77efb32b27f853112023-02-07 15:11:19.849root 11241100x8000000000000000696223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c953f2b4cb3dd4ef2023-02-07 15:11:19.849root 11241100x8000000000000000696222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72055311c1921222023-02-07 15:11:19.849root 11241100x8000000000000000696233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba643d1c9a28c2e2023-02-07 15:11:19.850root 11241100x8000000000000000696232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2243447f9b15da2023-02-07 15:11:19.850root 11241100x8000000000000000696231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ba317193ddfec92023-02-07 15:11:19.850root 11241100x8000000000000000696230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36242bb69880c02023-02-07 15:11:19.850root 354300x8000000000000000696234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.068{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46476-false10.0.1.12-8000- 11241100x8000000000000000696239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dceab060440f1052023-02-07 15:11:20.346root 11241100x8000000000000000696238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16edc2c23bfa7c582023-02-07 15:11:20.346root 11241100x8000000000000000696237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a9297e5aa6d89d2023-02-07 15:11:20.346root 11241100x8000000000000000696236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbeab710b703a2a2023-02-07 15:11:20.346root 11241100x8000000000000000696235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ab29c99117bb742023-02-07 15:11:20.346root 11241100x8000000000000000696246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b023a5ab9490fd2023-02-07 15:11:20.347root 11241100x8000000000000000696245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd11dcb4ab61eed92023-02-07 15:11:20.347root 11241100x8000000000000000696244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2052ffd52d4cc89b2023-02-07 15:11:20.347root 11241100x8000000000000000696243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c0a15f277835c52023-02-07 15:11:20.347root 11241100x8000000000000000696242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51264d7f4795a1f2023-02-07 15:11:20.347root 11241100x8000000000000000696241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f52c3b6c37e90912023-02-07 15:11:20.347root 11241100x8000000000000000696240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39612759853a3e352023-02-07 15:11:20.347root 11241100x8000000000000000696255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6736f49c42d6fa5c2023-02-07 15:11:20.348root 11241100x8000000000000000696254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d57920d3bef32322023-02-07 15:11:20.348root 11241100x8000000000000000696253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd128be100256f2023-02-07 15:11:20.348root 11241100x8000000000000000696252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63fdb4e40f8e99e2023-02-07 15:11:20.348root 11241100x8000000000000000696251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0684941892a3dfb82023-02-07 15:11:20.348root 11241100x8000000000000000696250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a4ba1de1b3ce832023-02-07 15:11:20.348root 11241100x8000000000000000696249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb01d86ad3782f2023-02-07 15:11:20.348root 11241100x8000000000000000696248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87831d667cf774f62023-02-07 15:11:20.348root 11241100x8000000000000000696247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ca2b2bab37c8a2023-02-07 15:11:20.348root 11241100x8000000000000000696257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545b9a788fe4256e2023-02-07 15:11:20.349root 11241100x8000000000000000696256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb38cd03cd602bf2023-02-07 15:11:20.349root 11241100x8000000000000000696266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f30be05619e034e2023-02-07 15:11:20.351root 11241100x8000000000000000696265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cd3ce86390973e2023-02-07 15:11:20.351root 11241100x8000000000000000696264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d2615ae6c72a02023-02-07 15:11:20.351root 11241100x8000000000000000696263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cc2f6e7b522ff22023-02-07 15:11:20.351root 11241100x8000000000000000696262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9d042a871ab70a2023-02-07 15:11:20.351root 11241100x8000000000000000696261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc7ba55c78441c62023-02-07 15:11:20.351root 11241100x8000000000000000696260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a12ad5214d424512023-02-07 15:11:20.351root 11241100x8000000000000000696259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2015f5566c9e90182023-02-07 15:11:20.351root 11241100x8000000000000000696258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298911d3e5c7374f2023-02-07 15:11:20.351root 11241100x8000000000000000696271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0997ce44c9f81ab2023-02-07 15:11:20.846root 11241100x8000000000000000696270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af2983baa6b107e2023-02-07 15:11:20.846root 11241100x8000000000000000696269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb452372ac362d172023-02-07 15:11:20.846root 11241100x8000000000000000696268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3a1e345a2490b42023-02-07 15:11:20.846root 11241100x8000000000000000696267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365878cd9c788dcc2023-02-07 15:11:20.846root 11241100x8000000000000000696275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e81d030d7b0a67f2023-02-07 15:11:20.849root 11241100x8000000000000000696274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca2c13b01ce5b962023-02-07 15:11:20.849root 11241100x8000000000000000696273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa77cbe53bf42a2023-02-07 15:11:20.849root 11241100x8000000000000000696272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ed05b4e6eae802023-02-07 15:11:20.849root 11241100x8000000000000000696283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c29d696b71268722023-02-07 15:11:20.850root 11241100x8000000000000000696282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613763953c0f91052023-02-07 15:11:20.850root 11241100x8000000000000000696281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df65b31f1eadc5b62023-02-07 15:11:20.850root 11241100x8000000000000000696280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3d226736aaf8722023-02-07 15:11:20.850root 11241100x8000000000000000696279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733b0692da13849d2023-02-07 15:11:20.850root 11241100x8000000000000000696278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3345d4887a248fd72023-02-07 15:11:20.850root 11241100x8000000000000000696277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6bf4d30edfb822023-02-07 15:11:20.850root 11241100x8000000000000000696276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc1b849c57325d32023-02-07 15:11:20.850root 11241100x8000000000000000696298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382e0e5579a2b4502023-02-07 15:11:20.851root 11241100x8000000000000000696297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f8b2fbbc6a22b72023-02-07 15:11:20.851root 11241100x8000000000000000696296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243fb1806e8d44d32023-02-07 15:11:20.851root 11241100x8000000000000000696295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c419542846e6b9372023-02-07 15:11:20.851root 11241100x8000000000000000696294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5c0833c3a76ae52023-02-07 15:11:20.851root 11241100x8000000000000000696293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057db7eb80e68ac2023-02-07 15:11:20.851root 11241100x8000000000000000696292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cd3d02860d3d672023-02-07 15:11:20.851root 11241100x8000000000000000696291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398a847a33350f322023-02-07 15:11:20.851root 11241100x8000000000000000696290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60351408db578642023-02-07 15:11:20.851root 11241100x8000000000000000696289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4870dac8544018d72023-02-07 15:11:20.851root 11241100x8000000000000000696288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7456470100ad96c2023-02-07 15:11:20.851root 11241100x8000000000000000696287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818d79dadf0723dd2023-02-07 15:11:20.851root 11241100x8000000000000000696286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d7282a0fd16872023-02-07 15:11:20.851root 11241100x8000000000000000696285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981c8ebba50f23ad2023-02-07 15:11:20.851root 11241100x8000000000000000696284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506341385fed63822023-02-07 15:11:20.851root 11241100x8000000000000000696303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb34ba05c01a7c2023-02-07 15:11:21.346root 11241100x8000000000000000696302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07343c38c17c3362023-02-07 15:11:21.346root 11241100x8000000000000000696301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cdbc380cf321f32023-02-07 15:11:21.346root 11241100x8000000000000000696300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541f7945f6d4e9b72023-02-07 15:11:21.346root 11241100x8000000000000000696299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eba25593f0855382023-02-07 15:11:21.346root 11241100x8000000000000000696311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47abe1c075a1a6262023-02-07 15:11:21.347root 11241100x8000000000000000696310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d93bc55d7d1d2442023-02-07 15:11:21.347root 11241100x8000000000000000696309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d280ce22b437c7c92023-02-07 15:11:21.347root 11241100x8000000000000000696308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5498a12d6e608b642023-02-07 15:11:21.347root 11241100x8000000000000000696307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4428b0189b98e642023-02-07 15:11:21.347root 11241100x8000000000000000696306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51f3394e24fe8122023-02-07 15:11:21.347root 11241100x8000000000000000696305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93d31d0cc1a5ba72023-02-07 15:11:21.347root 11241100x8000000000000000696304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b601e3479ade9122023-02-07 15:11:21.347root 11241100x8000000000000000696313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af170358e23596792023-02-07 15:11:21.348root 11241100x8000000000000000696312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bff2cd12a5b5b52023-02-07 15:11:21.348root 11241100x8000000000000000696317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9178bc309c8d586c2023-02-07 15:11:21.351root 11241100x8000000000000000696316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c9e0e9c069b71f2023-02-07 15:11:21.351root 11241100x8000000000000000696315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c72e8022454f32023-02-07 15:11:21.351root 11241100x8000000000000000696314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa5a735498e1a6c2023-02-07 15:11:21.351root 11241100x8000000000000000696326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0977252bd4eda34d2023-02-07 15:11:21.352root 11241100x8000000000000000696325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea21922890cd962023-02-07 15:11:21.352root 11241100x8000000000000000696324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036491c525c4b84a2023-02-07 15:11:21.352root 11241100x8000000000000000696323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3074d72a17635c62023-02-07 15:11:21.352root 11241100x8000000000000000696322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59572e882b4ff7da2023-02-07 15:11:21.352root 11241100x8000000000000000696321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea883cc9c1f55db42023-02-07 15:11:21.352root 11241100x8000000000000000696320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4a4d77cf7599992023-02-07 15:11:21.352root 11241100x8000000000000000696319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1963b5ff2868b5f2023-02-07 15:11:21.352root 11241100x8000000000000000696318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d859f71bb0256b32023-02-07 15:11:21.352root 11241100x8000000000000000696330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850724d6c62118c42023-02-07 15:11:21.353root 11241100x8000000000000000696329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226ebc2bf9d43ae42023-02-07 15:11:21.353root 11241100x8000000000000000696328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4815e46367a6aa992023-02-07 15:11:21.353root 11241100x8000000000000000696327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39fa5c61374f6682023-02-07 15:11:21.353root 11241100x8000000000000000696334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bbf176eadbac292023-02-07 15:11:21.846root 11241100x8000000000000000696333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5f830210f73fc22023-02-07 15:11:21.846root 11241100x8000000000000000696332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8609dc09cc0f472023-02-07 15:11:21.846root 11241100x8000000000000000696331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37cb86a5edd11e32023-02-07 15:11:21.846root 11241100x8000000000000000696342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd97119dc53c1ce2023-02-07 15:11:21.847root 11241100x8000000000000000696341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9427095c1877babb2023-02-07 15:11:21.847root 11241100x8000000000000000696340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba50176df9912c472023-02-07 15:11:21.847root 11241100x8000000000000000696339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcfb209dddd4a412023-02-07 15:11:21.847root 11241100x8000000000000000696338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537e0087fe244c432023-02-07 15:11:21.847root 11241100x8000000000000000696337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358f287ed071bc222023-02-07 15:11:21.847root 11241100x8000000000000000696336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0766367a9bdddf182023-02-07 15:11:21.847root 11241100x8000000000000000696335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bfe4520bc19a2d2023-02-07 15:11:21.847root 11241100x8000000000000000696347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1910bf05e2fe20102023-02-07 15:11:21.851root 11241100x8000000000000000696346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dc9d6d0138ee5b2023-02-07 15:11:21.851root 11241100x8000000000000000696345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab3c6bff73f214b2023-02-07 15:11:21.851root 11241100x8000000000000000696344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5595f8c2c231ef612023-02-07 15:11:21.851root 11241100x8000000000000000696343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7c3c292f03b782023-02-07 15:11:21.851root 11241100x8000000000000000696355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ce9e0ffbabe37c2023-02-07 15:11:21.852root 11241100x8000000000000000696354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935488cbfad606792023-02-07 15:11:21.852root 11241100x8000000000000000696353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3b4d5b8bf5ffb82023-02-07 15:11:21.852root 11241100x8000000000000000696352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d413bdcec224e7922023-02-07 15:11:21.852root 11241100x8000000000000000696351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d01c29b42ec757a2023-02-07 15:11:21.852root 11241100x8000000000000000696350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621e5014d400d59a2023-02-07 15:11:21.852root 11241100x8000000000000000696349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7d98bee0cd6392023-02-07 15:11:21.852root 11241100x8000000000000000696348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220b3b0a97c0961f2023-02-07 15:11:21.852root 11241100x8000000000000000696362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddccc042306de052023-02-07 15:11:21.853root 11241100x8000000000000000696361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9efee5753d1b21f2023-02-07 15:11:21.853root 11241100x8000000000000000696360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57f70278f05f2772023-02-07 15:11:21.853root 11241100x8000000000000000696359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2083027425034a12023-02-07 15:11:21.853root 11241100x8000000000000000696358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8bddf4d2e9b3752023-02-07 15:11:21.853root 11241100x8000000000000000696357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5f03f4e7e322252023-02-07 15:11:21.853root 11241100x8000000000000000696356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:21.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c796bbf6821a13f52023-02-07 15:11:21.853root 11241100x8000000000000000696365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a3e8af4bfd699f2023-02-07 15:11:22.346root 11241100x8000000000000000696364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4704c66b996b318d2023-02-07 15:11:22.346root 11241100x8000000000000000696363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48c7deddbff492a2023-02-07 15:11:22.346root 11241100x8000000000000000696374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0938b6ef6525a82f2023-02-07 15:11:22.347root 11241100x8000000000000000696373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1981a0db3ba8b1872023-02-07 15:11:22.347root 11241100x8000000000000000696372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f428a59f4beee12023-02-07 15:11:22.347root 11241100x8000000000000000696371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4ca6fab5fb95a82023-02-07 15:11:22.347root 11241100x8000000000000000696370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77a8b0d755fde42023-02-07 15:11:22.347root 11241100x8000000000000000696369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8812b6b961e18dc42023-02-07 15:11:22.347root 11241100x8000000000000000696368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a383b4344740c92023-02-07 15:11:22.347root 11241100x8000000000000000696367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab158f001cf5a6c2023-02-07 15:11:22.347root 11241100x8000000000000000696366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28666b1709de495b2023-02-07 15:11:22.347root 11241100x8000000000000000696378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10056fc731e6c8862023-02-07 15:11:22.348root 11241100x8000000000000000696377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ff3064f83b9c142023-02-07 15:11:22.348root 11241100x8000000000000000696376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964eb51f74e8efa2023-02-07 15:11:22.348root 11241100x8000000000000000696375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295681baf5454fb2023-02-07 15:11:22.348root 11241100x8000000000000000696380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71150ec5c5bb5c62023-02-07 15:11:22.349root 11241100x8000000000000000696379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c0292892da9612023-02-07 15:11:22.349root 11241100x8000000000000000696381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4a9405820948c2023-02-07 15:11:22.350root 11241100x8000000000000000696387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe076ff66e0780d2023-02-07 15:11:22.351root 11241100x8000000000000000696386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7609bd7078774b2023-02-07 15:11:22.351root 11241100x8000000000000000696385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ee5aaa2e0c31632023-02-07 15:11:22.351root 11241100x8000000000000000696384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4f317f6918b822023-02-07 15:11:22.351root 11241100x8000000000000000696383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d855ed0d8bcd822023-02-07 15:11:22.351root 11241100x8000000000000000696382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769608704813c9a22023-02-07 15:11:22.351root 11241100x8000000000000000696394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3ab03dc67a26fb2023-02-07 15:11:22.352root 11241100x8000000000000000696393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f3855f591c91fd2023-02-07 15:11:22.352root 11241100x8000000000000000696392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d200048be4d6d1282023-02-07 15:11:22.352root 11241100x8000000000000000696391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8cc0b79626c05d2023-02-07 15:11:22.352root 11241100x8000000000000000696390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb477c7fa8c7fc2b2023-02-07 15:11:22.352root 11241100x8000000000000000696389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004a60ede399d2632023-02-07 15:11:22.352root 11241100x8000000000000000696388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea94d3cdaed83d292023-02-07 15:11:22.352root 11241100x8000000000000000696401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f88116b069bb7d62023-02-07 15:11:22.845root 11241100x8000000000000000696400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09bf44fe51130d62023-02-07 15:11:22.845root 11241100x8000000000000000696399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bd1c44428401e92023-02-07 15:11:22.845root 11241100x8000000000000000696398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2e0fb55d589b862023-02-07 15:11:22.845root 11241100x8000000000000000696397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd56f1660198cbf2023-02-07 15:11:22.845root 11241100x8000000000000000696396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b3ac948960455d2023-02-07 15:11:22.845root 11241100x8000000000000000696395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1d7957ae0b01d62023-02-07 15:11:22.845root 11241100x8000000000000000696416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ac48080d3343e82023-02-07 15:11:22.846root 11241100x8000000000000000696415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00e21fea74dad32023-02-07 15:11:22.846root 11241100x8000000000000000696414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8726783eb81f0ede2023-02-07 15:11:22.846root 11241100x8000000000000000696413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87a3dcf82aebf4c2023-02-07 15:11:22.846root 11241100x8000000000000000696412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcffdc26531aad412023-02-07 15:11:22.846root 11241100x8000000000000000696411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8fa930cf52c8382023-02-07 15:11:22.846root 11241100x8000000000000000696410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff099f0861fa11d2023-02-07 15:11:22.846root 11241100x8000000000000000696409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6439644a4460cb8d2023-02-07 15:11:22.846root 11241100x8000000000000000696408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db59c22038d6ab12023-02-07 15:11:22.846root 11241100x8000000000000000696407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad255ca73179d7c2023-02-07 15:11:22.846root 11241100x8000000000000000696406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43019aac4e5e896f2023-02-07 15:11:22.846root 11241100x8000000000000000696405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c22b5692f4bbbe2023-02-07 15:11:22.846root 11241100x8000000000000000696404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cdaea8ad79d9ab2023-02-07 15:11:22.846root 11241100x8000000000000000696403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e7da226fd84eb52023-02-07 15:11:22.846root 11241100x8000000000000000696402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e826343baf014692023-02-07 15:11:22.846root 11241100x8000000000000000696424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecefa2dd06a42402023-02-07 15:11:22.847root 11241100x8000000000000000696423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222dc83e6ba598c42023-02-07 15:11:22.847root 11241100x8000000000000000696422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca7f1d9503155742023-02-07 15:11:22.847root 11241100x8000000000000000696421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749abbfdfd40de4d2023-02-07 15:11:22.847root 11241100x8000000000000000696420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b24a281d67a73d12023-02-07 15:11:22.847root 11241100x8000000000000000696419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e927a8ca3ae22d2023-02-07 15:11:22.847root 11241100x8000000000000000696418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ffbcfd0547de62023-02-07 15:11:22.847root 11241100x8000000000000000696417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e2e9456a5d1eb2023-02-07 15:11:22.847root 11241100x8000000000000000696426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbeb4e979c7a91b2023-02-07 15:11:22.848root 11241100x8000000000000000696425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58172415840b60022023-02-07 15:11:22.848root 534500x8000000000000000696427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:22.893{ec244aba-3071-63e2-c83a-8af647560000}483/lib/systemd/systemd-journaldroot 11241100x8000000000000000696431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2f0b6ccb2b6f6c2023-02-07 15:11:23.348root 11241100x8000000000000000696430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d104e470a0c31ff2023-02-07 15:11:23.348root 11241100x8000000000000000696429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a25ddd317ff99b2023-02-07 15:11:23.348root 11241100x8000000000000000696428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfdfa8fd1f543b02023-02-07 15:11:23.348root 11241100x8000000000000000696443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2930e46eb98f17c2023-02-07 15:11:23.349root 11241100x8000000000000000696442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e98e60fad2f6802023-02-07 15:11:23.349root 11241100x8000000000000000696441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e77db8135e509b2023-02-07 15:11:23.349root 11241100x8000000000000000696440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753a9017f59ee0452023-02-07 15:11:23.349root 11241100x8000000000000000696439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41ce75e7b4f09a72023-02-07 15:11:23.349root 11241100x8000000000000000696438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bc0eb088e9939b2023-02-07 15:11:23.349root 11241100x8000000000000000696437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710ff2aa730c439b2023-02-07 15:11:23.349root 11241100x8000000000000000696436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb1299a8571d47d2023-02-07 15:11:23.349root 11241100x8000000000000000696435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e19711e742a5a7e2023-02-07 15:11:23.349root 11241100x8000000000000000696434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a2551010982c9d2023-02-07 15:11:23.349root 11241100x8000000000000000696433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ffa9d5dc757bed2023-02-07 15:11:23.349root 11241100x8000000000000000696432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80a260d681b16152023-02-07 15:11:23.349root 11241100x8000000000000000696454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc93e3a2de041b72023-02-07 15:11:23.350root 11241100x8000000000000000696453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31638478634d23942023-02-07 15:11:23.350root 11241100x8000000000000000696452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a082edb827e29872023-02-07 15:11:23.350root 11241100x8000000000000000696451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d54187513794a2023-02-07 15:11:23.350root 11241100x8000000000000000696450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d7152fe339c8f2023-02-07 15:11:23.350root 11241100x8000000000000000696449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d854272e7d1b582023-02-07 15:11:23.350root 11241100x8000000000000000696448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b8494ab0e52072023-02-07 15:11:23.350root 11241100x8000000000000000696447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4ba03e7e9cf1c32023-02-07 15:11:23.350root 11241100x8000000000000000696446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134eae52d8abc2e2023-02-07 15:11:23.350root 11241100x8000000000000000696445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b93dc67a58d5b652023-02-07 15:11:23.350root 11241100x8000000000000000696444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b768345b49fc12023-02-07 15:11:23.350root 11241100x8000000000000000696460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060421f0698199de2023-02-07 15:11:23.351root 11241100x8000000000000000696459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1121ba2b43fbf72023-02-07 15:11:23.351root 11241100x8000000000000000696458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07981db49de538352023-02-07 15:11:23.351root 11241100x8000000000000000696457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9094d33a2311b7482023-02-07 15:11:23.351root 11241100x8000000000000000696456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb8af988aefacc62023-02-07 15:11:23.351root 11241100x8000000000000000696455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ebae255f12975f2023-02-07 15:11:23.351root 11241100x8000000000000000696461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28091624d0f022f2023-02-07 15:11:23.846root 11241100x8000000000000000696466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe23e2ad92fce92023-02-07 15:11:23.847root 11241100x8000000000000000696465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc25a4066c21f44b2023-02-07 15:11:23.847root 11241100x8000000000000000696464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486ee9bdaec853d32023-02-07 15:11:23.847root 11241100x8000000000000000696463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ed0821c72193172023-02-07 15:11:23.847root 11241100x8000000000000000696462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f91aacbc7ae412023-02-07 15:11:23.847root 11241100x8000000000000000696470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ddd25a67c7131e2023-02-07 15:11:23.848root 11241100x8000000000000000696469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712618049e2455f42023-02-07 15:11:23.848root 11241100x8000000000000000696468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb69719064c1e242023-02-07 15:11:23.848root 11241100x8000000000000000696467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7aaa42c082eefd2023-02-07 15:11:23.848root 11241100x8000000000000000696473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac14707ca06e3322023-02-07 15:11:23.849root 11241100x8000000000000000696472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0af30ce7beaa8392023-02-07 15:11:23.849root 11241100x8000000000000000696471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7e355bf148372f2023-02-07 15:11:23.849root 11241100x8000000000000000696475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcaf8eb4608641e2023-02-07 15:11:23.850root 11241100x8000000000000000696474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff608408642c03cd2023-02-07 15:11:23.850root 11241100x8000000000000000696476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ed8ae56bd700df2023-02-07 15:11:23.854root 11241100x8000000000000000696477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44a847bc67beb7e2023-02-07 15:11:23.855root 11241100x8000000000000000696478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819f3b3ef38cc23c2023-02-07 15:11:23.857root 11241100x8000000000000000696487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378cfb400e698f462023-02-07 15:11:23.858root 11241100x8000000000000000696486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0675a1a93df5a9d42023-02-07 15:11:23.858root 11241100x8000000000000000696485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8672039e250dc22023-02-07 15:11:23.858root 11241100x8000000000000000696484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc715200060471b2023-02-07 15:11:23.858root 11241100x8000000000000000696483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77c8a2203745d272023-02-07 15:11:23.858root 11241100x8000000000000000696482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12f9dee65e0b33f2023-02-07 15:11:23.858root 11241100x8000000000000000696481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ac02a9f265adf22023-02-07 15:11:23.858root 11241100x8000000000000000696480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8feff5c95949a8c12023-02-07 15:11:23.858root 11241100x8000000000000000696479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee026b9e559919602023-02-07 15:11:23.858root 11241100x8000000000000000696489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d24ec5722a52b2023-02-07 15:11:23.859root 11241100x8000000000000000696488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a2de5fda877ec2023-02-07 15:11:23.859root 11241100x8000000000000000696491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fe44200a37cce42023-02-07 15:11:23.860root 11241100x8000000000000000696490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044c55cce278b9052023-02-07 15:11:23.860root 11241100x8000000000000000696493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e2ea638289c1022023-02-07 15:11:23.861root 11241100x8000000000000000696492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:23.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe262e731bdac722023-02-07 15:11:23.861root 11241100x8000000000000000696498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf0b73dc597f1bc2023-02-07 15:11:24.346root 11241100x8000000000000000696497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5010424005c9512023-02-07 15:11:24.346root 11241100x8000000000000000696496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edbb6d52b3a09742023-02-07 15:11:24.346root 11241100x8000000000000000696495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6558766a298b6d2e2023-02-07 15:11:24.346root 11241100x8000000000000000696494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c9cfa6af7b1c12023-02-07 15:11:24.346root 11241100x8000000000000000696507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b361621f2a6c1e2023-02-07 15:11:24.347root 11241100x8000000000000000696506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f6f818833ab2a52023-02-07 15:11:24.347root 11241100x8000000000000000696505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b385e9632340672023-02-07 15:11:24.347root 11241100x8000000000000000696504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aae9d9a1aa17ff2023-02-07 15:11:24.347root 11241100x8000000000000000696503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7408ec19c5fbad2023-02-07 15:11:24.347root 11241100x8000000000000000696502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235b339627e563c2023-02-07 15:11:24.347root 11241100x8000000000000000696501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7296f92997c3825d2023-02-07 15:11:24.347root 11241100x8000000000000000696500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af612c144b8a61f52023-02-07 15:11:24.347root 11241100x8000000000000000696499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24e744fb5407002023-02-07 15:11:24.347root 11241100x8000000000000000696508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd22c9ec4780b392023-02-07 15:11:24.348root 11241100x8000000000000000696514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cef38d721318e62023-02-07 15:11:24.349root 11241100x8000000000000000696513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62c0a7d0a95a74f2023-02-07 15:11:24.349root 11241100x8000000000000000696512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5479b5d48bfabb72023-02-07 15:11:24.349root 11241100x8000000000000000696511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d33b5890892f662023-02-07 15:11:24.349root 11241100x8000000000000000696510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ca9b058f8bcad52023-02-07 15:11:24.349root 11241100x8000000000000000696509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066afbb5f1d188152023-02-07 15:11:24.349root 11241100x8000000000000000696526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9beaa78017239772023-02-07 15:11:24.350root 11241100x8000000000000000696525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cbdd4aabbd89172023-02-07 15:11:24.350root 11241100x8000000000000000696524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fb7397ba5ab2c22023-02-07 15:11:24.350root 11241100x8000000000000000696523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa614067268429ff2023-02-07 15:11:24.350root 11241100x8000000000000000696522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e63a4bd820ab22023-02-07 15:11:24.350root 11241100x8000000000000000696521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa05e5809870bb82023-02-07 15:11:24.350root 11241100x8000000000000000696520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6fb099a069a8bf2023-02-07 15:11:24.350root 11241100x8000000000000000696519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad229f2a995c51e2023-02-07 15:11:24.350root 11241100x8000000000000000696518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ac3eccaae6ba5d2023-02-07 15:11:24.350root 11241100x8000000000000000696517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3eaf4a668a969c2023-02-07 15:11:24.350root 11241100x8000000000000000696516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ada76e4b11567492023-02-07 15:11:24.350root 11241100x8000000000000000696515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba94ea103ac0fdc2023-02-07 15:11:24.350root 11241100x8000000000000000696527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.731{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:11:24.731root 11241100x8000000000000000696536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1dd79b639197122023-02-07 15:11:24.732root 11241100x8000000000000000696535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1530647b715e0ad2023-02-07 15:11:24.732root 11241100x8000000000000000696534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3045f07e323a7682023-02-07 15:11:24.732root 11241100x8000000000000000696533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9d2f758377096d2023-02-07 15:11:24.732root 11241100x8000000000000000696532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e410afc5df43f8b12023-02-07 15:11:24.732root 11241100x8000000000000000696531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffea8d6d474a4ab62023-02-07 15:11:24.732root 11241100x8000000000000000696530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0632d0a9613141322023-02-07 15:11:24.732root 11241100x8000000000000000696529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c7d58fa546cb522023-02-07 15:11:24.732root 11241100x8000000000000000696528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074c21e4cb16790b2023-02-07 15:11:24.732root 11241100x8000000000000000696547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f8e1669f3828132023-02-07 15:11:24.733root 11241100x8000000000000000696546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab77906bcb868f372023-02-07 15:11:24.733root 11241100x8000000000000000696545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a672c90f484ba4a42023-02-07 15:11:24.733root 11241100x8000000000000000696544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cfb28da6eb54d52023-02-07 15:11:24.733root 11241100x8000000000000000696543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed987c2a0e5c1e2023-02-07 15:11:24.733root 11241100x8000000000000000696542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fcf6f2832a67752023-02-07 15:11:24.733root 11241100x8000000000000000696541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abcb8c4e3cc977e2023-02-07 15:11:24.733root 11241100x8000000000000000696540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfcf98ef79e368c2023-02-07 15:11:24.733root 11241100x8000000000000000696539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24acb07ba4154652023-02-07 15:11:24.733root 11241100x8000000000000000696538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50329eb37482de4b2023-02-07 15:11:24.733root 11241100x8000000000000000696537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e185439948be3ada2023-02-07 15:11:24.733root 11241100x8000000000000000696557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7082da18cb02122023-02-07 15:11:24.734root 11241100x8000000000000000696556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cad564aa02e110f2023-02-07 15:11:24.734root 11241100x8000000000000000696555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f901b85ad74e16a62023-02-07 15:11:24.734root 11241100x8000000000000000696554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49493f3a15cc673e2023-02-07 15:11:24.734root 11241100x8000000000000000696553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab885c2b21d562c22023-02-07 15:11:24.734root 11241100x8000000000000000696552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a23b16695a5262023-02-07 15:11:24.734root 11241100x8000000000000000696551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce825c54b0bd98112023-02-07 15:11:24.734root 11241100x8000000000000000696550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725845bd642155392023-02-07 15:11:24.734root 11241100x8000000000000000696549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6cf9db36b1a4be2023-02-07 15:11:24.734root 11241100x8000000000000000696548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52e2bef5127e56b2023-02-07 15:11:24.734root 11241100x8000000000000000696567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39f3b597467de8b2023-02-07 15:11:24.735root 11241100x8000000000000000696566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92792b743f55d13b2023-02-07 15:11:24.735root 11241100x8000000000000000696565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aa701f95064ac32023-02-07 15:11:24.735root 11241100x8000000000000000696564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59ce6d7ebede24f2023-02-07 15:11:24.735root 11241100x8000000000000000696563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e959d4cf1e64892023-02-07 15:11:24.735root 11241100x8000000000000000696562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d998ea3344787a2023-02-07 15:11:24.735root 11241100x8000000000000000696561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f509e97ecdb8bb52023-02-07 15:11:24.735root 11241100x8000000000000000696560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f761e78bf99daca12023-02-07 15:11:24.735root 11241100x8000000000000000696559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc3e8c1b2eeb2b62023-02-07 15:11:24.735root 11241100x8000000000000000696558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beda3168fcc10ddc2023-02-07 15:11:24.735root 11241100x8000000000000000696576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94281b6b13f98f3d2023-02-07 15:11:24.736root 11241100x8000000000000000696575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c401ffb8cae59212023-02-07 15:11:24.736root 11241100x8000000000000000696574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bf90a9e5c9fd1b2023-02-07 15:11:24.736root 11241100x8000000000000000696573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909650defe265282023-02-07 15:11:24.736root 11241100x8000000000000000696572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37db3e1bbd126cea2023-02-07 15:11:24.736root 11241100x8000000000000000696571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299b56a48a1e88052023-02-07 15:11:24.736root 11241100x8000000000000000696570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1b0bc1dd7463612023-02-07 15:11:24.736root 11241100x8000000000000000696569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d65ea8695abd83a2023-02-07 15:11:24.736root 11241100x8000000000000000696568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf850b9382fc752023-02-07 15:11:24.736root 11241100x8000000000000000696578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882ac96f792b33212023-02-07 15:11:24.737root 11241100x8000000000000000696577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:24.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8525fd44a4a42ee92023-02-07 15:11:24.737root 11241100x8000000000000000696583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c964473e0a56c3182023-02-07 15:11:25.095root 11241100x8000000000000000696582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3532d425b8ba8ef22023-02-07 15:11:25.095root 11241100x8000000000000000696581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eea45c0bc2462422023-02-07 15:11:25.095root 11241100x8000000000000000696580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c0f2760c16a7022023-02-07 15:11:25.095root 11241100x8000000000000000696579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659289c0d9ab7262023-02-07 15:11:25.095root 11241100x8000000000000000696593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250f7961c5b89e382023-02-07 15:11:25.096root 11241100x8000000000000000696592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501feb0316d4d3222023-02-07 15:11:25.096root 11241100x8000000000000000696591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9306ce2255b7222023-02-07 15:11:25.096root 11241100x8000000000000000696590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3bb9618d395d612023-02-07 15:11:25.096root 11241100x8000000000000000696589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5000191d86499e2023-02-07 15:11:25.096root 11241100x8000000000000000696588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3011786407431e2023-02-07 15:11:25.096root 11241100x8000000000000000696587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb06465894f887572023-02-07 15:11:25.096root 11241100x8000000000000000696586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161974369714456f2023-02-07 15:11:25.096root 11241100x8000000000000000696585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e49dbfaa5af272023-02-07 15:11:25.096root 11241100x8000000000000000696584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639137a8c6a7bf82023-02-07 15:11:25.096root 11241100x8000000000000000696601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05752ce02f4f70922023-02-07 15:11:25.097root 11241100x8000000000000000696600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40e46176c1b7ad22023-02-07 15:11:25.097root 11241100x8000000000000000696599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b6a16687bc8e5b2023-02-07 15:11:25.097root 11241100x8000000000000000696598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c82b59906f8ac42023-02-07 15:11:25.097root 11241100x8000000000000000696597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5399f7a30a268bb22023-02-07 15:11:25.097root 11241100x8000000000000000696596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2749466bc115482023-02-07 15:11:25.097root 11241100x8000000000000000696595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde23370fcdbd5682023-02-07 15:11:25.097root 11241100x8000000000000000696594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2549648aac54dc2023-02-07 15:11:25.097root 11241100x8000000000000000696608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c25e8270e4000ab2023-02-07 15:11:25.098root 11241100x8000000000000000696607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a791ba730966b2023-02-07 15:11:25.098root 11241100x8000000000000000696606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f58ce20de3f058c2023-02-07 15:11:25.098root 11241100x8000000000000000696605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1cff3e10994e02023-02-07 15:11:25.098root 11241100x8000000000000000696604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac4f4eab516179e2023-02-07 15:11:25.098root 11241100x8000000000000000696603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565c8ec9fa78fbe62023-02-07 15:11:25.098root 11241100x8000000000000000696602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d69ae3fa3fd2e8e2023-02-07 15:11:25.098root 11241100x8000000000000000696610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984d6fd8852c6c902023-02-07 15:11:25.099root 11241100x8000000000000000696609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f64e6e299a9297b2023-02-07 15:11:25.099root 11241100x8000000000000000696616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce6eb71547b5f42023-02-07 15:11:25.100root 11241100x8000000000000000696615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037301cda0404ddf2023-02-07 15:11:25.100root 11241100x8000000000000000696614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708d6db292436762023-02-07 15:11:25.100root 11241100x8000000000000000696613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8790719088c4f382023-02-07 15:11:25.100root 11241100x8000000000000000696612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665d6060460d2ddb2023-02-07 15:11:25.100root 11241100x8000000000000000696611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450b2004341e265c2023-02-07 15:11:25.100root 11241100x8000000000000000696622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdee955f93e759a92023-02-07 15:11:25.101root 11241100x8000000000000000696621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2e96dcda2d173c2023-02-07 15:11:25.101root 11241100x8000000000000000696620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9344d9435cc0f7ed2023-02-07 15:11:25.101root 11241100x8000000000000000696619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097b64e46e384c32023-02-07 15:11:25.101root 11241100x8000000000000000696618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748e734c6853b6be2023-02-07 15:11:25.101root 11241100x8000000000000000696617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69477169a89050f92023-02-07 15:11:25.101root 11241100x8000000000000000696631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5f7370ae511af2023-02-07 15:11:25.102root 11241100x8000000000000000696630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fc2d253c285cb12023-02-07 15:11:25.102root 11241100x8000000000000000696629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c08aa4f5cea40cd2023-02-07 15:11:25.102root 11241100x8000000000000000696628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb435da02039f82023-02-07 15:11:25.102root 11241100x8000000000000000696627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cb6c27286bd9ef2023-02-07 15:11:25.102root 11241100x8000000000000000696626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf695ba63e4eea262023-02-07 15:11:25.102root 11241100x8000000000000000696625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5bded71dd0a0c92023-02-07 15:11:25.102root 11241100x8000000000000000696624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842d6f4399e1d072023-02-07 15:11:25.102root 11241100x8000000000000000696623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37114902a99f7efe2023-02-07 15:11:25.102root 354300x8000000000000000696632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.168{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40272-false10.0.1.12-8000- 11241100x8000000000000000696638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a493d056447ebe7a2023-02-07 15:11:25.595root 11241100x8000000000000000696637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4ccfea0329cdcf2023-02-07 15:11:25.595root 11241100x8000000000000000696636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcd55439063ffda2023-02-07 15:11:25.595root 11241100x8000000000000000696635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb40a19f0e6567782023-02-07 15:11:25.595root 11241100x8000000000000000696634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908495790c024b232023-02-07 15:11:25.595root 11241100x8000000000000000696633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e716da08f415ddd62023-02-07 15:11:25.595root 11241100x8000000000000000696655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f7cee93dd1468e2023-02-07 15:11:25.596root 11241100x8000000000000000696654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f218421cc492e52023-02-07 15:11:25.596root 11241100x8000000000000000696653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fedaa3238cac8a2023-02-07 15:11:25.596root 11241100x8000000000000000696652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb57c7a5a5425a92023-02-07 15:11:25.596root 11241100x8000000000000000696651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8797e51f0c564bad2023-02-07 15:11:25.596root 11241100x8000000000000000696650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cd05f9836ac9802023-02-07 15:11:25.596root 11241100x8000000000000000696649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275be0c33e126c4b2023-02-07 15:11:25.596root 11241100x8000000000000000696648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b6c961613ff4e22023-02-07 15:11:25.596root 11241100x8000000000000000696647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d77e644a1c7ba22023-02-07 15:11:25.596root 11241100x8000000000000000696646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434ec71d5f39052b2023-02-07 15:11:25.596root 11241100x8000000000000000696645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03ff49630b2217c2023-02-07 15:11:25.596root 11241100x8000000000000000696644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a33f3d600b561b62023-02-07 15:11:25.596root 11241100x8000000000000000696643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deb111f4d3b6b6a2023-02-07 15:11:25.596root 11241100x8000000000000000696642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeae95399d5894b12023-02-07 15:11:25.596root 11241100x8000000000000000696641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daea192ce8e7d0f2023-02-07 15:11:25.596root 11241100x8000000000000000696640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3950b372ac8d1a2023-02-07 15:11:25.596root 11241100x8000000000000000696639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23428065745e84d2023-02-07 15:11:25.596root 11241100x8000000000000000696667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e72d11daa5b8bc2023-02-07 15:11:25.597root 11241100x8000000000000000696666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb21579924207ed92023-02-07 15:11:25.597root 11241100x8000000000000000696665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cca8e1ce33dcc402023-02-07 15:11:25.597root 11241100x8000000000000000696664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ee3e219e8f69fb2023-02-07 15:11:25.597root 11241100x8000000000000000696663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c5e4cd5f545aaf2023-02-07 15:11:25.597root 11241100x8000000000000000696662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d33319355bfd092023-02-07 15:11:25.597root 11241100x8000000000000000696661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79474ed41c0e7d9c2023-02-07 15:11:25.597root 11241100x8000000000000000696660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb46bc6b28212a0a2023-02-07 15:11:25.597root 11241100x8000000000000000696659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869171a4499a37b62023-02-07 15:11:25.597root 11241100x8000000000000000696658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7fe31058cd02ae2023-02-07 15:11:25.597root 11241100x8000000000000000696657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5810ad7d8a2a6c72023-02-07 15:11:25.597root 11241100x8000000000000000696656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8855b03e6b6317c2023-02-07 15:11:25.597root 11241100x8000000000000000696669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f63695fa0396482023-02-07 15:11:26.095root 11241100x8000000000000000696668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5207385dadde1fba2023-02-07 15:11:26.095root 11241100x8000000000000000696679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b04f13b02e3ad4b2023-02-07 15:11:26.096root 11241100x8000000000000000696678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf37efcc4fc184412023-02-07 15:11:26.096root 11241100x8000000000000000696677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c203ab453e9229d32023-02-07 15:11:26.096root 11241100x8000000000000000696676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b35465f946c574a2023-02-07 15:11:26.096root 11241100x8000000000000000696675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e3e0a30ba6b8682023-02-07 15:11:26.096root 11241100x8000000000000000696674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a165eb245eb76e6c2023-02-07 15:11:26.096root 11241100x8000000000000000696673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f000dfb35545137e2023-02-07 15:11:26.096root 11241100x8000000000000000696672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ea404427d542572023-02-07 15:11:26.096root 11241100x8000000000000000696671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f243bde6c5ba832023-02-07 15:11:26.096root 11241100x8000000000000000696670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78f597a2f034442023-02-07 15:11:26.096root 11241100x8000000000000000696689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5f3b5222fc0fab2023-02-07 15:11:26.097root 11241100x8000000000000000696688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca08555be8e1a2f2023-02-07 15:11:26.097root 11241100x8000000000000000696687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b866d85af6f181712023-02-07 15:11:26.097root 11241100x8000000000000000696686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb4d2a380c1e16a2023-02-07 15:11:26.097root 11241100x8000000000000000696685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752e17d1ffdd0cb92023-02-07 15:11:26.097root 11241100x8000000000000000696684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c80cb16d8fda2f2023-02-07 15:11:26.097root 11241100x8000000000000000696683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14ad5e9295209ff2023-02-07 15:11:26.097root 11241100x8000000000000000696682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaaa461fb7dc57e2023-02-07 15:11:26.097root 11241100x8000000000000000696681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8247ac33981f0d2023-02-07 15:11:26.097root 11241100x8000000000000000696680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3b7257531718a92023-02-07 15:11:26.097root 11241100x8000000000000000696700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573ec377fd292d92023-02-07 15:11:26.098root 11241100x8000000000000000696699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299cab85cf84438b2023-02-07 15:11:26.098root 11241100x8000000000000000696698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f979248c9bf81ace2023-02-07 15:11:26.098root 11241100x8000000000000000696697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c6a16b097403622023-02-07 15:11:26.098root 11241100x8000000000000000696696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1be30b4740b3182023-02-07 15:11:26.098root 11241100x8000000000000000696695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a48bb13c2b4a122023-02-07 15:11:26.098root 11241100x8000000000000000696694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3608d596f1bbf492023-02-07 15:11:26.098root 11241100x8000000000000000696693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6786acfb77fe96172023-02-07 15:11:26.098root 11241100x8000000000000000696692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d06ee38641b03332023-02-07 15:11:26.098root 11241100x8000000000000000696691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca5eb332588dd402023-02-07 15:11:26.098root 11241100x8000000000000000696690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252b0c35986b6ce22023-02-07 15:11:26.098root 11241100x8000000000000000696706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e049e07065fcc352023-02-07 15:11:26.099root 11241100x8000000000000000696705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ce7361d0adc3472023-02-07 15:11:26.099root 11241100x8000000000000000696704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e7f670cefcc3222023-02-07 15:11:26.099root 11241100x8000000000000000696703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffac24dfc66114b2023-02-07 15:11:26.099root 11241100x8000000000000000696702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373a090be575a7942023-02-07 15:11:26.099root 11241100x8000000000000000696701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6604b3856cd7fce22023-02-07 15:11:26.099root 11241100x8000000000000000696711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b2f9cf84f44f7f2023-02-07 15:11:26.595root 11241100x8000000000000000696710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fdc983303b19872023-02-07 15:11:26.595root 11241100x8000000000000000696709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc1501253726cac2023-02-07 15:11:26.595root 11241100x8000000000000000696708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff7dfe9299700202023-02-07 15:11:26.595root 11241100x8000000000000000696707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cbc80a10fbe7c02023-02-07 15:11:26.595root 11241100x8000000000000000696728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6f596c105b36eb2023-02-07 15:11:26.596root 11241100x8000000000000000696727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a888d4d291f86802023-02-07 15:11:26.596root 11241100x8000000000000000696726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2745343e907e602023-02-07 15:11:26.596root 11241100x8000000000000000696725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc50ab2401c2b172023-02-07 15:11:26.596root 11241100x8000000000000000696724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cf8b3b475759702023-02-07 15:11:26.596root 11241100x8000000000000000696723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e76585221d44692023-02-07 15:11:26.596root 11241100x8000000000000000696722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49e613e2d79b0162023-02-07 15:11:26.596root 11241100x8000000000000000696721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cda5ccb14b83d122023-02-07 15:11:26.596root 11241100x8000000000000000696720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eccb0cdd9baa73d2023-02-07 15:11:26.596root 11241100x8000000000000000696719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc41e9bac3f280be2023-02-07 15:11:26.596root 11241100x8000000000000000696718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8203b6d60fcf2c962023-02-07 15:11:26.596root 11241100x8000000000000000696717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0ecb30ed0a61e62023-02-07 15:11:26.596root 11241100x8000000000000000696716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c490ffe43c0f3eab2023-02-07 15:11:26.596root 11241100x8000000000000000696715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206b3f350e6428e42023-02-07 15:11:26.596root 11241100x8000000000000000696714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a393594db85fd2a2023-02-07 15:11:26.596root 11241100x8000000000000000696713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3325e9eedca569a82023-02-07 15:11:26.596root 11241100x8000000000000000696712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021ef895e5451c762023-02-07 15:11:26.596root 11241100x8000000000000000696741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3c3a2db8d6c6142023-02-07 15:11:26.597root 11241100x8000000000000000696740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9268f034c07f23f2023-02-07 15:11:26.597root 11241100x8000000000000000696739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d7991381ea9c4a2023-02-07 15:11:26.597root 11241100x8000000000000000696738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7999e2b5825ee52023-02-07 15:11:26.597root 11241100x8000000000000000696737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f8d40402ee82842023-02-07 15:11:26.597root 11241100x8000000000000000696736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b71bbe7ae93242023-02-07 15:11:26.597root 11241100x8000000000000000696735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a844a55eb318fc2b2023-02-07 15:11:26.597root 11241100x8000000000000000696734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ed4da0ea0869ff2023-02-07 15:11:26.597root 11241100x8000000000000000696733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e4a3409da3b7382023-02-07 15:11:26.597root 11241100x8000000000000000696732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5216ddbde6b5082023-02-07 15:11:26.597root 11241100x8000000000000000696731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b74684102a91fac2023-02-07 15:11:26.597root 11241100x8000000000000000696730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b874bbf930c3c32023-02-07 15:11:26.597root 11241100x8000000000000000696729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdf1b7ef2677b502023-02-07 15:11:26.597root 11241100x8000000000000000696746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3665373f38a6ebc82023-02-07 15:11:27.095root 11241100x8000000000000000696745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d011d9e2325ad2892023-02-07 15:11:27.095root 11241100x8000000000000000696744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a377c595003dd5fd2023-02-07 15:11:27.095root 11241100x8000000000000000696743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9374ac561fea1a482023-02-07 15:11:27.095root 11241100x8000000000000000696742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada3c7baf644cb392023-02-07 15:11:27.095root 11241100x8000000000000000696752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c28f173fe436492023-02-07 15:11:27.096root 11241100x8000000000000000696751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629f0965eb78aa202023-02-07 15:11:27.096root 11241100x8000000000000000696750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafee576da898bcf2023-02-07 15:11:27.096root 11241100x8000000000000000696749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1055f7ec64b6551e2023-02-07 15:11:27.096root 11241100x8000000000000000696748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efb2b0b9270fb8f2023-02-07 15:11:27.096root 11241100x8000000000000000696747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030298d224cf30502023-02-07 15:11:27.096root 11241100x8000000000000000696759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9df64cff859f29a2023-02-07 15:11:27.097root 11241100x8000000000000000696758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a83a09a9c2fc2f2023-02-07 15:11:27.097root 11241100x8000000000000000696757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c2473e906ab4352023-02-07 15:11:27.097root 11241100x8000000000000000696756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e00d7fdfe3e2e12023-02-07 15:11:27.097root 11241100x8000000000000000696755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e32b8c0c01cf3a52023-02-07 15:11:27.097root 11241100x8000000000000000696754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d2eeec695ba0f2023-02-07 15:11:27.097root 11241100x8000000000000000696753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6118b9082b948a2023-02-07 15:11:27.097root 11241100x8000000000000000696763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4772042bd8373c72023-02-07 15:11:27.098root 11241100x8000000000000000696762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8602890fd99fef2023-02-07 15:11:27.098root 11241100x8000000000000000696761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51a46d7ee7ed8042023-02-07 15:11:27.098root 11241100x8000000000000000696760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b715df9efad505652023-02-07 15:11:27.098root 11241100x8000000000000000696768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c83c958773754a2023-02-07 15:11:27.099root 11241100x8000000000000000696767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10bb6224a1220bc2023-02-07 15:11:27.099root 11241100x8000000000000000696766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfcb748bffdd2302023-02-07 15:11:27.099root 11241100x8000000000000000696765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e559fe3ffcf31dd72023-02-07 15:11:27.099root 11241100x8000000000000000696764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276b076979e35f5f2023-02-07 15:11:27.099root 11241100x8000000000000000696772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104660849de690792023-02-07 15:11:27.100root 11241100x8000000000000000696771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bd91b8bbdef4c02023-02-07 15:11:27.100root 11241100x8000000000000000696770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc9df941c6d116c2023-02-07 15:11:27.100root 11241100x8000000000000000696769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81944bf0e2d3f2d92023-02-07 15:11:27.100root 11241100x8000000000000000696775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ae4f98466480812023-02-07 15:11:27.101root 11241100x8000000000000000696774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d233d97e66faca612023-02-07 15:11:27.101root 11241100x8000000000000000696773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f725121fb58fbe2023-02-07 15:11:27.101root 11241100x8000000000000000696778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dedfb4c0fd0f672023-02-07 15:11:27.104root 11241100x8000000000000000696777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33d82d79fde1292023-02-07 15:11:27.104root 11241100x8000000000000000696776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ca8b756cc40c732023-02-07 15:11:27.104root 11241100x8000000000000000696783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae23faa89961222a2023-02-07 15:11:27.105root 11241100x8000000000000000696782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7539dc10d29702522023-02-07 15:11:27.105root 11241100x8000000000000000696781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1598e0099427f05e2023-02-07 15:11:27.105root 11241100x8000000000000000696780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a710f3cad406212023-02-07 15:11:27.105root 11241100x8000000000000000696779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36272f2597713e322023-02-07 15:11:27.105root 11241100x8000000000000000696786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7d8200db1c1422023-02-07 15:11:27.106root 11241100x8000000000000000696785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b592892e6e4cb12023-02-07 15:11:27.106root 11241100x8000000000000000696784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9e7f21e64101d62023-02-07 15:11:27.106root 11241100x8000000000000000696789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad70fea7ac0e12d2023-02-07 15:11:27.595root 11241100x8000000000000000696788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9399c9ce74e7e2972023-02-07 15:11:27.595root 11241100x8000000000000000696787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b15d195f17157292023-02-07 15:11:27.595root 11241100x8000000000000000696793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f067f2a9569d1832023-02-07 15:11:27.596root 11241100x8000000000000000696792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a4e3fd6bed6a102023-02-07 15:11:27.596root 11241100x8000000000000000696791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9ac21caac262402023-02-07 15:11:27.596root 11241100x8000000000000000696790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e382231217a5cea2023-02-07 15:11:27.596root 11241100x8000000000000000696797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34874bf2d12894c62023-02-07 15:11:27.597root 11241100x8000000000000000696796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a80ea54fa168832023-02-07 15:11:27.597root 11241100x8000000000000000696795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f519c7225ad50d22023-02-07 15:11:27.597root 11241100x8000000000000000696794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fab9b859ab3e5a2023-02-07 15:11:27.597root 11241100x8000000000000000696802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fa29a9c331b3112023-02-07 15:11:27.598root 11241100x8000000000000000696801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d72202ac2d2e4642023-02-07 15:11:27.598root 11241100x8000000000000000696800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1f03f8db9ebc2b2023-02-07 15:11:27.598root 11241100x8000000000000000696799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e130ae58a1b59322023-02-07 15:11:27.598root 11241100x8000000000000000696798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b912cf25c4155bf2023-02-07 15:11:27.598root 11241100x8000000000000000696806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7997cc19d5f8c4fa2023-02-07 15:11:27.599root 11241100x8000000000000000696805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861ffec795921cab2023-02-07 15:11:27.599root 11241100x8000000000000000696804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9029f194f1cd812023-02-07 15:11:27.599root 11241100x8000000000000000696803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36f0d7a2e0c332f2023-02-07 15:11:27.599root 11241100x8000000000000000696813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e7f830525d89332023-02-07 15:11:27.600root 11241100x8000000000000000696812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03d0cf99c6adbd32023-02-07 15:11:27.600root 11241100x8000000000000000696811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1abf535af6340f2023-02-07 15:11:27.600root 11241100x8000000000000000696810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107b54ad727e19432023-02-07 15:11:27.600root 11241100x8000000000000000696809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe6c579a3fa43992023-02-07 15:11:27.600root 11241100x8000000000000000696808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7948fc3a8807c32023-02-07 15:11:27.600root 11241100x8000000000000000696807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b07e6a632790f42023-02-07 15:11:27.600root 11241100x8000000000000000696814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e784b0555dfad472023-02-07 15:11:27.603root 11241100x8000000000000000696818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6081337deb5a9be2023-02-07 15:11:27.604root 11241100x8000000000000000696817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b687a05b3bda4d2023-02-07 15:11:27.604root 11241100x8000000000000000696816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e15a61773fc7bb2023-02-07 15:11:27.604root 11241100x8000000000000000696815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd0be2da4ce05dd2023-02-07 15:11:27.604root 11241100x8000000000000000696824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ae12e89046768c2023-02-07 15:11:27.605root 11241100x8000000000000000696823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33f979f47457d362023-02-07 15:11:27.605root 11241100x8000000000000000696822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ea8178d6b022312023-02-07 15:11:27.605root 11241100x8000000000000000696821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a707609e3adf042023-02-07 15:11:27.605root 11241100x8000000000000000696820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f9774744f3ff682023-02-07 15:11:27.605root 11241100x8000000000000000696819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8113ab80a8c678b2023-02-07 15:11:27.605root 11241100x8000000000000000696828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec97ae2bc8e1bb852023-02-07 15:11:27.606root 11241100x8000000000000000696827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c60870412f7caa2023-02-07 15:11:27.606root 11241100x8000000000000000696826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d333a8a21e08b82023-02-07 15:11:27.606root 11241100x8000000000000000696825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.606{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41bf49ad43ea9762023-02-07 15:11:27.606root 23542300x8000000000000000696829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:27.732{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000696838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b932009c7a3971302023-02-07 15:11:28.097root 11241100x8000000000000000696837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cfc02fbf6094af2023-02-07 15:11:28.097root 11241100x8000000000000000696836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7377aebde64c912023-02-07 15:11:28.097root 11241100x8000000000000000696835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f1bec9e83af9ba2023-02-07 15:11:28.097root 11241100x8000000000000000696834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351c2cae662f97b32023-02-07 15:11:28.097root 11241100x8000000000000000696833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b371050bfa13505f2023-02-07 15:11:28.097root 11241100x8000000000000000696832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69d99ac093f79a82023-02-07 15:11:28.097root 11241100x8000000000000000696831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feec4289b44f72e02023-02-07 15:11:28.097root 11241100x8000000000000000696830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ef55242ca851152023-02-07 15:11:28.097root 11241100x8000000000000000696851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbfc5e77d8e4d222023-02-07 15:11:28.098root 11241100x8000000000000000696850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec05d14a6c8767662023-02-07 15:11:28.098root 11241100x8000000000000000696849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaac9d99836d702a2023-02-07 15:11:28.098root 11241100x8000000000000000696848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472339a784d53b122023-02-07 15:11:28.098root 11241100x8000000000000000696847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b16ae1322a7bcf32023-02-07 15:11:28.098root 11241100x8000000000000000696846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ff13e7889a354c2023-02-07 15:11:28.098root 11241100x8000000000000000696845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa4dfcc05b619242023-02-07 15:11:28.098root 11241100x8000000000000000696844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056be39300aa3d0e2023-02-07 15:11:28.098root 11241100x8000000000000000696843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8b9ad25f1282132023-02-07 15:11:28.098root 11241100x8000000000000000696842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3c5f76cab4b5782023-02-07 15:11:28.098root 11241100x8000000000000000696841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf722b5e81927b82023-02-07 15:11:28.098root 11241100x8000000000000000696840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30f03bd86cf4e152023-02-07 15:11:28.098root 11241100x8000000000000000696839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84350f227062f74a2023-02-07 15:11:28.098root 11241100x8000000000000000696865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec62351480377fe2023-02-07 15:11:28.099root 11241100x8000000000000000696864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943782ff241539ed2023-02-07 15:11:28.099root 11241100x8000000000000000696863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb82ff5f6fb98a82023-02-07 15:11:28.099root 11241100x8000000000000000696862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14cb2b775afa482023-02-07 15:11:28.099root 11241100x8000000000000000696861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bbade476fc00b62023-02-07 15:11:28.099root 11241100x8000000000000000696860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7753a7d3788677a22023-02-07 15:11:28.099root 11241100x8000000000000000696859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e427041221f2d59c2023-02-07 15:11:28.099root 11241100x8000000000000000696858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9094347776c3c932023-02-07 15:11:28.099root 11241100x8000000000000000696857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a782183a10cd282023-02-07 15:11:28.099root 11241100x8000000000000000696856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2a5f76a57354b2023-02-07 15:11:28.099root 11241100x8000000000000000696855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f0822a6697e1632023-02-07 15:11:28.099root 11241100x8000000000000000696854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff76ee8c1db9d32023-02-07 15:11:28.099root 11241100x8000000000000000696853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb6f2415a684ac62023-02-07 15:11:28.099root 11241100x8000000000000000696852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864938f40b4b72ea2023-02-07 15:11:28.099root 11241100x8000000000000000696867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebce756caa8287c72023-02-07 15:11:28.595root 11241100x8000000000000000696866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbb946e633950df2023-02-07 15:11:28.595root 11241100x8000000000000000696872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed172c58108a37b2023-02-07 15:11:28.596root 11241100x8000000000000000696871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af3ea5c8b52a4732023-02-07 15:11:28.596root 11241100x8000000000000000696870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e5874e2e908bc62023-02-07 15:11:28.596root 11241100x8000000000000000696869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049742715d9d98652023-02-07 15:11:28.596root 11241100x8000000000000000696868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e40206f0497bd22023-02-07 15:11:28.596root 11241100x8000000000000000696876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e074433868f852152023-02-07 15:11:28.597root 11241100x8000000000000000696875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aa7f551099a3ba2023-02-07 15:11:28.597root 11241100x8000000000000000696874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555eb409239755222023-02-07 15:11:28.597root 11241100x8000000000000000696873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1638a9378b2edb52023-02-07 15:11:28.597root 11241100x8000000000000000696880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447531b0528527d72023-02-07 15:11:28.598root 11241100x8000000000000000696879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3fa6709787329a2023-02-07 15:11:28.598root 11241100x8000000000000000696878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd09390ee76668d2023-02-07 15:11:28.598root 11241100x8000000000000000696877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d289a63ab39646252023-02-07 15:11:28.598root 11241100x8000000000000000696884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8c3b0cac4caf472023-02-07 15:11:28.599root 11241100x8000000000000000696883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a5eecd5fcc0e1f2023-02-07 15:11:28.599root 11241100x8000000000000000696882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7564a81c82a1a1322023-02-07 15:11:28.599root 11241100x8000000000000000696881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ff5f95a27cb5772023-02-07 15:11:28.599root 11241100x8000000000000000696888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636754f4a75142b52023-02-07 15:11:28.600root 11241100x8000000000000000696887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce519c2d2152682023-02-07 15:11:28.600root 11241100x8000000000000000696886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b0e083b62bee332023-02-07 15:11:28.600root 11241100x8000000000000000696885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377a19d08ffc3c552023-02-07 15:11:28.600root 11241100x8000000000000000696892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ada5a52673e89a2023-02-07 15:11:28.601root 11241100x8000000000000000696891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c36e05c9591d1a2023-02-07 15:11:28.601root 11241100x8000000000000000696890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8dc7e8c6410dfb2023-02-07 15:11:28.601root 11241100x8000000000000000696889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6059f722b60924c92023-02-07 15:11:28.601root 11241100x8000000000000000696898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c69cbaafa6d66912023-02-07 15:11:28.602root 11241100x8000000000000000696897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b770fa6d61663ab2023-02-07 15:11:28.602root 11241100x8000000000000000696896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee481ad3e43a89f2023-02-07 15:11:28.602root 11241100x8000000000000000696895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fb19af5126fa362023-02-07 15:11:28.602root 11241100x8000000000000000696894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3ebff20da4ff2e2023-02-07 15:11:28.602root 11241100x8000000000000000696893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250a98c7e7be51172023-02-07 15:11:28.602root 11241100x8000000000000000696906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470a11943e519efb2023-02-07 15:11:28.603root 11241100x8000000000000000696905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac60a69a79cfe4ba2023-02-07 15:11:28.603root 11241100x8000000000000000696904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59cfd852fb083de2023-02-07 15:11:28.603root 11241100x8000000000000000696903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba72e6ba938e74072023-02-07 15:11:28.603root 11241100x8000000000000000696902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f674c7ce201fd7712023-02-07 15:11:28.603root 11241100x8000000000000000696901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e7d626eea0e25f2023-02-07 15:11:28.603root 11241100x8000000000000000696900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe81ca9f58a424732023-02-07 15:11:28.603root 11241100x8000000000000000696899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5525c601dd2bd6872023-02-07 15:11:28.603root 11241100x8000000000000000696908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db43c7c97d8bea2023-02-07 15:11:29.095root 11241100x8000000000000000696907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce0d0adbeb56ec82023-02-07 15:11:29.095root 11241100x8000000000000000696913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337be0fe4a65d9802023-02-07 15:11:29.096root 11241100x8000000000000000696912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0f00283fb62ca72023-02-07 15:11:29.096root 11241100x8000000000000000696911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e70954b6742c07a2023-02-07 15:11:29.096root 11241100x8000000000000000696910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55578ef0f379e682023-02-07 15:11:29.096root 11241100x8000000000000000696909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf8e4cacac63b602023-02-07 15:11:29.096root 11241100x8000000000000000696918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986604e036e66472023-02-07 15:11:29.097root 11241100x8000000000000000696917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aaebdf19e801882023-02-07 15:11:29.097root 11241100x8000000000000000696916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b018e9f29a5548802023-02-07 15:11:29.097root 11241100x8000000000000000696915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5987b2ff0e1e8b2023-02-07 15:11:29.097root 11241100x8000000000000000696914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089c0d5cb86f5b122023-02-07 15:11:29.097root 11241100x8000000000000000696923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093384de1403dc592023-02-07 15:11:29.098root 11241100x8000000000000000696922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817d0fb8c61ca5b02023-02-07 15:11:29.098root 11241100x8000000000000000696921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24089b0916f8a2032023-02-07 15:11:29.098root 11241100x8000000000000000696920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6909217ce7808f52023-02-07 15:11:29.098root 11241100x8000000000000000696919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13f0a1256b781d52023-02-07 15:11:29.098root 11241100x8000000000000000696927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f530ed37ff98f6d2023-02-07 15:11:29.099root 11241100x8000000000000000696926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d613d3c40516842023-02-07 15:11:29.099root 11241100x8000000000000000696925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089fcb9ff4a5c782023-02-07 15:11:29.099root 11241100x8000000000000000696924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d78bb0d8196c9b2023-02-07 15:11:29.099root 11241100x8000000000000000696931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07d13360ce515a62023-02-07 15:11:29.100root 11241100x8000000000000000696930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c2e4ef05cdf2ce2023-02-07 15:11:29.100root 11241100x8000000000000000696929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89485bb0c50bfda02023-02-07 15:11:29.100root 11241100x8000000000000000696928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d67be2a7a9533e22023-02-07 15:11:29.100root 11241100x8000000000000000696936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9362fad9dec27c92023-02-07 15:11:29.101root 11241100x8000000000000000696935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8579a2e8112fde2023-02-07 15:11:29.101root 11241100x8000000000000000696934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd00bc134209dd782023-02-07 15:11:29.101root 11241100x8000000000000000696933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4d7f40ae2886f22023-02-07 15:11:29.101root 11241100x8000000000000000696932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd110edf14d48d32023-02-07 15:11:29.101root 11241100x8000000000000000696937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cde0e33c96e3a52023-02-07 15:11:29.102root 11241100x8000000000000000696940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa498d5589e34102023-02-07 15:11:29.103root 11241100x8000000000000000696939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437793b941f7dd192023-02-07 15:11:29.103root 11241100x8000000000000000696938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7223c0f88d17d42023-02-07 15:11:29.103root 11241100x8000000000000000696949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02577183cf3d4bfe2023-02-07 15:11:29.104root 11241100x8000000000000000696948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb41a919ae41bfd2023-02-07 15:11:29.104root 11241100x8000000000000000696947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06e2546614d7b3f2023-02-07 15:11:29.104root 11241100x8000000000000000696946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029b6177f46a7e662023-02-07 15:11:29.104root 11241100x8000000000000000696945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7470c780c286b49b2023-02-07 15:11:29.104root 11241100x8000000000000000696944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caa77d25fe5998a2023-02-07 15:11:29.104root 11241100x8000000000000000696943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47600814b716f42e2023-02-07 15:11:29.104root 11241100x8000000000000000696942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eccd70b994f68962023-02-07 15:11:29.104root 11241100x8000000000000000696941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841cf787a11e7a772023-02-07 15:11:29.104root 11241100x8000000000000000696951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e866457044de27452023-02-07 15:11:29.595root 11241100x8000000000000000696950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965086661f9a2a0e2023-02-07 15:11:29.595root 11241100x8000000000000000696956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a7b8d6b091a5492023-02-07 15:11:29.596root 11241100x8000000000000000696955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe0ae151dd39ce72023-02-07 15:11:29.596root 11241100x8000000000000000696954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181b21e7d4f852482023-02-07 15:11:29.596root 11241100x8000000000000000696953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b046d90e712fdb12023-02-07 15:11:29.596root 11241100x8000000000000000696952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d784a1353aba4412023-02-07 15:11:29.596root 11241100x8000000000000000696961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8e0ead09030e7c2023-02-07 15:11:29.597root 11241100x8000000000000000696960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8899d7058b2465ad2023-02-07 15:11:29.597root 11241100x8000000000000000696959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286c10fc4a59f59f2023-02-07 15:11:29.597root 11241100x8000000000000000696958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9335d4664f26ded2023-02-07 15:11:29.597root 11241100x8000000000000000696957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cade015dbacbb22023-02-07 15:11:29.597root 11241100x8000000000000000696969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dab5670fbe582c2023-02-07 15:11:29.598root 11241100x8000000000000000696968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4827f3e716a3ca12023-02-07 15:11:29.598root 11241100x8000000000000000696967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683ddad1fc77125e2023-02-07 15:11:29.598root 11241100x8000000000000000696966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d87d730d7d606ec2023-02-07 15:11:29.598root 11241100x8000000000000000696965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d77e48ea0e5d782023-02-07 15:11:29.598root 11241100x8000000000000000696964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e190d97d5d0510b2023-02-07 15:11:29.598root 11241100x8000000000000000696963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c221246c0c8ac2fb2023-02-07 15:11:29.598root 11241100x8000000000000000696962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464582788cc267e52023-02-07 15:11:29.598root 11241100x8000000000000000696974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf69091a1d0b0fa2023-02-07 15:11:29.599root 11241100x8000000000000000696973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adeb3a401e1424b2023-02-07 15:11:29.599root 11241100x8000000000000000696972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a36c01e7329e902023-02-07 15:11:29.599root 11241100x8000000000000000696971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f268cb9f012078562023-02-07 15:11:29.599root 11241100x8000000000000000696970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca925ae072f094212023-02-07 15:11:29.599root 11241100x8000000000000000696983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfb42447a5f08992023-02-07 15:11:29.600root 11241100x8000000000000000696982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29d31b2556c49a82023-02-07 15:11:29.600root 11241100x8000000000000000696981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88c24517e016efe2023-02-07 15:11:29.600root 11241100x8000000000000000696980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45d750e8da380662023-02-07 15:11:29.600root 11241100x8000000000000000696979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0b6638c56192ee2023-02-07 15:11:29.600root 11241100x8000000000000000696978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b955f4e7537ccf2023-02-07 15:11:29.600root 11241100x8000000000000000696977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45abb9ff2edb81272023-02-07 15:11:29.600root 11241100x8000000000000000696976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a3361a25f47a32023-02-07 15:11:29.600root 11241100x8000000000000000696975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3812d843b810582023-02-07 15:11:29.600root 11241100x8000000000000000696988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fd5bd015f6b12a2023-02-07 15:11:29.601root 11241100x8000000000000000696987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adf6eb13ea683582023-02-07 15:11:29.601root 11241100x8000000000000000696986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8c0417fbbe49422023-02-07 15:11:29.601root 11241100x8000000000000000696985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f62a6a06e8ce072023-02-07 15:11:29.601root 11241100x8000000000000000696984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440b0158fb2f091d2023-02-07 15:11:29.601root 11241100x8000000000000000696991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fc5e51ebc32c5d2023-02-07 15:11:29.602root 11241100x8000000000000000696990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2387f368d33d252023-02-07 15:11:29.602root 11241100x8000000000000000696989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2585b9cf2a9ac22023-02-07 15:11:29.602root 11241100x8000000000000000696993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89292f8396aac062023-02-07 15:11:30.095root 11241100x8000000000000000696992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ae283cf9f9dd752023-02-07 15:11:30.095root 11241100x8000000000000000696998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565a1ae77bbcd28e2023-02-07 15:11:30.096root 11241100x8000000000000000696997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4921eddd8065b2d2023-02-07 15:11:30.096root 11241100x8000000000000000696996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63e932f878bfd042023-02-07 15:11:30.096root 11241100x8000000000000000696995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040a9be19d89aa2f2023-02-07 15:11:30.096root 11241100x8000000000000000696994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d7361263a4e0c32023-02-07 15:11:30.096root 11241100x8000000000000000697005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba102ff4aa53a0dc2023-02-07 15:11:30.097root 11241100x8000000000000000697004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aac4a74e23864cf2023-02-07 15:11:30.097root 11241100x8000000000000000697003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4ef3e57ec923322023-02-07 15:11:30.097root 11241100x8000000000000000697002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2539f441e64de242023-02-07 15:11:30.097root 11241100x8000000000000000697001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9cfde8d5f27adf2023-02-07 15:11:30.097root 11241100x8000000000000000697000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6131c906ba7e022023-02-07 15:11:30.097root 11241100x8000000000000000696999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af82fd6a5938a74a2023-02-07 15:11:30.097root 11241100x8000000000000000697009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b6a051a9bd48342023-02-07 15:11:30.098root 11241100x8000000000000000697008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7006ebb18a0a68d2023-02-07 15:11:30.098root 11241100x8000000000000000697007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e0bcb753d620e2023-02-07 15:11:30.098root 11241100x8000000000000000697006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6637fb08c268b9582023-02-07 15:11:30.098root 11241100x8000000000000000697011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066441180b1e11692023-02-07 15:11:30.099root 11241100x8000000000000000697010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debd649f9c38426b2023-02-07 15:11:30.099root 11241100x8000000000000000697015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e687c7ad6e49e5e22023-02-07 15:11:30.100root 11241100x8000000000000000697014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b09b5bd3f5a420f2023-02-07 15:11:30.100root 11241100x8000000000000000697013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa545d849ba796802023-02-07 15:11:30.100root 11241100x8000000000000000697012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd03c428ac722b2023-02-07 15:11:30.100root 11241100x8000000000000000697021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc770ad425ae5cb22023-02-07 15:11:30.101root 11241100x8000000000000000697020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7455390b25399c2023-02-07 15:11:30.101root 11241100x8000000000000000697019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb6dcf099c46e582023-02-07 15:11:30.101root 11241100x8000000000000000697018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a04cd22fbc83fc72023-02-07 15:11:30.101root 11241100x8000000000000000697017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2358ff01eb6feaea2023-02-07 15:11:30.101root 11241100x8000000000000000697016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f2edf2c27b20142023-02-07 15:11:30.101root 11241100x8000000000000000697024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940d344a19f98542023-02-07 15:11:30.102root 11241100x8000000000000000697023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4f24721e3aeee62023-02-07 15:11:30.102root 11241100x8000000000000000697022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1bff74d4013ac02023-02-07 15:11:30.102root 11241100x8000000000000000697027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff84c985c1a309262023-02-07 15:11:30.103root 11241100x8000000000000000697026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cee27254d3ed6f72023-02-07 15:11:30.103root 11241100x8000000000000000697025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c8a6911e0c2f292023-02-07 15:11:30.103root 11241100x8000000000000000697031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1572f4bc76a6f622023-02-07 15:11:30.104root 11241100x8000000000000000697030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25976613f13f4ed72023-02-07 15:11:30.104root 11241100x8000000000000000697029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afba2a4bd7787c52023-02-07 15:11:30.104root 11241100x8000000000000000697028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71026dde140151c02023-02-07 15:11:30.104root 11241100x8000000000000000697032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b988343cb19bec952023-02-07 15:11:30.105root 11241100x8000000000000000697038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820462d2add44bbb2023-02-07 15:11:30.595root 11241100x8000000000000000697037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db57a56cfc06b3422023-02-07 15:11:30.595root 11241100x8000000000000000697036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b958c240bb9c99f72023-02-07 15:11:30.595root 11241100x8000000000000000697035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6183a330b7251b2023-02-07 15:11:30.595root 11241100x8000000000000000697034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eee75981c4d69312023-02-07 15:11:30.595root 11241100x8000000000000000697033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d2df9583eba9a12023-02-07 15:11:30.595root 11241100x8000000000000000697043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bbf737ea3f906b2023-02-07 15:11:30.596root 11241100x8000000000000000697042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c456b176db32f9522023-02-07 15:11:30.596root 11241100x8000000000000000697041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572e03a7032518362023-02-07 15:11:30.596root 11241100x8000000000000000697040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6fa32efa12ba682023-02-07 15:11:30.596root 11241100x8000000000000000697039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368efe020cbdc1762023-02-07 15:11:30.596root 11241100x8000000000000000697047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a581a4d825d390af2023-02-07 15:11:30.597root 11241100x8000000000000000697046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e0af5c8866d4c42023-02-07 15:11:30.597root 11241100x8000000000000000697045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaa4ec7008f3c132023-02-07 15:11:30.597root 11241100x8000000000000000697044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38400d46815668c12023-02-07 15:11:30.597root 11241100x8000000000000000697053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4366b47425c664f52023-02-07 15:11:30.598root 11241100x8000000000000000697052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3b33c544e70d5e2023-02-07 15:11:30.598root 11241100x8000000000000000697051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7444a869182d852023-02-07 15:11:30.598root 11241100x8000000000000000697050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf734af25433b9ac2023-02-07 15:11:30.598root 11241100x8000000000000000697049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fac983a2b1debae2023-02-07 15:11:30.598root 11241100x8000000000000000697048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a054008db8c2792023-02-07 15:11:30.598root 11241100x8000000000000000697062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a82ff8b3c0a94d2023-02-07 15:11:30.599root 11241100x8000000000000000697061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9800dc1a9a0a3f472023-02-07 15:11:30.599root 11241100x8000000000000000697060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1ce1b8aaec758c2023-02-07 15:11:30.599root 11241100x8000000000000000697059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c218e542971e0f2023-02-07 15:11:30.599root 11241100x8000000000000000697058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d292be209618f2023-02-07 15:11:30.599root 11241100x8000000000000000697057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56351f8c557fbac2023-02-07 15:11:30.599root 11241100x8000000000000000697056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5151354653c815a62023-02-07 15:11:30.599root 11241100x8000000000000000697055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c04dffae46ce3b92023-02-07 15:11:30.599root 11241100x8000000000000000697054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cc2aa31fa44e422023-02-07 15:11:30.599root 11241100x8000000000000000697067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34739f21d55d4e922023-02-07 15:11:30.600root 11241100x8000000000000000697066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22893f8159e34ba12023-02-07 15:11:30.600root 11241100x8000000000000000697065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa36c63350a0af182023-02-07 15:11:30.600root 11241100x8000000000000000697064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fee1b60cb051002023-02-07 15:11:30.600root 11241100x8000000000000000697063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b67df3109ca306c2023-02-07 15:11:30.600root 11241100x8000000000000000697075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6652dbeb094f342023-02-07 15:11:30.601root 11241100x8000000000000000697074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fa4a9e64a34f792023-02-07 15:11:30.601root 11241100x8000000000000000697073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7982d23a7941e932023-02-07 15:11:30.601root 11241100x8000000000000000697072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139849ce3dead1942023-02-07 15:11:30.601root 11241100x8000000000000000697071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ab4ab91c82c2732023-02-07 15:11:30.601root 11241100x8000000000000000697070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d8cadcce49e952023-02-07 15:11:30.601root 11241100x8000000000000000697069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468a2e367090a2202023-02-07 15:11:30.601root 11241100x8000000000000000697068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88803b5495e31d7f2023-02-07 15:11:30.601root 11241100x8000000000000000697080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b051da1985dfc432023-02-07 15:11:30.602root 11241100x8000000000000000697079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45abd7cba2dc09fe2023-02-07 15:11:30.602root 11241100x8000000000000000697078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9e8cff2934913d2023-02-07 15:11:30.602root 11241100x8000000000000000697077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ab4e5c3234a66a2023-02-07 15:11:30.602root 11241100x8000000000000000697076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:30.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ff6f09eddb9f642023-02-07 15:11:30.602root 11241100x8000000000000000697082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.020{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146dfab16c6851032023-02-07 15:11:31.020root 354300x8000000000000000697081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.020{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40282-false10.0.1.12-8000- 11241100x8000000000000000697090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed0a1d38ba10bad2023-02-07 15:11:31.021root 11241100x8000000000000000697089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aa92b261fc966b2023-02-07 15:11:31.021root 11241100x8000000000000000697088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d5e66e8a9ccedf2023-02-07 15:11:31.021root 11241100x8000000000000000697087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65b7eaad3170fb52023-02-07 15:11:31.021root 11241100x8000000000000000697086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c64187dfe76b982023-02-07 15:11:31.021root 11241100x8000000000000000697085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424faf1443d20b8e2023-02-07 15:11:31.021root 11241100x8000000000000000697084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2240bbea266fb232023-02-07 15:11:31.021root 11241100x8000000000000000697083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd346b3ebe4fcae32023-02-07 15:11:31.021root 11241100x8000000000000000697096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6313e96a08ef55a02023-02-07 15:11:31.022root 11241100x8000000000000000697095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439d8fd3bf77d8d42023-02-07 15:11:31.022root 11241100x8000000000000000697094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2553ae4d1eedc80e2023-02-07 15:11:31.022root 11241100x8000000000000000697093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2259468791f1a52023-02-07 15:11:31.022root 11241100x8000000000000000697092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893dadde8afe6f3a2023-02-07 15:11:31.022root 11241100x8000000000000000697091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf38467afafe2052023-02-07 15:11:31.022root 11241100x8000000000000000697103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84405fbd510e6112023-02-07 15:11:31.023root 11241100x8000000000000000697102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb62f44346ad4fef2023-02-07 15:11:31.023root 11241100x8000000000000000697101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb71d56ba593fc02023-02-07 15:11:31.023root 11241100x8000000000000000697100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7f78f8d065bb932023-02-07 15:11:31.023root 11241100x8000000000000000697099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc6c942657d8f0e2023-02-07 15:11:31.023root 11241100x8000000000000000697098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ffc8db017b78732023-02-07 15:11:31.023root 11241100x8000000000000000697097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9518aacd49b31e9d2023-02-07 15:11:31.023root 11241100x8000000000000000697110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dcd6ad64f06ecc2023-02-07 15:11:31.024root 11241100x8000000000000000697109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12532974a7d2fe072023-02-07 15:11:31.024root 11241100x8000000000000000697108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa904d37130636e2023-02-07 15:11:31.024root 11241100x8000000000000000697107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04738de54ce7d592023-02-07 15:11:31.024root 11241100x8000000000000000697106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d1408066c8dbf32023-02-07 15:11:31.024root 11241100x8000000000000000697105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9fcda9c606412c2023-02-07 15:11:31.024root 11241100x8000000000000000697104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac19f506db350b0a2023-02-07 15:11:31.024root 11241100x8000000000000000697122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cee954a1be058f32023-02-07 15:11:31.025root 11241100x8000000000000000697121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1839ec345f100442023-02-07 15:11:31.025root 11241100x8000000000000000697120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2a9b5fb144fc742023-02-07 15:11:31.025root 11241100x8000000000000000697119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c3263e3ccd4e442023-02-07 15:11:31.025root 11241100x8000000000000000697118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7683058545d744892023-02-07 15:11:31.025root 11241100x8000000000000000697117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0543b96a039092702023-02-07 15:11:31.025root 11241100x8000000000000000697116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf2ea1159c501852023-02-07 15:11:31.025root 11241100x8000000000000000697115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0bcdec93b1a4842023-02-07 15:11:31.025root 11241100x8000000000000000697114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae7b2f35ac1e9a2023-02-07 15:11:31.025root 11241100x8000000000000000697113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f222746fe9e1e12023-02-07 15:11:31.025root 11241100x8000000000000000697112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8715da2f03136fe12023-02-07 15:11:31.025root 11241100x8000000000000000697111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94abf2341662a2e72023-02-07 15:11:31.025root 11241100x8000000000000000697124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ef00b065268f0a2023-02-07 15:11:31.346root 11241100x8000000000000000697123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0250fb2e6c7faf2023-02-07 15:11:31.346root 11241100x8000000000000000697139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0087eecea037132023-02-07 15:11:31.347root 11241100x8000000000000000697138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df5b338dc6bd2a52023-02-07 15:11:31.347root 11241100x8000000000000000697137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439820a8a7a3879c2023-02-07 15:11:31.347root 11241100x8000000000000000697136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432019092a3d57072023-02-07 15:11:31.347root 11241100x8000000000000000697135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea558cc8a313c5422023-02-07 15:11:31.347root 11241100x8000000000000000697134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c0ee5c2a93289e2023-02-07 15:11:31.347root 11241100x8000000000000000697133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd8729db696b8e12023-02-07 15:11:31.347root 11241100x8000000000000000697132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6876525cdf60bb2023-02-07 15:11:31.347root 11241100x8000000000000000697131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91df84893b30d7e62023-02-07 15:11:31.347root 11241100x8000000000000000697130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03c10ff22da670f2023-02-07 15:11:31.347root 11241100x8000000000000000697129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e79f3dd08cf2c3e2023-02-07 15:11:31.347root 11241100x8000000000000000697128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbfa328a3ce431a2023-02-07 15:11:31.347root 11241100x8000000000000000697127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f936ca8aba38c352023-02-07 15:11:31.347root 11241100x8000000000000000697126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b9a5c2f2e9eb52023-02-07 15:11:31.347root 11241100x8000000000000000697125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b47442b83f11c52023-02-07 15:11:31.347root 11241100x8000000000000000697152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2177f575feb43f232023-02-07 15:11:31.348root 11241100x8000000000000000697151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fc89520281892b2023-02-07 15:11:31.348root 11241100x8000000000000000697150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06912315f424a5542023-02-07 15:11:31.348root 11241100x8000000000000000697149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6c7926dd89eac32023-02-07 15:11:31.348root 11241100x8000000000000000697148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3f216f51bae7022023-02-07 15:11:31.348root 11241100x8000000000000000697147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b75fc8b5327fb72023-02-07 15:11:31.348root 11241100x8000000000000000697146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee26d7ffe07e7ab2023-02-07 15:11:31.348root 11241100x8000000000000000697145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f8bbd11e7df54e2023-02-07 15:11:31.348root 11241100x8000000000000000697144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67976bff0bab7752023-02-07 15:11:31.348root 11241100x8000000000000000697143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f8af6e76cbc1d02023-02-07 15:11:31.348root 11241100x8000000000000000697142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914013cc600ccb472023-02-07 15:11:31.348root 11241100x8000000000000000697141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9645e57dd53b1fc82023-02-07 15:11:31.348root 11241100x8000000000000000697140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69340dea607fec62023-02-07 15:11:31.348root 11241100x8000000000000000697159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256453f06d5440402023-02-07 15:11:31.349root 11241100x8000000000000000697158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc59b0b8e5451712023-02-07 15:11:31.349root 11241100x8000000000000000697157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0cf13a00706bfe2023-02-07 15:11:31.349root 11241100x8000000000000000697156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadac478a43ac3692023-02-07 15:11:31.349root 11241100x8000000000000000697155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b1d176291f26b72023-02-07 15:11:31.349root 11241100x8000000000000000697154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eff540b0244e0d2023-02-07 15:11:31.349root 11241100x8000000000000000697153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dde616b867079332023-02-07 15:11:31.349root 11241100x8000000000000000697161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057d8d09bfe731cd2023-02-07 15:11:31.846root 11241100x8000000000000000697160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbea5c5004d67f92023-02-07 15:11:31.846root 11241100x8000000000000000697175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853c5e0749d08772023-02-07 15:11:31.847root 11241100x8000000000000000697174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d7f1b3b922bbed2023-02-07 15:11:31.847root 11241100x8000000000000000697173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fecac6508112be62023-02-07 15:11:31.847root 11241100x8000000000000000697172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d060bb1d7397998e2023-02-07 15:11:31.847root 11241100x8000000000000000697171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd993b8b755647382023-02-07 15:11:31.847root 11241100x8000000000000000697170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a485c53c28d780542023-02-07 15:11:31.847root 11241100x8000000000000000697169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9c6f463b04ed8c2023-02-07 15:11:31.847root 11241100x8000000000000000697168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866965afa3a561542023-02-07 15:11:31.847root 11241100x8000000000000000697167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e47cd1ee5954d22023-02-07 15:11:31.847root 11241100x8000000000000000697166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9d089ba40381762023-02-07 15:11:31.847root 11241100x8000000000000000697165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b7f52fcdd29b22023-02-07 15:11:31.847root 11241100x8000000000000000697164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fadfb280b9cded2023-02-07 15:11:31.847root 11241100x8000000000000000697163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eb49237f3056b82023-02-07 15:11:31.847root 11241100x8000000000000000697162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a007f924228924ae2023-02-07 15:11:31.847root 11241100x8000000000000000697183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0479d769716d25c82023-02-07 15:11:31.848root 11241100x8000000000000000697182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6418e91f0bf903e92023-02-07 15:11:31.848root 11241100x8000000000000000697181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd06a3269f59086d2023-02-07 15:11:31.848root 11241100x8000000000000000697180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c3c47771f4360a2023-02-07 15:11:31.848root 11241100x8000000000000000697179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d576b8114fa722023-02-07 15:11:31.848root 11241100x8000000000000000697178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063fc51a6c620c632023-02-07 15:11:31.848root 11241100x8000000000000000697177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ee92d75e53d282023-02-07 15:11:31.848root 11241100x8000000000000000697176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5496c06305bf30ea2023-02-07 15:11:31.848root 11241100x8000000000000000697191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5182f3a9238227082023-02-07 15:11:31.849root 11241100x8000000000000000697190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1459b4e459e2d32023-02-07 15:11:31.849root 11241100x8000000000000000697189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b5d981b38c556f2023-02-07 15:11:31.849root 11241100x8000000000000000697188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a28d1a3755ff9d2023-02-07 15:11:31.849root 11241100x8000000000000000697187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce91171810e597942023-02-07 15:11:31.849root 11241100x8000000000000000697186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc39f05a9f1d34082023-02-07 15:11:31.849root 11241100x8000000000000000697185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7ce80de812bcb02023-02-07 15:11:31.849root 11241100x8000000000000000697184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878dbb7b3a5c33602023-02-07 15:11:31.849root 11241100x8000000000000000697196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d54e89f59a03ed62023-02-07 15:11:31.850root 11241100x8000000000000000697195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaae7131762dcaf92023-02-07 15:11:31.850root 11241100x8000000000000000697194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db29c9eeffd1f6762023-02-07 15:11:31.850root 11241100x8000000000000000697193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535b69dc920e8f392023-02-07 15:11:31.850root 11241100x8000000000000000697192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0464c24e6b92aba12023-02-07 15:11:31.850root 11241100x8000000000000000697199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d9c1bafb155f462023-02-07 15:11:32.346root 11241100x8000000000000000697198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33849b3b157bbff22023-02-07 15:11:32.346root 11241100x8000000000000000697197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21034f841d53522f2023-02-07 15:11:32.346root 11241100x8000000000000000697205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3a76df5f428e6a2023-02-07 15:11:32.347root 11241100x8000000000000000697204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b34016785813882023-02-07 15:11:32.347root 11241100x8000000000000000697203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f919ebecb56df22023-02-07 15:11:32.347root 11241100x8000000000000000697202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2289a95ccd510d5e2023-02-07 15:11:32.347root 11241100x8000000000000000697201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67a44ff6b4faab02023-02-07 15:11:32.347root 11241100x8000000000000000697200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deb4c9fa17e8f832023-02-07 15:11:32.347root 11241100x8000000000000000697209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f832709e7762b42023-02-07 15:11:32.348root 11241100x8000000000000000697208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff33769078e10f72023-02-07 15:11:32.348root 11241100x8000000000000000697207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca76d175741465be2023-02-07 15:11:32.348root 11241100x8000000000000000697206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785b27720d69c5b82023-02-07 15:11:32.348root 11241100x8000000000000000697216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e3dee2db2ff6642023-02-07 15:11:32.349root 11241100x8000000000000000697215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ca9615505646152023-02-07 15:11:32.349root 11241100x8000000000000000697214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0a96b3e32391672023-02-07 15:11:32.349root 11241100x8000000000000000697213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a536dc2e1e5ad7d2023-02-07 15:11:32.349root 11241100x8000000000000000697212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09695876301dcaba2023-02-07 15:11:32.349root 11241100x8000000000000000697211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e692883b1539bae2023-02-07 15:11:32.349root 11241100x8000000000000000697210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3a1110b5f714b62023-02-07 15:11:32.349root 11241100x8000000000000000697217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be51ac225b6aa642023-02-07 15:11:32.350root 11241100x8000000000000000697224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f932cb3231e9712023-02-07 15:11:32.351root 11241100x8000000000000000697223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac48906ce2cd2a6d2023-02-07 15:11:32.351root 11241100x8000000000000000697222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce59a16d8ec297a2023-02-07 15:11:32.351root 11241100x8000000000000000697221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e64e62fb89a67e82023-02-07 15:11:32.351root 11241100x8000000000000000697220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7116c010eaf79cc2023-02-07 15:11:32.351root 11241100x8000000000000000697219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd533210f57e69b2023-02-07 15:11:32.351root 11241100x8000000000000000697218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7836a44adf0474582023-02-07 15:11:32.351root 11241100x8000000000000000697229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82c499a2a744eb92023-02-07 15:11:32.352root 11241100x8000000000000000697228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4137580f60c493a02023-02-07 15:11:32.352root 11241100x8000000000000000697227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b96b23b3cd3d82023-02-07 15:11:32.352root 11241100x8000000000000000697226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46c6c36f1ea581d2023-02-07 15:11:32.352root 11241100x8000000000000000697225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbb3d496492dc0b2023-02-07 15:11:32.352root 11241100x8000000000000000697231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e974ed92a290e902023-02-07 15:11:32.353root 11241100x8000000000000000697230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47022d91e3078bc2023-02-07 15:11:32.353root 11241100x8000000000000000697233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aec9924cd2c18ef2023-02-07 15:11:32.354root 11241100x8000000000000000697232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d093278e4d05bbe2023-02-07 15:11:32.354root 11241100x8000000000000000697235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ede4523569952b2023-02-07 15:11:32.846root 11241100x8000000000000000697234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c36846b5ec31c952023-02-07 15:11:32.846root 11241100x8000000000000000697248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca15cc5265c35502023-02-07 15:11:32.847root 11241100x8000000000000000697247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ca08403e387c932023-02-07 15:11:32.847root 11241100x8000000000000000697246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af14b3a78128a5102023-02-07 15:11:32.847root 11241100x8000000000000000697245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4956ff95d4b17c302023-02-07 15:11:32.847root 11241100x8000000000000000697244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34deb47f3f7ecb0b2023-02-07 15:11:32.847root 11241100x8000000000000000697243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffb96b931bb3bee2023-02-07 15:11:32.847root 11241100x8000000000000000697242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180267c14e1270ff2023-02-07 15:11:32.847root 11241100x8000000000000000697241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd003e8644a0475e2023-02-07 15:11:32.847root 11241100x8000000000000000697240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972a4245dd2660632023-02-07 15:11:32.847root 11241100x8000000000000000697239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c210599830f8759d2023-02-07 15:11:32.847root 11241100x8000000000000000697238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2ee16f5a6b5ad2023-02-07 15:11:32.847root 11241100x8000000000000000697237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c66d1e14ae6f2d2023-02-07 15:11:32.847root 11241100x8000000000000000697236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eb2c8e20656df52023-02-07 15:11:32.847root 11241100x8000000000000000697257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854f9062286052882023-02-07 15:11:32.848root 11241100x8000000000000000697256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f5f1ee07ecb6272023-02-07 15:11:32.848root 11241100x8000000000000000697255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59929aab585953932023-02-07 15:11:32.848root 11241100x8000000000000000697254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b717b3b780f9654b2023-02-07 15:11:32.848root 11241100x8000000000000000697253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88899f85ff62f0442023-02-07 15:11:32.848root 11241100x8000000000000000697252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03739f5551653f32023-02-07 15:11:32.848root 11241100x8000000000000000697251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98ae9bf5e3cfcdd2023-02-07 15:11:32.848root 11241100x8000000000000000697250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce683f4e91a16762023-02-07 15:11:32.848root 11241100x8000000000000000697249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e53fc8cf2563512023-02-07 15:11:32.848root 11241100x8000000000000000697265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a930856bcde32d812023-02-07 15:11:32.849root 11241100x8000000000000000697264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d175f1df952fdf2023-02-07 15:11:32.849root 11241100x8000000000000000697263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d7ee86e14424b42023-02-07 15:11:32.849root 11241100x8000000000000000697262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8caba3e80557b72023-02-07 15:11:32.849root 11241100x8000000000000000697261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbf6bfd432e9d892023-02-07 15:11:32.849root 11241100x8000000000000000697260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fd18f0d7d976bf2023-02-07 15:11:32.849root 11241100x8000000000000000697259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fde1bd6d9c1c4dc2023-02-07 15:11:32.849root 11241100x8000000000000000697258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27cecce0e6334912023-02-07 15:11:32.849root 11241100x8000000000000000697270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0059cb3acb5122023-02-07 15:11:32.850root 11241100x8000000000000000697269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ab4a5fba071a2c2023-02-07 15:11:32.850root 11241100x8000000000000000697268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163e447923ab4c1a2023-02-07 15:11:32.850root 11241100x8000000000000000697267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022cb33940261de2023-02-07 15:11:32.850root 11241100x8000000000000000697266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:32.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b05a43746f5bee2023-02-07 15:11:32.850root 11241100x8000000000000000697271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b15aae469abe1a22023-02-07 15:11:33.346root 11241100x8000000000000000697280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944126dc909a20a82023-02-07 15:11:33.347root 11241100x8000000000000000697279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8634d62e12e5b282023-02-07 15:11:33.347root 11241100x8000000000000000697278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f968aa18886d75b52023-02-07 15:11:33.347root 11241100x8000000000000000697277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9b28fb18edd3a42023-02-07 15:11:33.347root 11241100x8000000000000000697276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439d7a9eb8d30e942023-02-07 15:11:33.347root 11241100x8000000000000000697275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cc34c93f4636d62023-02-07 15:11:33.347root 11241100x8000000000000000697274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6881e16b6b36d3f82023-02-07 15:11:33.347root 11241100x8000000000000000697273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f6b9a1f7e4851d2023-02-07 15:11:33.347root 11241100x8000000000000000697272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e25d7834a3f21e2023-02-07 15:11:33.347root 11241100x8000000000000000697287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529b9d6b74b25f3c2023-02-07 15:11:33.348root 11241100x8000000000000000697286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6dfcfbeab3c21e2023-02-07 15:11:33.348root 11241100x8000000000000000697285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9533220b1c9504662023-02-07 15:11:33.348root 11241100x8000000000000000697284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c60ea20e8ac9902023-02-07 15:11:33.348root 11241100x8000000000000000697283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3023238e5b15d3c2023-02-07 15:11:33.348root 11241100x8000000000000000697282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3937ca9eb4b0012023-02-07 15:11:33.348root 11241100x8000000000000000697281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a70922f25ac6add2023-02-07 15:11:33.348root 11241100x8000000000000000697297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04102974014347492023-02-07 15:11:33.349root 11241100x8000000000000000697296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa301df950125c52023-02-07 15:11:33.349root 11241100x8000000000000000697295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4355133cbffc3b2023-02-07 15:11:33.349root 11241100x8000000000000000697294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf451411a46f1722023-02-07 15:11:33.349root 11241100x8000000000000000697293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33435bb74a2dd282023-02-07 15:11:33.349root 11241100x8000000000000000697292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c8b2e55103f3a72023-02-07 15:11:33.349root 11241100x8000000000000000697291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4690ffa7180392023-02-07 15:11:33.349root 11241100x8000000000000000697290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6c6f3773de12f62023-02-07 15:11:33.349root 11241100x8000000000000000697289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d5a7dfd4104d2d2023-02-07 15:11:33.349root 11241100x8000000000000000697288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae44bfdef78056d2023-02-07 15:11:33.349root 11241100x8000000000000000697307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782cb3be0354bec22023-02-07 15:11:33.350root 11241100x8000000000000000697306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60b8ec22cd77b32023-02-07 15:11:33.350root 11241100x8000000000000000697305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d652006fe5bcbfb52023-02-07 15:11:33.350root 11241100x8000000000000000697304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a18b65e7fb7bf982023-02-07 15:11:33.350root 11241100x8000000000000000697303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a686c3c5a779db2023-02-07 15:11:33.350root 11241100x8000000000000000697302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44befd394bd1ce3c2023-02-07 15:11:33.350root 11241100x8000000000000000697301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbfdc0e6eafa3ad2023-02-07 15:11:33.350root 11241100x8000000000000000697300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365d669422fc659b2023-02-07 15:11:33.350root 11241100x8000000000000000697299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec903e1e929820c2023-02-07 15:11:33.350root 11241100x8000000000000000697298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da85c6e03a1ba7c2023-02-07 15:11:33.350root 11241100x8000000000000000697309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a755c592512025e42023-02-07 15:11:33.846root 11241100x8000000000000000697308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa9cec5f8b3307b2023-02-07 15:11:33.846root 11241100x8000000000000000697320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b9e7f36a0867662023-02-07 15:11:33.847root 11241100x8000000000000000697319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ece36e1a19b1af02023-02-07 15:11:33.847root 11241100x8000000000000000697318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f1970aaa0669112023-02-07 15:11:33.847root 11241100x8000000000000000697317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d88428562049e2a2023-02-07 15:11:33.847root 11241100x8000000000000000697316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c31e48a2439e8a2023-02-07 15:11:33.847root 11241100x8000000000000000697315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15febe643a9855ec2023-02-07 15:11:33.847root 11241100x8000000000000000697314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4f7c035fc680bf2023-02-07 15:11:33.847root 11241100x8000000000000000697313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34f5b76b6d5ddc2023-02-07 15:11:33.847root 11241100x8000000000000000697312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11971a5def676f362023-02-07 15:11:33.847root 11241100x8000000000000000697311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3044231f67e7d52023-02-07 15:11:33.847root 11241100x8000000000000000697310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0866060fbf11dec12023-02-07 15:11:33.847root 11241100x8000000000000000697327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18203085056bfb052023-02-07 15:11:33.848root 11241100x8000000000000000697326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585cee17cafd71262023-02-07 15:11:33.848root 11241100x8000000000000000697325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514e80082002311e2023-02-07 15:11:33.848root 11241100x8000000000000000697324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa10f47ea664f3482023-02-07 15:11:33.848root 11241100x8000000000000000697323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1e4a33cd46cdaa2023-02-07 15:11:33.848root 11241100x8000000000000000697322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7d7ea7ed0787792023-02-07 15:11:33.848root 11241100x8000000000000000697321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4549fe26ae40cf2023-02-07 15:11:33.848root 11241100x8000000000000000697330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1199b7c0d1c526292023-02-07 15:11:33.849root 11241100x8000000000000000697329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a46b5e1789313132023-02-07 15:11:33.849root 11241100x8000000000000000697328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5335e79956bb4af72023-02-07 15:11:33.849root 11241100x8000000000000000697334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb33ecb8b5f87c012023-02-07 15:11:33.850root 11241100x8000000000000000697333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c238ebc94c395f2023-02-07 15:11:33.850root 11241100x8000000000000000697332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3701ffdc4470c0432023-02-07 15:11:33.850root 11241100x8000000000000000697331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ab9528a05e08212023-02-07 15:11:33.850root 11241100x8000000000000000697340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a58191ea47aad972023-02-07 15:11:33.851root 11241100x8000000000000000697339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8fa5fde8af4db02023-02-07 15:11:33.851root 11241100x8000000000000000697338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0e230dadaa86382023-02-07 15:11:33.851root 11241100x8000000000000000697337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc6836d22056af2023-02-07 15:11:33.851root 11241100x8000000000000000697336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5617b482005803242023-02-07 15:11:33.851root 11241100x8000000000000000697335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f3e15f244d7adc2023-02-07 15:11:33.851root 11241100x8000000000000000697344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4822b320ca2889082023-02-07 15:11:33.852root 11241100x8000000000000000697343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2404bcb8a4594e72023-02-07 15:11:33.852root 11241100x8000000000000000697342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3c65b09c7b38a22023-02-07 15:11:33.852root 11241100x8000000000000000697341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:33.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230a40ff3090023a2023-02-07 15:11:33.852root 11241100x8000000000000000697345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434c598f128a3ffb2023-02-07 15:11:34.346root 11241100x8000000000000000697354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baf0f4c61ae78ef2023-02-07 15:11:34.347root 11241100x8000000000000000697353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2869f0970d87b7882023-02-07 15:11:34.347root 11241100x8000000000000000697352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e8feba421d25af2023-02-07 15:11:34.347root 11241100x8000000000000000697351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3574dfb1d4081e292023-02-07 15:11:34.347root 11241100x8000000000000000697350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de493fdcdd302cb52023-02-07 15:11:34.347root 11241100x8000000000000000697349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81671345fea18542023-02-07 15:11:34.347root 11241100x8000000000000000697348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a56958667ac870e2023-02-07 15:11:34.347root 11241100x8000000000000000697347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e805acb3cbc822d2023-02-07 15:11:34.347root 11241100x8000000000000000697346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372c77213465721e2023-02-07 15:11:34.347root 11241100x8000000000000000697362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e483bfb6e0899ed2023-02-07 15:11:34.348root 11241100x8000000000000000697361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b66a66e633efb42023-02-07 15:11:34.348root 11241100x8000000000000000697360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c99f63b9031d942023-02-07 15:11:34.348root 11241100x8000000000000000697359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854168f19a139e6d2023-02-07 15:11:34.348root 11241100x8000000000000000697358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45ac0a671fc277c2023-02-07 15:11:34.348root 11241100x8000000000000000697357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc3a14f14ab59af2023-02-07 15:11:34.348root 11241100x8000000000000000697356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6164bd8e3aad1872023-02-07 15:11:34.348root 11241100x8000000000000000697355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7154f84ee8f2a4a2023-02-07 15:11:34.348root 11241100x8000000000000000697367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bb917dd863eedc2023-02-07 15:11:34.349root 11241100x8000000000000000697366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53518bbce76981e32023-02-07 15:11:34.349root 11241100x8000000000000000697365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efb6157919787c82023-02-07 15:11:34.349root 11241100x8000000000000000697364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4e98956af56a4d2023-02-07 15:11:34.349root 11241100x8000000000000000697363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af2052e08bf9dd2023-02-07 15:11:34.349root 11241100x8000000000000000697373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1090e6471d70ba2023-02-07 15:11:34.350root 11241100x8000000000000000697372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8abc9e04640fb62023-02-07 15:11:34.350root 11241100x8000000000000000697371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65515ca7ba2975b2023-02-07 15:11:34.350root 11241100x8000000000000000697370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c039c87c527738682023-02-07 15:11:34.350root 11241100x8000000000000000697369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30937adf4bd9bab82023-02-07 15:11:34.350root 11241100x8000000000000000697368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6008ef17a7f0d32023-02-07 15:11:34.350root 11241100x8000000000000000697376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2856c9957d745142023-02-07 15:11:34.351root 11241100x8000000000000000697375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cef5898d23ef2dc2023-02-07 15:11:34.351root 11241100x8000000000000000697374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbbe8be134783ba2023-02-07 15:11:34.351root 11241100x8000000000000000697381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6078a0d8d681f1f92023-02-07 15:11:34.352root 11241100x8000000000000000697380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a74ec1cc5625582023-02-07 15:11:34.352root 11241100x8000000000000000697379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fd68ad4aed67472023-02-07 15:11:34.352root 11241100x8000000000000000697378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13a7f7b564e63712023-02-07 15:11:34.352root 11241100x8000000000000000697377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7438cbde3ba9b932023-02-07 15:11:34.352root 11241100x8000000000000000697382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e599cd4ae8ef62023-02-07 15:11:34.846root 11241100x8000000000000000697397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a5e12040ab6ec62023-02-07 15:11:34.847root 11241100x8000000000000000697396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53f42299822e7922023-02-07 15:11:34.847root 11241100x8000000000000000697395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522901e78e7eddc32023-02-07 15:11:34.847root 11241100x8000000000000000697394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b8b339d7eb2ca12023-02-07 15:11:34.847root 11241100x8000000000000000697393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d858ecc46364ed72023-02-07 15:11:34.847root 11241100x8000000000000000697392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56584561318326ac2023-02-07 15:11:34.847root 11241100x8000000000000000697391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802a6ddfbdc914052023-02-07 15:11:34.847root 11241100x8000000000000000697390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9529e2f7bb40092023-02-07 15:11:34.847root 11241100x8000000000000000697389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e264327a4367432023-02-07 15:11:34.847root 11241100x8000000000000000697388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959b23c7f99fcabd2023-02-07 15:11:34.847root 11241100x8000000000000000697387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74af5b3d939ac4c2023-02-07 15:11:34.847root 11241100x8000000000000000697386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aa811fd00e36d82023-02-07 15:11:34.847root 11241100x8000000000000000697385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e91a8306f217112023-02-07 15:11:34.847root 11241100x8000000000000000697384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b33c1e33a8f2972023-02-07 15:11:34.847root 11241100x8000000000000000697383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81081deec69c09b82023-02-07 15:11:34.847root 11241100x8000000000000000697405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1973f650346d7c5a2023-02-07 15:11:34.848root 11241100x8000000000000000697404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b40be50b89a81662023-02-07 15:11:34.848root 11241100x8000000000000000697403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba98604e109d0e32023-02-07 15:11:34.848root 11241100x8000000000000000697402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f26ceff3367f522023-02-07 15:11:34.848root 11241100x8000000000000000697401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b1813c6f40da442023-02-07 15:11:34.848root 11241100x8000000000000000697400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1873e197acbf152023-02-07 15:11:34.848root 11241100x8000000000000000697399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a04d19429338d52023-02-07 15:11:34.848root 11241100x8000000000000000697398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feb6b9a560135be2023-02-07 15:11:34.848root 11241100x8000000000000000697416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac5face13f382fd2023-02-07 15:11:34.849root 11241100x8000000000000000697415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198f7d4b8358577d2023-02-07 15:11:34.849root 11241100x8000000000000000697414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c3a53d9b996e802023-02-07 15:11:34.849root 11241100x8000000000000000697413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fba94d8dc0342b52023-02-07 15:11:34.849root 11241100x8000000000000000697412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4cfdb89e0c2772023-02-07 15:11:34.849root 11241100x8000000000000000697411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b109713584095782023-02-07 15:11:34.849root 11241100x8000000000000000697410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1d201210efd0fe2023-02-07 15:11:34.849root 11241100x8000000000000000697409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d15c2357b5765502023-02-07 15:11:34.849root 11241100x8000000000000000697408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad2ebb521d57e2b2023-02-07 15:11:34.849root 11241100x8000000000000000697407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeff83056678d2402023-02-07 15:11:34.849root 11241100x8000000000000000697406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053517a5fd6004ce2023-02-07 15:11:34.849root 11241100x8000000000000000697418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bfbdf7857a0f562023-02-07 15:11:34.850root 11241100x8000000000000000697417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529322e6f1e673a32023-02-07 15:11:34.850root 11241100x8000000000000000697420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91635b4bfcf44d892023-02-07 15:11:35.346root 11241100x8000000000000000697419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92d718da2566bc62023-02-07 15:11:35.346root 11241100x8000000000000000697423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d292483d8f8e85b2023-02-07 15:11:35.347root 11241100x8000000000000000697422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45980293ff88b6d42023-02-07 15:11:35.347root 11241100x8000000000000000697421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452eed7dee4304c62023-02-07 15:11:35.347root 354300x8000000000000000697462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:42.142{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56758-false10.0.1.12-8000- 11241100x8000000000000000697463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cb559da0d322cb2023-02-07 15:11:42.595root 11241100x8000000000000000697464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6d8680c6ca6de12023-02-07 15:11:43.095root 11241100x8000000000000000697465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f844366df78f5c52023-02-07 15:11:43.595root 11241100x8000000000000000697466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ca52a2ba3bb0622023-02-07 15:11:44.095root 11241100x8000000000000000697467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5814f53c6644a02023-02-07 15:11:44.595root 11241100x8000000000000000697468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6f1d56bd2f54a82023-02-07 15:11:45.095root 11241100x8000000000000000697469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147be8d03b017bae2023-02-07 15:11:45.595root 11241100x8000000000000000697470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520cec54d3564b5f2023-02-07 15:11:46.095root 11241100x8000000000000000697471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a60fde438de792023-02-07 15:11:46.595root 11241100x8000000000000000697472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5264871f7fdbd32023-02-07 15:11:47.095root 354300x8000000000000000697473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:47.158{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60386-false10.0.1.12-8000- 11241100x8000000000000000697475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eb55d98e26fe0f2023-02-07 15:11:47.595root 11241100x8000000000000000697474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034ca300d185fcfa2023-02-07 15:11:47.595root 11241100x8000000000000000697477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773a02d7cf23d55d2023-02-07 15:11:48.095root 11241100x8000000000000000697476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c313b87181570ec22023-02-07 15:11:48.095root 11241100x8000000000000000697479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22de27e2c46dbd2d2023-02-07 15:11:48.595root 11241100x8000000000000000697478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16454c4de47a2aab2023-02-07 15:11:48.595root 11241100x8000000000000000697481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91cba79cf2a4e862023-02-07 15:11:49.095root 11241100x8000000000000000697480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05923c18fb79b6372023-02-07 15:11:49.095root 11241100x8000000000000000697483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68214fd19adedf92023-02-07 15:11:49.595root 11241100x8000000000000000697482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebfd8045b8c20ce2023-02-07 15:11:49.595root 11241100x8000000000000000697485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be73a9eb9ad3bba62023-02-07 15:11:50.095root 11241100x8000000000000000697484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb3d8d21fd1feab2023-02-07 15:11:50.095root 154100x8000000000000000697486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.145{ec244aba-6a36-63e2-6884-c26779550000}6104/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000697487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.157{ec244aba-6a36-63e2-6884-c26779550000}6104/bin/psroot 11241100x8000000000000000697491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40c47244ca7a5242023-02-07 15:11:50.595root 11241100x8000000000000000697490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0385f4e9a2d117352023-02-07 15:11:50.595root 11241100x8000000000000000697489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500eb8ccb762a6862023-02-07 15:11:50.595root 11241100x8000000000000000697488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e530437eea463b4d2023-02-07 15:11:50.595root 11241100x8000000000000000697495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80bbe2d7bbea4782023-02-07 15:11:51.095root 11241100x8000000000000000697494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca45eb772d16bb12023-02-07 15:11:51.095root 11241100x8000000000000000697493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05f23e718242c4e2023-02-07 15:11:51.095root 11241100x8000000000000000697492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e980403b60ea842023-02-07 15:11:51.095root 11241100x8000000000000000697499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3793bad3fa27a8d42023-02-07 15:11:51.595root 11241100x8000000000000000697498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06058c74b2ee4b6b2023-02-07 15:11:51.595root 11241100x8000000000000000697497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421bc2118d6fd4f02023-02-07 15:11:51.595root 11241100x8000000000000000697496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6a70b9344cb72d2023-02-07 15:11:51.595root 11241100x8000000000000000697503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cb428a0ec59bec2023-02-07 15:11:52.095root 11241100x8000000000000000697502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ce54310d49692b2023-02-07 15:11:52.095root 11241100x8000000000000000697501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179130bae523524a2023-02-07 15:11:52.095root 11241100x8000000000000000697500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61786987300a96aa2023-02-07 15:11:52.095root 11241100x8000000000000000697507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e437ad976f1c2f2023-02-07 15:11:52.595root 11241100x8000000000000000697506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d990c9b11015a53b2023-02-07 15:11:52.595root 11241100x8000000000000000697505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c259929c2a7242023-02-07 15:11:52.595root 11241100x8000000000000000697504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492f8b3f10896f8e2023-02-07 15:11:52.595root 11241100x8000000000000000697511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffff6e9737018d22023-02-07 15:11:53.096root 11241100x8000000000000000697510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3a2b703f2884d92023-02-07 15:11:53.096root 11241100x8000000000000000697509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e090a127ddb8eb2023-02-07 15:11:53.096root 11241100x8000000000000000697508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfa28a5e35e5ef32023-02-07 15:11:53.096root 354300x8000000000000000697512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.098{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60402-false10.0.1.12-8000- 11241100x8000000000000000697517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e70b486091443502023-02-07 15:11:53.595root 11241100x8000000000000000697516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99be395a4221e70e2023-02-07 15:11:53.595root 11241100x8000000000000000697515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc3d7ef80f221ab2023-02-07 15:11:53.595root 11241100x8000000000000000697514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d21631def442e712023-02-07 15:11:53.595root 11241100x8000000000000000697513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62e5e1a6fdaa0482023-02-07 15:11:53.595root 11241100x8000000000000000697522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cb75050af44b0c2023-02-07 15:11:54.095root 11241100x8000000000000000697521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5151dfbc84e36bf2023-02-07 15:11:54.095root 11241100x8000000000000000697520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e104914c4740202023-02-07 15:11:54.095root 11241100x8000000000000000697519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73840ac49cd434fe2023-02-07 15:11:54.095root 11241100x8000000000000000697518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33528f79f75326022023-02-07 15:11:54.095root 11241100x8000000000000000697527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46552197058cb2a82023-02-07 15:11:54.595root 11241100x8000000000000000697526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d93274f9ad16432023-02-07 15:11:54.595root 11241100x8000000000000000697525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e986ebb3adcac5f02023-02-07 15:11:54.595root 11241100x8000000000000000697524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d1fe856bfe8f502023-02-07 15:11:54.595root 11241100x8000000000000000697523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3d1e07cf6f24fd2023-02-07 15:11:54.595root 11241100x8000000000000000697528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:54.730{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:11:54.730root 11241100x8000000000000000697534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f1f99f4943d6042023-02-07 15:11:55.095root 11241100x8000000000000000697533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cf1a53c5f1e5e42023-02-07 15:11:55.095root 11241100x8000000000000000697532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c75859bf40edac2023-02-07 15:11:55.095root 11241100x8000000000000000697531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c996182c67a86e2023-02-07 15:11:55.095root 11241100x8000000000000000697530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1491fc337db0d752023-02-07 15:11:55.095root 11241100x8000000000000000697529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36970634c5cebf852023-02-07 15:11:55.095root 11241100x8000000000000000697540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae65d14ac0d4623d2023-02-07 15:11:55.595root 11241100x8000000000000000697539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e65ea8ac32ca0122023-02-07 15:11:55.595root 11241100x8000000000000000697538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8e3eed050eeb6a2023-02-07 15:11:55.595root 11241100x8000000000000000697537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9743fbc078faac4c2023-02-07 15:11:55.595root 11241100x8000000000000000697536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec06264555b71e362023-02-07 15:11:55.595root 11241100x8000000000000000697535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd9a346d160dc4e2023-02-07 15:11:55.595root 11241100x8000000000000000697544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f960f4b766fc6aef2023-02-07 15:11:56.095root 11241100x8000000000000000697543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce395cd74c02217c2023-02-07 15:11:56.095root 11241100x8000000000000000697542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a12433de33e8f92023-02-07 15:11:56.095root 11241100x8000000000000000697541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fb09a08ab34f722023-02-07 15:11:56.095root 11241100x8000000000000000697546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105eac6896196ae2023-02-07 15:11:56.096root 11241100x8000000000000000697545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126966260c89b7202023-02-07 15:11:56.096root 11241100x8000000000000000697551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d108e401e86d302023-02-07 15:11:56.595root 11241100x8000000000000000697550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b646573b189e67d12023-02-07 15:11:56.595root 11241100x8000000000000000697549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed9b6f9867d21132023-02-07 15:11:56.595root 11241100x8000000000000000697548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d76500ab05bee2023-02-07 15:11:56.595root 11241100x8000000000000000697547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d17dfb84b4f0422023-02-07 15:11:56.595root 11241100x8000000000000000697552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4920a2ea63322baa2023-02-07 15:11:56.596root 11241100x8000000000000000697558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd2c375abc835782023-02-07 15:11:57.095root 11241100x8000000000000000697557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0e36065974b57a2023-02-07 15:11:57.095root 11241100x8000000000000000697556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799b1ca86419f4d52023-02-07 15:11:57.095root 11241100x8000000000000000697555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f9beada0bfa05a2023-02-07 15:11:57.095root 11241100x8000000000000000697554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725cc7a4fff3b3022023-02-07 15:11:57.095root 11241100x8000000000000000697553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07facad4178734d42023-02-07 15:11:57.095root 11241100x8000000000000000697564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2760c59db19438842023-02-07 15:11:57.595root 11241100x8000000000000000697563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16620549dcca42142023-02-07 15:11:57.595root 11241100x8000000000000000697562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320cff62c43a9d4b2023-02-07 15:11:57.595root 11241100x8000000000000000697561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f2be15e9af7e102023-02-07 15:11:57.595root 11241100x8000000000000000697560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffd205cc2f54a3c2023-02-07 15:11:57.595root 11241100x8000000000000000697559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab4417ef3f594582023-02-07 15:11:57.595root 23542300x8000000000000000697565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:57.697{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000697569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26336aa81313097c2023-02-07 15:11:58.095root 11241100x8000000000000000697568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b005bb6f3e982c672023-02-07 15:11:58.095root 11241100x8000000000000000697567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fd2aa6667c5eac2023-02-07 15:11:58.095root 11241100x8000000000000000697566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb37cb0ff91a1a602023-02-07 15:11:58.095root 11241100x8000000000000000697572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff166c4f6ec03072023-02-07 15:11:58.096root 11241100x8000000000000000697571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b8bf3f462256ac2023-02-07 15:11:58.096root 11241100x8000000000000000697570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea95ace50ef368e2023-02-07 15:11:58.096root 354300x8000000000000000697573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.257{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39350-false10.0.1.12-8000- 11241100x8000000000000000697578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75eb2a54b0c7e1e2023-02-07 15:11:58.595root 11241100x8000000000000000697577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3674e66bea8379c2023-02-07 15:11:58.595root 11241100x8000000000000000697576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322fae17a2e025532023-02-07 15:11:58.595root 11241100x8000000000000000697575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e826de4c8d7de82023-02-07 15:11:58.595root 11241100x8000000000000000697574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98e450db464eb2a2023-02-07 15:11:58.595root 11241100x8000000000000000697581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc245d85d570222023-02-07 15:11:58.596root 11241100x8000000000000000697580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa26113ed465ee2023-02-07 15:11:58.596root 11241100x8000000000000000697579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592a99b9f567f1ad2023-02-07 15:11:58.596root 11241100x8000000000000000697586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5243247d681c762023-02-07 15:11:59.095root 11241100x8000000000000000697585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8658ecf0d7fc46b92023-02-07 15:11:59.095root 11241100x8000000000000000697584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02b6d1c8425e4862023-02-07 15:11:59.095root 11241100x8000000000000000697583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726242d3f3b559da2023-02-07 15:11:59.095root 11241100x8000000000000000697582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c9c634b08990682023-02-07 15:11:59.095root 11241100x8000000000000000697589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c771efcc8a831c1c2023-02-07 15:11:59.096root 11241100x8000000000000000697588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e2966f990ee972023-02-07 15:11:59.096root 11241100x8000000000000000697587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db502866f188913e2023-02-07 15:11:59.096root 11241100x8000000000000000697590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5769181d8b07b8092023-02-07 15:11:59.595root 11241100x8000000000000000697595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5276ca68a043172023-02-07 15:11:59.596root 11241100x8000000000000000697594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cfe1706516a7bb2023-02-07 15:11:59.596root 11241100x8000000000000000697593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a9f6dc421fc7ff2023-02-07 15:11:59.596root 11241100x8000000000000000697592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f127ae0ec279fcc2023-02-07 15:11:59.596root 11241100x8000000000000000697591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6233a2c053c2e72f2023-02-07 15:11:59.596root 11241100x8000000000000000697597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0dcea6c01eb2182023-02-07 15:11:59.597root 11241100x8000000000000000697596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:11:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6939b6ad30746f572023-02-07 15:11:59.597root 11241100x8000000000000000697603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d20af31c4b00992023-02-07 15:12:00.095root 11241100x8000000000000000697602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0ed72740c68d3b2023-02-07 15:12:00.095root 11241100x8000000000000000697601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd9f47b00a83c892023-02-07 15:12:00.095root 11241100x8000000000000000697600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b124089ef6bd9532023-02-07 15:12:00.095root 11241100x8000000000000000697599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d8f8054ab5b9b2023-02-07 15:12:00.095root 11241100x8000000000000000697598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee79f17fae16a962023-02-07 15:12:00.095root 11241100x8000000000000000697605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2441a37d52e7b82023-02-07 15:12:00.096root 11241100x8000000000000000697604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53327260cd2b4df2023-02-07 15:12:00.096root 11241100x8000000000000000697610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51461c83f5ba77172023-02-07 15:12:00.595root 11241100x8000000000000000697609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9e6db20fce5f1f2023-02-07 15:12:00.595root 11241100x8000000000000000697608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff59393b9abea3692023-02-07 15:12:00.595root 11241100x8000000000000000697607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a124240c5c6e662023-02-07 15:12:00.595root 11241100x8000000000000000697606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74748845d8ca06dc2023-02-07 15:12:00.595root 11241100x8000000000000000697613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f79e3fa356c5e62023-02-07 15:12:00.596root 11241100x8000000000000000697612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a797249241cd3dd2023-02-07 15:12:00.596root 11241100x8000000000000000697611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9187e7775f014322023-02-07 15:12:00.596root 11241100x8000000000000000697617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a061fc1498ac9792023-02-07 15:12:01.095root 11241100x8000000000000000697616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9f59c4361fb3b62023-02-07 15:12:01.095root 11241100x8000000000000000697615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2fd2eac32e0762023-02-07 15:12:01.095root 11241100x8000000000000000697614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1ae30dbeff9ea12023-02-07 15:12:01.095root 11241100x8000000000000000697621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbfc502b88d26322023-02-07 15:12:01.096root 11241100x8000000000000000697620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca6c1a05ea9061e2023-02-07 15:12:01.096root 11241100x8000000000000000697619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771c9e139de31c102023-02-07 15:12:01.096root 11241100x8000000000000000697618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da8a2e24c82468c2023-02-07 15:12:01.096root 11241100x8000000000000000697627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faaa17c0f1e5d922023-02-07 15:12:01.595root 11241100x8000000000000000697626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af49b78b46f822002023-02-07 15:12:01.595root 11241100x8000000000000000697625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819d102997f5219b2023-02-07 15:12:01.595root 11241100x8000000000000000697624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b896cbdb9ca94baf2023-02-07 15:12:01.595root 11241100x8000000000000000697623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b77d8fb4c39512023-02-07 15:12:01.595root 11241100x8000000000000000697622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bc8a65584afb232023-02-07 15:12:01.595root 11241100x8000000000000000697629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160293c28bd467b22023-02-07 15:12:01.596root 11241100x8000000000000000697628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b428f61c5ca50bba2023-02-07 15:12:01.596root 11241100x8000000000000000697633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085e3a1c2b966a502023-02-07 15:12:02.095root 11241100x8000000000000000697632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163085a8b69423162023-02-07 15:12:02.095root 11241100x8000000000000000697631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d65a4430f546ed2023-02-07 15:12:02.095root 11241100x8000000000000000697630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ee2c5899d6440f2023-02-07 15:12:02.095root 11241100x8000000000000000697637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326e0183c48e09b2023-02-07 15:12:02.096root 11241100x8000000000000000697636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22424e915634f2272023-02-07 15:12:02.096root 11241100x8000000000000000697635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a024445e0c87d7352023-02-07 15:12:02.096root 11241100x8000000000000000697634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56099b2a72ee91f2023-02-07 15:12:02.096root 11241100x8000000000000000697643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238aea05654f78652023-02-07 15:12:02.595root 11241100x8000000000000000697642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f1b74339a7437a2023-02-07 15:12:02.595root 11241100x8000000000000000697641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14393f2cc4bd6d72023-02-07 15:12:02.595root 11241100x8000000000000000697640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ba2a2641c3ea902023-02-07 15:12:02.595root 11241100x8000000000000000697639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a411f29c5f43a972023-02-07 15:12:02.595root 11241100x8000000000000000697638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cf7dec9c7486732023-02-07 15:12:02.595root 11241100x8000000000000000697645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c71dbdae4f93212023-02-07 15:12:02.596root 11241100x8000000000000000697644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230684edd4cf0db82023-02-07 15:12:02.596root 11241100x8000000000000000697651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd56d1ade7088942023-02-07 15:12:03.095root 11241100x8000000000000000697650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c5998d4acbc9a32023-02-07 15:12:03.095root 11241100x8000000000000000697649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8900ed789075cba92023-02-07 15:12:03.095root 11241100x8000000000000000697648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0017ab456290f8272023-02-07 15:12:03.095root 11241100x8000000000000000697647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006802aec003fc02023-02-07 15:12:03.095root 11241100x8000000000000000697646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a63b7e26d7f4ae2023-02-07 15:12:03.095root 11241100x8000000000000000697653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeee33b7156ca3462023-02-07 15:12:03.096root 11241100x8000000000000000697652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293de61d0690608e2023-02-07 15:12:03.096root 11241100x8000000000000000697658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6dc982c0c65fc12023-02-07 15:12:03.595root 11241100x8000000000000000697657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e33d9b1ca4b582023-02-07 15:12:03.595root 11241100x8000000000000000697656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcba7dd6a5686ca02023-02-07 15:12:03.595root 11241100x8000000000000000697655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac84a0e7c0ffec482023-02-07 15:12:03.595root 11241100x8000000000000000697654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff56213132ea41fd2023-02-07 15:12:03.595root 11241100x8000000000000000697661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255ff55f216b482a2023-02-07 15:12:03.596root 11241100x8000000000000000697660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0467b6738261079c2023-02-07 15:12:03.596root 11241100x8000000000000000697659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63cc234692473ac2023-02-07 15:12:03.596root 354300x8000000000000000697662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.015{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39364-false10.0.1.12-8000- 11241100x8000000000000000697671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5797cbed6582172023-02-07 15:12:04.016root 11241100x8000000000000000697670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9377fb03bef7f76b2023-02-07 15:12:04.016root 11241100x8000000000000000697669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2edebee24d0ba162023-02-07 15:12:04.016root 11241100x8000000000000000697668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5893c910391fe222023-02-07 15:12:04.016root 11241100x8000000000000000697667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd04c5c8a3c34502023-02-07 15:12:04.016root 11241100x8000000000000000697666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0244e71441551ec2023-02-07 15:12:04.016root 11241100x8000000000000000697665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257eb119a4911e1f2023-02-07 15:12:04.016root 11241100x8000000000000000697664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc8afb949c4c5662023-02-07 15:12:04.016root 11241100x8000000000000000697663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd4918d990bc9452023-02-07 15:12:04.016root 11241100x8000000000000000697674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8f27d1cfc6e5702023-02-07 15:12:04.345root 11241100x8000000000000000697673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e2a01639f6b3cb2023-02-07 15:12:04.345root 11241100x8000000000000000697672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7fa6e60087061e2023-02-07 15:12:04.345root 11241100x8000000000000000697680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c04810405bffd402023-02-07 15:12:04.346root 11241100x8000000000000000697679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d7cc9e8d93b4db2023-02-07 15:12:04.346root 11241100x8000000000000000697678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996ac1d8669005ac2023-02-07 15:12:04.346root 11241100x8000000000000000697677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1764a597bdae422023-02-07 15:12:04.346root 11241100x8000000000000000697676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1d4142949b7eb2023-02-07 15:12:04.346root 11241100x8000000000000000697675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872afe46d6cc10a72023-02-07 15:12:04.346root 11241100x8000000000000000697683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4818894959382572023-02-07 15:12:04.845root 11241100x8000000000000000697682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00d9f0a911d65122023-02-07 15:12:04.845root 11241100x8000000000000000697681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0c0e3af598d452023-02-07 15:12:04.845root 11241100x8000000000000000697689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41580ce8b2b2b912023-02-07 15:12:04.846root 11241100x8000000000000000697688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2252f2cfd52d632023-02-07 15:12:04.846root 11241100x8000000000000000697687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d117ed18a373b92023-02-07 15:12:04.846root 11241100x8000000000000000697686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7422065019be65ca2023-02-07 15:12:04.846root 11241100x8000000000000000697685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce670ad1817cd92023-02-07 15:12:04.846root 11241100x8000000000000000697684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af6eef5237d42262023-02-07 15:12:04.846root 11241100x8000000000000000697692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f3d686bfb351dc2023-02-07 15:12:05.345root 11241100x8000000000000000697691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28402c20f58921e2023-02-07 15:12:05.345root 11241100x8000000000000000697690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f260c1f54cfb822023-02-07 15:12:05.345root 11241100x8000000000000000697698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471a7d4cdde0a3fb2023-02-07 15:12:05.346root 11241100x8000000000000000697697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e89eabdb3133892023-02-07 15:12:05.346root 11241100x8000000000000000697696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26eeb414dfd653962023-02-07 15:12:05.346root 11241100x8000000000000000697695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2778fb96011c627a2023-02-07 15:12:05.346root 11241100x8000000000000000697694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296ad849885ca4f92023-02-07 15:12:05.346root 11241100x8000000000000000697693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83edcc6876521c712023-02-07 15:12:05.346root 11241100x8000000000000000697701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2153cdf78042921c2023-02-07 15:12:05.845root 11241100x8000000000000000697700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30d5267222ebf6d2023-02-07 15:12:05.845root 11241100x8000000000000000697699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f369145d7afb6d2023-02-07 15:12:05.845root 11241100x8000000000000000697707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac6d911ff58bcdf2023-02-07 15:12:05.846root 11241100x8000000000000000697706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bf60c3c889c3ad2023-02-07 15:12:05.846root 11241100x8000000000000000697705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47fe009b670b4022023-02-07 15:12:05.846root 11241100x8000000000000000697704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f761444b62d7732023-02-07 15:12:05.846root 11241100x8000000000000000697703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddf776d08c0fc8b2023-02-07 15:12:05.846root 11241100x8000000000000000697702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741c389fc601d85f2023-02-07 15:12:05.846root 11241100x8000000000000000697708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1766c91993251e2023-02-07 15:12:06.345root 11241100x8000000000000000697715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e3dada3d011e542023-02-07 15:12:06.346root 11241100x8000000000000000697714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24ac56732f4fdd42023-02-07 15:12:06.346root 11241100x8000000000000000697713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42def52673b6008a2023-02-07 15:12:06.346root 11241100x8000000000000000697712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0186642200a42c9c2023-02-07 15:12:06.346root 11241100x8000000000000000697711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960f96c3125da8352023-02-07 15:12:06.346root 11241100x8000000000000000697710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2af106d2783c5c92023-02-07 15:12:06.346root 11241100x8000000000000000697709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010d4e3916679c322023-02-07 15:12:06.346root 11241100x8000000000000000697716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d529193191dffd2023-02-07 15:12:06.347root 11241100x8000000000000000697719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8ecfc13be825fc2023-02-07 15:12:06.845root 11241100x8000000000000000697718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982d6ab7a14d4f1b2023-02-07 15:12:06.845root 11241100x8000000000000000697717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5839040cb445a7172023-02-07 15:12:06.845root 11241100x8000000000000000697725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e515339b7f4ccd2023-02-07 15:12:06.846root 11241100x8000000000000000697724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b99748a979cd8502023-02-07 15:12:06.846root 11241100x8000000000000000697723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885bd0abafc6cc8f2023-02-07 15:12:06.846root 11241100x8000000000000000697722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baecf88990ee0f02023-02-07 15:12:06.846root 11241100x8000000000000000697721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eff05d4b1a16a3e2023-02-07 15:12:06.846root 11241100x8000000000000000697720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cf19f4420174142023-02-07 15:12:06.846root 11241100x8000000000000000697730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f738fa4982f3e92023-02-07 15:12:07.345root 11241100x8000000000000000697729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22349921df24c02a2023-02-07 15:12:07.345root 11241100x8000000000000000697728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2db3877f96169302023-02-07 15:12:07.345root 11241100x8000000000000000697727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a822a0eb9a5e6df2023-02-07 15:12:07.345root 11241100x8000000000000000697726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422505067530b3cf2023-02-07 15:12:07.345root 11241100x8000000000000000697734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b38b15198493c32023-02-07 15:12:07.346root 11241100x8000000000000000697733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d9add9c4f54cf92023-02-07 15:12:07.346root 11241100x8000000000000000697732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b7aefafa7c5be2023-02-07 15:12:07.346root 11241100x8000000000000000697731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c13a51e8408eb3e2023-02-07 15:12:07.346root 11241100x8000000000000000697737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573103b5e8113a852023-02-07 15:12:07.845root 11241100x8000000000000000697736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c976b03f233c90722023-02-07 15:12:07.845root 11241100x8000000000000000697735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e57635ae4490f642023-02-07 15:12:07.845root 11241100x8000000000000000697743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fcdbb3e9762e142023-02-07 15:12:07.846root 11241100x8000000000000000697742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5fc352483a87cb2023-02-07 15:12:07.846root 11241100x8000000000000000697741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd731ecb86ebad412023-02-07 15:12:07.846root 11241100x8000000000000000697740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c7bb63ad0eaa942023-02-07 15:12:07.846root 11241100x8000000000000000697739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f427a51383aa27562023-02-07 15:12:07.846root 11241100x8000000000000000697738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9247ee9b14435ba2023-02-07 15:12:07.846root 11241100x8000000000000000697748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa13eee27c191982023-02-07 15:12:08.345root 11241100x8000000000000000697747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693eb2566316205b2023-02-07 15:12:08.345root 11241100x8000000000000000697746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38280404322067a82023-02-07 15:12:08.345root 11241100x8000000000000000697745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b993e64dec7e8fdd2023-02-07 15:12:08.345root 11241100x8000000000000000697744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef567f60edeb498a2023-02-07 15:12:08.345root 11241100x8000000000000000697752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6a68502c8821282023-02-07 15:12:08.346root 11241100x8000000000000000697751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2035659a6c9dfb2023-02-07 15:12:08.346root 11241100x8000000000000000697750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb3d9b572800ad52023-02-07 15:12:08.346root 11241100x8000000000000000697749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39b914e68254f2e2023-02-07 15:12:08.346root 11241100x8000000000000000697754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2728b4213c1a31a2023-02-07 15:12:08.845root 11241100x8000000000000000697753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988965125b5430682023-02-07 15:12:08.845root 11241100x8000000000000000697761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8414e0807774eb92023-02-07 15:12:08.846root 11241100x8000000000000000697760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d67d4a1dfbf08b2023-02-07 15:12:08.846root 11241100x8000000000000000697759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1528c02c9daf0792023-02-07 15:12:08.846root 11241100x8000000000000000697758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a1fa20ab1fc652023-02-07 15:12:08.846root 11241100x8000000000000000697757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab5f6ed3ba012cd2023-02-07 15:12:08.846root 11241100x8000000000000000697756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8667c4348d7e49242023-02-07 15:12:08.846root 11241100x8000000000000000697755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe17b766c10bb1422023-02-07 15:12:08.846root 354300x8000000000000000697762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.114{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53262-false10.0.1.12-8000- 11241100x8000000000000000697763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.115{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606bb9842143fe4a2023-02-07 15:12:09.115root 11241100x8000000000000000697772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2478ca9cbcb4032023-02-07 15:12:09.116root 11241100x8000000000000000697771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a15e9c5d9bde7be2023-02-07 15:12:09.116root 11241100x8000000000000000697770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296a059a8680b1b22023-02-07 15:12:09.116root 11241100x8000000000000000697769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d94cc8d9b9eabb62023-02-07 15:12:09.116root 11241100x8000000000000000697768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c00668a26b06ca2023-02-07 15:12:09.116root 11241100x8000000000000000697767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93d35dc25b4e84b2023-02-07 15:12:09.116root 11241100x8000000000000000697766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6dc8a3dda8a3842023-02-07 15:12:09.116root 11241100x8000000000000000697765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d47fb90e3bfb322023-02-07 15:12:09.116root 11241100x8000000000000000697764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d30e6c8115f290a2023-02-07 15:12:09.116root 11241100x8000000000000000697778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c539921161ef2b52023-02-07 15:12:09.595root 11241100x8000000000000000697777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd47a0404bdfdd32023-02-07 15:12:09.595root 11241100x8000000000000000697776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed2c4a22942edc62023-02-07 15:12:09.595root 11241100x8000000000000000697775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f325aea6bec96ba52023-02-07 15:12:09.595root 11241100x8000000000000000697774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d941a3ab951392023-02-07 15:12:09.595root 11241100x8000000000000000697773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12277443ca828ea62023-02-07 15:12:09.595root 11241100x8000000000000000697782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609ef6ed5a075ad92023-02-07 15:12:09.596root 11241100x8000000000000000697781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2de02654d98d0b82023-02-07 15:12:09.596root 11241100x8000000000000000697780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1735c08c2674092023-02-07 15:12:09.596root 11241100x8000000000000000697779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5322f9412bb9f03c2023-02-07 15:12:09.596root 11241100x8000000000000000697785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a2e2413edb51282023-02-07 15:12:10.095root 11241100x8000000000000000697784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd5878e12ff1c612023-02-07 15:12:10.095root 11241100x8000000000000000697783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3764d0d73f3ba1f72023-02-07 15:12:10.095root 11241100x8000000000000000697792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c8886c420dd3a22023-02-07 15:12:10.096root 11241100x8000000000000000697791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00f43af72b946a72023-02-07 15:12:10.096root 11241100x8000000000000000697790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2221f2bc0aa8cfa2023-02-07 15:12:10.096root 11241100x8000000000000000697789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fc35d87a0b16252023-02-07 15:12:10.096root 11241100x8000000000000000697788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c868ee47a5800baa2023-02-07 15:12:10.096root 11241100x8000000000000000697787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6b3ce8344a3c7f2023-02-07 15:12:10.096root 11241100x8000000000000000697786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e62aa801d7787012023-02-07 15:12:10.096root 11241100x8000000000000000697795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bc4670d9a120a52023-02-07 15:12:10.595root 11241100x8000000000000000697794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b451d2a8eae756f2023-02-07 15:12:10.595root 11241100x8000000000000000697793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4102e268ca502352023-02-07 15:12:10.595root 11241100x8000000000000000697802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75797e9995798b1b2023-02-07 15:12:10.596root 11241100x8000000000000000697801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71495aa3be802772023-02-07 15:12:10.596root 11241100x8000000000000000697800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f027247018bcb82023-02-07 15:12:10.596root 11241100x8000000000000000697799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa2893ee62780512023-02-07 15:12:10.596root 11241100x8000000000000000697798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c73ccff335a182e2023-02-07 15:12:10.596root 11241100x8000000000000000697797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4348bce89f70a46f2023-02-07 15:12:10.596root 11241100x8000000000000000697796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2b8855d80b81732023-02-07 15:12:10.596root 11241100x8000000000000000697807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657f0a39093474402023-02-07 15:12:11.095root 11241100x8000000000000000697806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77570d3b1bdf38602023-02-07 15:12:11.095root 11241100x8000000000000000697805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c80f2a328347e582023-02-07 15:12:11.095root 11241100x8000000000000000697804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b1423fbbc7b93a2023-02-07 15:12:11.095root 11241100x8000000000000000697803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ec55d8e28415252023-02-07 15:12:11.095root 11241100x8000000000000000697812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5caab0f36b12512023-02-07 15:12:11.096root 11241100x8000000000000000697811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd51d975e87e3d122023-02-07 15:12:11.096root 11241100x8000000000000000697810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d700e7abcd83385e2023-02-07 15:12:11.096root 11241100x8000000000000000697809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605d1b86ee41333a2023-02-07 15:12:11.096root 11241100x8000000000000000697808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464a94aa14a4c84f2023-02-07 15:12:11.096root 11241100x8000000000000000697818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58bd12d1425d49c2023-02-07 15:12:11.595root 11241100x8000000000000000697817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9e6bb30c74e0072023-02-07 15:12:11.595root 11241100x8000000000000000697816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d77abb31887241c2023-02-07 15:12:11.595root 11241100x8000000000000000697815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e867c25f6528a72023-02-07 15:12:11.595root 11241100x8000000000000000697814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112c6e8c715b00462023-02-07 15:12:11.595root 11241100x8000000000000000697813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f5985e8825ad4c2023-02-07 15:12:11.595root 11241100x8000000000000000697822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55519fe035be77d2023-02-07 15:12:11.596root 11241100x8000000000000000697821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7598ce9ec350302023-02-07 15:12:11.596root 11241100x8000000000000000697820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50729ad0e05bb6442023-02-07 15:12:11.596root 11241100x8000000000000000697819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d7fa5d912538402023-02-07 15:12:11.596root 11241100x8000000000000000697827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5a318d235dd3312023-02-07 15:12:12.095root 11241100x8000000000000000697826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fdb0ddc33ee1722023-02-07 15:12:12.095root 11241100x8000000000000000697825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7f4a5417355d962023-02-07 15:12:12.095root 11241100x8000000000000000697824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512e3b2d1ea8e97c2023-02-07 15:12:12.095root 11241100x8000000000000000697823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27e70d611b77ec42023-02-07 15:12:12.095root 11241100x8000000000000000697832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcf07d467d6db402023-02-07 15:12:12.096root 11241100x8000000000000000697831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be3cccef26ab8bb2023-02-07 15:12:12.096root 11241100x8000000000000000697830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e559482f1cc449992023-02-07 15:12:12.096root 11241100x8000000000000000697829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747da30d3f0986782023-02-07 15:12:12.096root 11241100x8000000000000000697828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c3efa9112f8ace2023-02-07 15:12:12.096root 11241100x8000000000000000697837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295fe822904d2fa72023-02-07 15:12:12.595root 11241100x8000000000000000697836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9945ca4e245e51602023-02-07 15:12:12.595root 11241100x8000000000000000697835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97555d3fa714f0fd2023-02-07 15:12:12.595root 11241100x8000000000000000697834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2affbf8a63da802023-02-07 15:12:12.595root 11241100x8000000000000000697833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c81487239467f22023-02-07 15:12:12.595root 11241100x8000000000000000697842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b6f1393d37312e2023-02-07 15:12:12.596root 11241100x8000000000000000697841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f54c4d06bffec02023-02-07 15:12:12.596root 11241100x8000000000000000697840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df93e34743c6f3672023-02-07 15:12:12.596root 11241100x8000000000000000697839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8ea668b1b18f5b2023-02-07 15:12:12.596root 11241100x8000000000000000697838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d97b9abc78cd12023-02-07 15:12:12.596root 11241100x8000000000000000697844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e38c630e64af8722023-02-07 15:12:13.095root 11241100x8000000000000000697843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0f000b69dda7a72023-02-07 15:12:13.095root 11241100x8000000000000000697852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37680979eda5db672023-02-07 15:12:13.096root 11241100x8000000000000000697851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655319e2fd45ea7a2023-02-07 15:12:13.096root 11241100x8000000000000000697850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7959af40961eb5812023-02-07 15:12:13.096root 11241100x8000000000000000697849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb45bafca0cacdf32023-02-07 15:12:13.096root 11241100x8000000000000000697848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa154a9b7781d512023-02-07 15:12:13.096root 11241100x8000000000000000697847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7420369de8fcc02023-02-07 15:12:13.096root 11241100x8000000000000000697846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee65c802c9d4b552023-02-07 15:12:13.096root 11241100x8000000000000000697845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca2f10af44d583c2023-02-07 15:12:13.096root 11241100x8000000000000000697856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25bb53ad0496dca2023-02-07 15:12:13.595root 11241100x8000000000000000697855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c951837edc5ecc2023-02-07 15:12:13.595root 11241100x8000000000000000697854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb0f9ce814c87fd2023-02-07 15:12:13.595root 11241100x8000000000000000697853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981da1a9a9469642023-02-07 15:12:13.595root 11241100x8000000000000000697862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d765250e1af5b2023-02-07 15:12:13.596root 11241100x8000000000000000697861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0524aa6cf034d9232023-02-07 15:12:13.596root 11241100x8000000000000000697860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67d346fcecacb972023-02-07 15:12:13.596root 11241100x8000000000000000697859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5baf0d7e78224a62023-02-07 15:12:13.596root 11241100x8000000000000000697858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9058a7486978ce5a2023-02-07 15:12:13.596root 11241100x8000000000000000697857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66aff0123c76d022023-02-07 15:12:13.596root 11241100x8000000000000000697867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d15b8f09a9525492023-02-07 15:12:14.095root 11241100x8000000000000000697866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ed1ed23bc33bfa2023-02-07 15:12:14.095root 11241100x8000000000000000697865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa9a9c33f7e504f2023-02-07 15:12:14.095root 11241100x8000000000000000697864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28511effb4a1e9b92023-02-07 15:12:14.095root 11241100x8000000000000000697863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd73f0417d059a02023-02-07 15:12:14.095root 11241100x8000000000000000697872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eab7a16a95f8572023-02-07 15:12:14.096root 11241100x8000000000000000697871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7410c3f4091a4e7a2023-02-07 15:12:14.096root 11241100x8000000000000000697870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1881b72bc27970b2023-02-07 15:12:14.096root 11241100x8000000000000000697869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491c737afddcb3ab2023-02-07 15:12:14.096root 11241100x8000000000000000697868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db4714c755d0d542023-02-07 15:12:14.096root 354300x8000000000000000697873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.201{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53274-false10.0.1.12-8000- 354300x8000000000000000697874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.539{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34108-false10.0.1.12-8089- 11241100x8000000000000000697886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576f2b61013b200b2023-02-07 15:12:14.541root 11241100x8000000000000000697885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6466744f0910402023-02-07 15:12:14.541root 11241100x8000000000000000697884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b12ae9b9f1a7aaf2023-02-07 15:12:14.541root 11241100x8000000000000000697883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fd481cb1af3fb52023-02-07 15:12:14.541root 11241100x8000000000000000697882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb93974ecc39dda2023-02-07 15:12:14.541root 11241100x8000000000000000697881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70def148b7b45bf32023-02-07 15:12:14.541root 11241100x8000000000000000697880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4c6f17f47ba8e72023-02-07 15:12:14.541root 11241100x8000000000000000697879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24322be5fdd7189b2023-02-07 15:12:14.541root 11241100x8000000000000000697878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8256ff2f8ab856572023-02-07 15:12:14.541root 11241100x8000000000000000697877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a27b37de2e4f47e2023-02-07 15:12:14.541root 11241100x8000000000000000697876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78216ba3dc4dd5302023-02-07 15:12:14.541root 11241100x8000000000000000697875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.541{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ca0a41375b800c2023-02-07 15:12:14.541root 11241100x8000000000000000697888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78acbbadd3e331002023-02-07 15:12:14.845root 11241100x8000000000000000697887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faca3d40253c8b32023-02-07 15:12:14.845root 11241100x8000000000000000697898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31638aa9f16c07e2023-02-07 15:12:14.846root 11241100x8000000000000000697897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073271f1b0c878572023-02-07 15:12:14.846root 11241100x8000000000000000697896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9838f43ed4850692023-02-07 15:12:14.846root 11241100x8000000000000000697895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcc1f4afff071a22023-02-07 15:12:14.846root 11241100x8000000000000000697894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9244b5d7b688ca282023-02-07 15:12:14.846root 11241100x8000000000000000697893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db34089ab3bb9122023-02-07 15:12:14.846root 11241100x8000000000000000697892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e51554d7ac869b92023-02-07 15:12:14.846root 11241100x8000000000000000697891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3692e038f0cd4d72023-02-07 15:12:14.846root 11241100x8000000000000000697890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5008ca76b49105a22023-02-07 15:12:14.846root 11241100x8000000000000000697889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a113cc50b20852023-02-07 15:12:14.846root 11241100x8000000000000000697900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b220070f4e74442023-02-07 15:12:15.345root 11241100x8000000000000000697899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2b8ef8ef20f3d72023-02-07 15:12:15.345root 11241100x8000000000000000697910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4017a691fdd281602023-02-07 15:12:15.346root 11241100x8000000000000000697909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cdbadf089cec632023-02-07 15:12:15.346root 11241100x8000000000000000697908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29681ae7cab0e5aa2023-02-07 15:12:15.346root 11241100x8000000000000000697907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de28c820f8994e52023-02-07 15:12:15.346root 11241100x8000000000000000697906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c22a3dffb6748a2023-02-07 15:12:15.346root 11241100x8000000000000000697905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae358b24874f052f2023-02-07 15:12:15.346root 11241100x8000000000000000697904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0164b7b2c6c59e562023-02-07 15:12:15.346root 11241100x8000000000000000697903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c00563f321f7a2023-02-07 15:12:15.346root 11241100x8000000000000000697902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6589ab168842c2023-02-07 15:12:15.346root 11241100x8000000000000000697901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fed8043af8063e32023-02-07 15:12:15.346root 11241100x8000000000000000697917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6047b9e7cc66efc2023-02-07 15:12:15.845root 11241100x8000000000000000697916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c43011eff5d9352023-02-07 15:12:15.845root 11241100x8000000000000000697915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750eab13d67d3d12023-02-07 15:12:15.845root 11241100x8000000000000000697914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea7ff731c16a44a2023-02-07 15:12:15.845root 11241100x8000000000000000697913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3112c2457bf64372023-02-07 15:12:15.845root 11241100x8000000000000000697912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2867ade4d03528c2023-02-07 15:12:15.845root 11241100x8000000000000000697911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb950c38b6a1791b2023-02-07 15:12:15.845root 11241100x8000000000000000697922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeeff4c318f5ed72023-02-07 15:12:15.846root 11241100x8000000000000000697921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef262885dd4b7e42023-02-07 15:12:15.846root 11241100x8000000000000000697920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5314f3c61d5ef8842023-02-07 15:12:15.846root 11241100x8000000000000000697919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaa08957cedd7c72023-02-07 15:12:15.846root 11241100x8000000000000000697918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c618128794b195622023-02-07 15:12:15.846root 11241100x8000000000000000697923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0d93272aca0a5b2023-02-07 15:12:16.345root 11241100x8000000000000000697934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9935b045fdb6bc2023-02-07 15:12:16.346root 11241100x8000000000000000697933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb75b879abd4d79b2023-02-07 15:12:16.346root 11241100x8000000000000000697932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8195a53e320b712c2023-02-07 15:12:16.346root 11241100x8000000000000000697931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66ab7b2c23a83b62023-02-07 15:12:16.346root 11241100x8000000000000000697930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a0758075fed3b12023-02-07 15:12:16.346root 11241100x8000000000000000697929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fca3272a04a3ac72023-02-07 15:12:16.346root 11241100x8000000000000000697928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17f8653c51eb7a22023-02-07 15:12:16.346root 11241100x8000000000000000697927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a790891508f5d4f2023-02-07 15:12:16.346root 11241100x8000000000000000697926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60015d4b11889f2023-02-07 15:12:16.346root 11241100x8000000000000000697925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f41e8fb8c656722023-02-07 15:12:16.346root 11241100x8000000000000000697924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b11eddfc98c04662023-02-07 15:12:16.346root 11241100x8000000000000000697935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a84d0203bf0d162023-02-07 15:12:16.845root 11241100x8000000000000000697946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d6f8d551f535fc2023-02-07 15:12:16.846root 11241100x8000000000000000697945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de373a345571f8432023-02-07 15:12:16.846root 11241100x8000000000000000697944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9914b6eb878243312023-02-07 15:12:16.846root 11241100x8000000000000000697943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44458b248738f6d92023-02-07 15:12:16.846root 11241100x8000000000000000697942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d353451197559c362023-02-07 15:12:16.846root 11241100x8000000000000000697941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6575b80f901691882023-02-07 15:12:16.846root 11241100x8000000000000000697940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ad98b8ec05d4522023-02-07 15:12:16.846root 11241100x8000000000000000697939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0678ee4d4032efab2023-02-07 15:12:16.846root 11241100x8000000000000000697938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74984c6c4fd1e55c2023-02-07 15:12:16.846root 11241100x8000000000000000697937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f231b05111f70f2023-02-07 15:12:16.846root 11241100x8000000000000000697936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bcddcaad6a81032023-02-07 15:12:16.846root 11241100x8000000000000000697947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317a7123ecaa77752023-02-07 15:12:17.345root 11241100x8000000000000000697958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa00e10269b085842023-02-07 15:12:17.346root 11241100x8000000000000000697957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894b40347317a2212023-02-07 15:12:17.346root 11241100x8000000000000000697956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed99c4a7a321a5b92023-02-07 15:12:17.346root 11241100x8000000000000000697955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84f6895abf3edf32023-02-07 15:12:17.346root 11241100x8000000000000000697954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2e86a848043c6a2023-02-07 15:12:17.346root 11241100x8000000000000000697953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd9928febf104bc2023-02-07 15:12:17.346root 11241100x8000000000000000697952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58793526a168208c2023-02-07 15:12:17.346root 11241100x8000000000000000697951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65e691c21f01bd22023-02-07 15:12:17.346root 11241100x8000000000000000697950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9618b39bf66011d22023-02-07 15:12:17.346root 11241100x8000000000000000697949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a04f393dd2631282023-02-07 15:12:17.346root 11241100x8000000000000000697948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab6da2e3a4843ae2023-02-07 15:12:17.346root 11241100x8000000000000000697967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f8ee6ff496b47c2023-02-07 15:12:17.846root 11241100x8000000000000000697966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d878a181c0f7f02023-02-07 15:12:17.846root 11241100x8000000000000000697965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386ba61a6e9bcce02023-02-07 15:12:17.846root 11241100x8000000000000000697964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122190164eeede422023-02-07 15:12:17.846root 11241100x8000000000000000697963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa7347feb12c7ee2023-02-07 15:12:17.846root 11241100x8000000000000000697962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca136982f87dc0fe2023-02-07 15:12:17.846root 11241100x8000000000000000697961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3e27feabddf5572023-02-07 15:12:17.846root 11241100x8000000000000000697960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f256a2b700ef312023-02-07 15:12:17.846root 11241100x8000000000000000697959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbb092b2e7cd5252023-02-07 15:12:17.846root 11241100x8000000000000000697970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb75757aeb0084e2023-02-07 15:12:17.847root 11241100x8000000000000000697969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f0e50b545729eb2023-02-07 15:12:17.847root 11241100x8000000000000000697968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2578284d2ac664322023-02-07 15:12:17.847root 11241100x8000000000000000697972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239f9e2fc07fdcf52023-02-07 15:12:18.345root 11241100x8000000000000000697971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57db93afafc8dd52023-02-07 15:12:18.345root 11241100x8000000000000000697982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f13276ad0e006d42023-02-07 15:12:18.346root 11241100x8000000000000000697981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225aa975f5a4d0502023-02-07 15:12:18.346root 11241100x8000000000000000697980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ad9eba57beba9f2023-02-07 15:12:18.346root 11241100x8000000000000000697979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5a1447dd23a03d2023-02-07 15:12:18.346root 11241100x8000000000000000697978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5b8cec3135d6822023-02-07 15:12:18.346root 11241100x8000000000000000697977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cfc3ff748c3ef82023-02-07 15:12:18.346root 11241100x8000000000000000697976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf49524b74fac82023-02-07 15:12:18.346root 11241100x8000000000000000697975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee45503afe11c0a72023-02-07 15:12:18.346root 11241100x8000000000000000697974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762cbeeb83b34f772023-02-07 15:12:18.346root 11241100x8000000000000000697973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8967ffabf0991e972023-02-07 15:12:18.346root 11241100x8000000000000000697985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e615a761371ed3fa2023-02-07 15:12:18.845root 11241100x8000000000000000697984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae413508d9dfb5fd2023-02-07 15:12:18.845root 11241100x8000000000000000697983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a456646fb777f6d82023-02-07 15:12:18.845root 11241100x8000000000000000697994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de354e43d601e6292023-02-07 15:12:18.846root 11241100x8000000000000000697993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcf783ee9b70e262023-02-07 15:12:18.846root 11241100x8000000000000000697992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc45c86496c0733a2023-02-07 15:12:18.846root 11241100x8000000000000000697991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d7f55207d141c2023-02-07 15:12:18.846root 11241100x8000000000000000697990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c52557ea516ee02023-02-07 15:12:18.846root 11241100x8000000000000000697989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732f5c5a74fecb882023-02-07 15:12:18.846root 11241100x8000000000000000697988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82f1cff63ae4fca2023-02-07 15:12:18.846root 11241100x8000000000000000697987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32e1d844762fad52023-02-07 15:12:18.846root 11241100x8000000000000000697986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1672cd73f263076b2023-02-07 15:12:18.846root 11241100x8000000000000000697996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3520959afd9a932023-02-07 15:12:19.345root 11241100x8000000000000000697995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a74a5edb6d158f92023-02-07 15:12:19.345root 11241100x8000000000000000698006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c48fa46e7f6d8b92023-02-07 15:12:19.346root 11241100x8000000000000000698005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085bff6e05b007102023-02-07 15:12:19.346root 11241100x8000000000000000698004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d943507b94cd962023-02-07 15:12:19.346root 11241100x8000000000000000698003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b1f4eebb74ddb22023-02-07 15:12:19.346root 11241100x8000000000000000698002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49ed6edb1a7a4312023-02-07 15:12:19.346root 11241100x8000000000000000698001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df77897aef46f0a2023-02-07 15:12:19.346root 11241100x8000000000000000698000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cb5bb594aeddce2023-02-07 15:12:19.346root 11241100x8000000000000000697999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b16ec7e5a44226e2023-02-07 15:12:19.346root 11241100x8000000000000000697998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7992d58908023d282023-02-07 15:12:19.346root 11241100x8000000000000000697997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fdc999ff7bbab62023-02-07 15:12:19.346root 11241100x8000000000000000698008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e2b042cee841b42023-02-07 15:12:19.845root 11241100x8000000000000000698007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c588a93f1742f42023-02-07 15:12:19.845root 11241100x8000000000000000698018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a81c7838d5c9cd2023-02-07 15:12:19.846root 11241100x8000000000000000698017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5952b563d1a1a2232023-02-07 15:12:19.846root 11241100x8000000000000000698016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a941e033060982e62023-02-07 15:12:19.846root 11241100x8000000000000000698015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824b7abed518032c2023-02-07 15:12:19.846root 11241100x8000000000000000698014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffb849dc161fa8e2023-02-07 15:12:19.846root 11241100x8000000000000000698013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214542ef116ae84b2023-02-07 15:12:19.846root 11241100x8000000000000000698012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232e9d3abbefbd322023-02-07 15:12:19.846root 11241100x8000000000000000698011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f2dd5dc25cf35e2023-02-07 15:12:19.846root 11241100x8000000000000000698010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200c0b37ad90fe862023-02-07 15:12:19.846root 11241100x8000000000000000698009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e8faad5c49f05d2023-02-07 15:12:19.846root 354300x8000000000000000698019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.136{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50228-false10.0.1.12-8000- 11241100x8000000000000000698028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84efeaa673a4e2a2023-02-07 15:12:20.137root 11241100x8000000000000000698027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428598b6ddcf08cb2023-02-07 15:12:20.137root 11241100x8000000000000000698026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d2dd7c44eb4dce2023-02-07 15:12:20.137root 11241100x8000000000000000698025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fe94643b04719d2023-02-07 15:12:20.137root 11241100x8000000000000000698024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef61653a99fd71e2023-02-07 15:12:20.137root 11241100x8000000000000000698023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c9a99c73c923d92023-02-07 15:12:20.137root 11241100x8000000000000000698022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01491dfbcefddbf12023-02-07 15:12:20.137root 11241100x8000000000000000698021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef3b58b09ab04122023-02-07 15:12:20.137root 11241100x8000000000000000698020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.137{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c1b728892575c82023-02-07 15:12:20.137root 11241100x8000000000000000698032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01ed69c4d7a16ea2023-02-07 15:12:20.138root 11241100x8000000000000000698031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4e4ad68795f9c22023-02-07 15:12:20.138root 11241100x8000000000000000698030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa61d922f097bc52023-02-07 15:12:20.138root 11241100x8000000000000000698029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03422b51b346195c2023-02-07 15:12:20.138root 11241100x8000000000000000698039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684e93b75724eaba2023-02-07 15:12:20.595root 11241100x8000000000000000698038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2485d534e52d2a2023-02-07 15:12:20.595root 11241100x8000000000000000698037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d658b5b003eed42023-02-07 15:12:20.595root 11241100x8000000000000000698036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f086f0b143b697d2023-02-07 15:12:20.595root 11241100x8000000000000000698035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e6a000df8c1b1a2023-02-07 15:12:20.595root 11241100x8000000000000000698034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab27b5412175f1a2023-02-07 15:12:20.595root 11241100x8000000000000000698033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb87960809fdbd92023-02-07 15:12:20.595root 11241100x8000000000000000698045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bdd0977cab23f62023-02-07 15:12:20.596root 11241100x8000000000000000698044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c366ec1c6625be2023-02-07 15:12:20.596root 11241100x8000000000000000698043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0121b24a2cfd7f2023-02-07 15:12:20.596root 11241100x8000000000000000698042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b279e4ea1069372023-02-07 15:12:20.596root 11241100x8000000000000000698041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190330bef41712082023-02-07 15:12:20.596root 11241100x8000000000000000698040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d274144d2b0e7fcc2023-02-07 15:12:20.596root 11241100x8000000000000000698046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7268e50e655f6e472023-02-07 15:12:21.095root 11241100x8000000000000000698058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2a849dcb1a2c452023-02-07 15:12:21.096root 11241100x8000000000000000698057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638e828952ce7ac72023-02-07 15:12:21.096root 11241100x8000000000000000698056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9040d9a2794c9bd42023-02-07 15:12:21.096root 11241100x8000000000000000698055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dd4c43a0dd961f2023-02-07 15:12:21.096root 11241100x8000000000000000698054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944f66a7d42ddada2023-02-07 15:12:21.096root 11241100x8000000000000000698053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e82fbe5bd0998e2023-02-07 15:12:21.096root 11241100x8000000000000000698052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5b45f1e301c32f2023-02-07 15:12:21.096root 11241100x8000000000000000698051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c2f34fdcf2c2502023-02-07 15:12:21.096root 11241100x8000000000000000698050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd83d648604f89462023-02-07 15:12:21.096root 11241100x8000000000000000698049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3419015ee519d5022023-02-07 15:12:21.096root 11241100x8000000000000000698048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdd0f3d26c00dc22023-02-07 15:12:21.096root 11241100x8000000000000000698047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed2536921ec24332023-02-07 15:12:21.096root 11241100x8000000000000000698060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2211c4d211a7b6cb2023-02-07 15:12:21.595root 11241100x8000000000000000698059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1a8b4015a3fece2023-02-07 15:12:21.595root 11241100x8000000000000000698071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c29e2ac4b7c2022023-02-07 15:12:21.596root 11241100x8000000000000000698070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985f83b0fe16ae1c2023-02-07 15:12:21.596root 11241100x8000000000000000698069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10ea240fbbffd1a2023-02-07 15:12:21.596root 11241100x8000000000000000698068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7532195e4591f4422023-02-07 15:12:21.596root 11241100x8000000000000000698067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6454456d2c5a612023-02-07 15:12:21.596root 11241100x8000000000000000698066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c233c3f56d5f0d142023-02-07 15:12:21.596root 11241100x8000000000000000698065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80644fdf8c60e8f12023-02-07 15:12:21.596root 11241100x8000000000000000698064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f1642ced0151d42023-02-07 15:12:21.596root 11241100x8000000000000000698063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1376fa21ccba0ecf2023-02-07 15:12:21.596root 11241100x8000000000000000698062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e386faaae71ee9d2023-02-07 15:12:21.596root 11241100x8000000000000000698061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d790732c79015722023-02-07 15:12:21.596root 11241100x8000000000000000698077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4478d29a09e8271b2023-02-07 15:12:22.095root 11241100x8000000000000000698076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab068ce55be55ab2023-02-07 15:12:22.095root 11241100x8000000000000000698075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc02bb319a20d6092023-02-07 15:12:22.095root 11241100x8000000000000000698074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0acd5e003cf80e2023-02-07 15:12:22.095root 11241100x8000000000000000698073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fad2b0208bd7722023-02-07 15:12:22.095root 11241100x8000000000000000698072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22f33cb3931def42023-02-07 15:12:22.095root 11241100x8000000000000000698084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756ad367b69702262023-02-07 15:12:22.096root 11241100x8000000000000000698083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da4762629c767c52023-02-07 15:12:22.096root 11241100x8000000000000000698082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444fb44a66b3878a2023-02-07 15:12:22.096root 11241100x8000000000000000698081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df41215ed801384a2023-02-07 15:12:22.096root 11241100x8000000000000000698080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f5b7894f98791b2023-02-07 15:12:22.096root 11241100x8000000000000000698079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da909a2ecffedb432023-02-07 15:12:22.096root 11241100x8000000000000000698078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60903de0b81ecd232023-02-07 15:12:22.096root 11241100x8000000000000000698089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4388db2cb2c27f2023-02-07 15:12:22.595root 11241100x8000000000000000698088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf3b152a9a3a05f2023-02-07 15:12:22.595root 11241100x8000000000000000698087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420babb730d24a0d2023-02-07 15:12:22.595root 11241100x8000000000000000698086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb360e147467ea172023-02-07 15:12:22.595root 11241100x8000000000000000698085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351207da182dcfc2023-02-07 15:12:22.595root 11241100x8000000000000000698097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e9750a371c376c2023-02-07 15:12:22.596root 11241100x8000000000000000698096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc75e5e5ae74f432023-02-07 15:12:22.596root 11241100x8000000000000000698095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28286a71af04ac1c2023-02-07 15:12:22.596root 11241100x8000000000000000698094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad439456a495a972023-02-07 15:12:22.596root 11241100x8000000000000000698093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e2b18beb2ae822023-02-07 15:12:22.596root 11241100x8000000000000000698092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21db6c012690d94f2023-02-07 15:12:22.596root 11241100x8000000000000000698091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556f8378158d6aa32023-02-07 15:12:22.596root 11241100x8000000000000000698090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1f2d3a127348092023-02-07 15:12:22.596root 11241100x8000000000000000698098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daea1be2e5b366c32023-02-07 15:12:23.095root 11241100x8000000000000000698102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942fe1313ce9e7da2023-02-07 15:12:23.096root 11241100x8000000000000000698101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9b19142d7aa96a2023-02-07 15:12:23.096root 11241100x8000000000000000698100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4f3eb2721f5cef2023-02-07 15:12:23.096root 11241100x8000000000000000698099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05b11daf64346fa2023-02-07 15:12:23.096root 11241100x8000000000000000698110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e22bac8998f28a2023-02-07 15:12:23.097root 11241100x8000000000000000698109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e72455e72bc52782023-02-07 15:12:23.097root 11241100x8000000000000000698108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d683553d0eb2a42023-02-07 15:12:23.097root 11241100x8000000000000000698107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36b9f7418bae9292023-02-07 15:12:23.097root 11241100x8000000000000000698106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0677f932c865452023-02-07 15:12:23.097root 11241100x8000000000000000698105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986ada8a7e559d32023-02-07 15:12:23.097root 11241100x8000000000000000698104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d370df844478852023-02-07 15:12:23.097root 11241100x8000000000000000698103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3267377992de48262023-02-07 15:12:23.097root 11241100x8000000000000000698117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5239877992e720ba2023-02-07 15:12:23.595root 11241100x8000000000000000698116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049a5e23bc9b126e2023-02-07 15:12:23.595root 11241100x8000000000000000698115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0d420b2dae03732023-02-07 15:12:23.595root 11241100x8000000000000000698114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f1581dfa1fb8c42023-02-07 15:12:23.595root 11241100x8000000000000000698113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa4243f515e29572023-02-07 15:12:23.595root 11241100x8000000000000000698112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f24676296676dca2023-02-07 15:12:23.595root 11241100x8000000000000000698111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11954254507a12192023-02-07 15:12:23.595root 11241100x8000000000000000698123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29766d14bd46dc2023-02-07 15:12:23.596root 11241100x8000000000000000698122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b4a8406748a6f2023-02-07 15:12:23.596root 11241100x8000000000000000698121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3fcbdaebf1316d2023-02-07 15:12:23.596root 11241100x8000000000000000698120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1ed0899ae8252a2023-02-07 15:12:23.596root 11241100x8000000000000000698119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c5c6f3ff5175c72023-02-07 15:12:23.596root 11241100x8000000000000000698118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f8b5d773bfafb42023-02-07 15:12:23.596root 11241100x8000000000000000698124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec4470784377b442023-02-07 15:12:24.095root 11241100x8000000000000000698127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6510418a82e96da12023-02-07 15:12:24.096root 11241100x8000000000000000698126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514b6802517c2b382023-02-07 15:12:24.096root 11241100x8000000000000000698125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ef606d930af3bc2023-02-07 15:12:24.096root 11241100x8000000000000000698132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37890f8a1d2334162023-02-07 15:12:24.097root 11241100x8000000000000000698131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18783e696050b8c12023-02-07 15:12:24.097root 11241100x8000000000000000698130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a6da57dd05c5072023-02-07 15:12:24.097root 11241100x8000000000000000698129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e254e0b2aa0080f2023-02-07 15:12:24.097root 11241100x8000000000000000698128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7be12aa94f37b12023-02-07 15:12:24.097root 11241100x8000000000000000698136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5b0db7b0089b0b2023-02-07 15:12:24.098root 11241100x8000000000000000698135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af92021e35fe09202023-02-07 15:12:24.098root 11241100x8000000000000000698134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6d9ec8450377aa2023-02-07 15:12:24.098root 11241100x8000000000000000698133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0318c0789a31c3a22023-02-07 15:12:24.098root 11241100x8000000000000000698138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141a89a96f420a8f2023-02-07 15:12:24.595root 11241100x8000000000000000698137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d10b9524c5e30e12023-02-07 15:12:24.595root 11241100x8000000000000000698147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e3d8e8b6d0bb42023-02-07 15:12:24.596root 11241100x8000000000000000698146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cd10fb2a794b282023-02-07 15:12:24.596root 11241100x8000000000000000698145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348f5dcf0b29db022023-02-07 15:12:24.596root 11241100x8000000000000000698144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a419ae9172393c962023-02-07 15:12:24.596root 11241100x8000000000000000698143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b053aa62acf90e2023-02-07 15:12:24.596root 11241100x8000000000000000698142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8e4910691b1aa62023-02-07 15:12:24.596root 11241100x8000000000000000698141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369ed475123b0f992023-02-07 15:12:24.596root 11241100x8000000000000000698140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a8ef7f694434782023-02-07 15:12:24.596root 11241100x8000000000000000698139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa30ec4d0314a73f2023-02-07 15:12:24.596root 11241100x8000000000000000698149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15a9b2546ba48082023-02-07 15:12:24.597root 11241100x8000000000000000698148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9784f89d824911322023-02-07 15:12:24.597root 11241100x8000000000000000698150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:24.730{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:12:24.730root 11241100x8000000000000000698152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d5c9ba525abbc42023-02-07 15:12:25.095root 11241100x8000000000000000698151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3f0bf9141fdef72023-02-07 15:12:25.095root 11241100x8000000000000000698160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0475fe3a8e821c272023-02-07 15:12:25.096root 11241100x8000000000000000698159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402b695a22d68f162023-02-07 15:12:25.096root 11241100x8000000000000000698158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b39fb52f0e00082023-02-07 15:12:25.096root 11241100x8000000000000000698157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7439d73bb0b0cb742023-02-07 15:12:25.096root 11241100x8000000000000000698156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcf0d75cc598f3c2023-02-07 15:12:25.096root 11241100x8000000000000000698155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a4815e7c4fc7022023-02-07 15:12:25.096root 11241100x8000000000000000698154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12a844b3193585c2023-02-07 15:12:25.096root 11241100x8000000000000000698153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71fb944a0e67d652023-02-07 15:12:25.096root 11241100x8000000000000000698164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574222d20ec499a62023-02-07 15:12:25.097root 11241100x8000000000000000698163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12675667b4c7c56f2023-02-07 15:12:25.097root 11241100x8000000000000000698162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef759c9a28be0b22023-02-07 15:12:25.097root 11241100x8000000000000000698161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2567f48befbfc602023-02-07 15:12:25.097root 11241100x8000000000000000698168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ed7c1c21223952023-02-07 15:12:25.596root 11241100x8000000000000000698167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754564f2e431d2fa2023-02-07 15:12:25.596root 11241100x8000000000000000698166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6653d5e7f014224a2023-02-07 15:12:25.596root 11241100x8000000000000000698165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829bd747eae541ef2023-02-07 15:12:25.596root 11241100x8000000000000000698173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8b235e042343d62023-02-07 15:12:25.597root 11241100x8000000000000000698172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de1a9e639dcba332023-02-07 15:12:25.597root 11241100x8000000000000000698171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0530f86bff0ff3372023-02-07 15:12:25.597root 11241100x8000000000000000698170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599118599f071bfb2023-02-07 15:12:25.597root 11241100x8000000000000000698169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418d4811131052442023-02-07 15:12:25.597root 11241100x8000000000000000698178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1553e63d2fca87632023-02-07 15:12:25.598root 11241100x8000000000000000698177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1abc14fc580062023-02-07 15:12:25.598root 11241100x8000000000000000698176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2cd8c9781b15102023-02-07 15:12:25.598root 11241100x8000000000000000698175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911407f601a7a7572023-02-07 15:12:25.598root 11241100x8000000000000000698174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018d652d82d2335c2023-02-07 15:12:25.598root 354300x8000000000000000698179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.068{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41060-false10.0.1.12-8000- 11241100x8000000000000000698183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba0baf797fc5b972023-02-07 15:12:26.069root 11241100x8000000000000000698182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cc47f54cb4ebe12023-02-07 15:12:26.069root 11241100x8000000000000000698181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93b8cd7d089a39f2023-02-07 15:12:26.069root 11241100x8000000000000000698180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02784b67c5d1496c2023-02-07 15:12:26.069root 11241100x8000000000000000698190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f908c9f0d46ed8f2023-02-07 15:12:26.070root 11241100x8000000000000000698189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4a51e4a0fa3f8d2023-02-07 15:12:26.070root 11241100x8000000000000000698188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd853da347d526e42023-02-07 15:12:26.070root 11241100x8000000000000000698187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe394c8da97404ac2023-02-07 15:12:26.070root 11241100x8000000000000000698186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230c2ad9950ce6762023-02-07 15:12:26.070root 11241100x8000000000000000698185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4528894445280702023-02-07 15:12:26.070root 11241100x8000000000000000698184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669859ec8458560f2023-02-07 15:12:26.070root 11241100x8000000000000000698195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e071bdade54268bf2023-02-07 15:12:26.071root 11241100x8000000000000000698194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697bf16ebc8119772023-02-07 15:12:26.071root 11241100x8000000000000000698193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd88c5c27402c79e2023-02-07 15:12:26.071root 11241100x8000000000000000698192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049b532bfbd6f88f2023-02-07 15:12:26.071root 11241100x8000000000000000698191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c5311b80eab38a2023-02-07 15:12:26.071root 11241100x8000000000000000698209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9c44c5c2d35f792023-02-07 15:12:26.346root 11241100x8000000000000000698208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4904088065fbd9c32023-02-07 15:12:26.346root 11241100x8000000000000000698207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66747c129d5216d2023-02-07 15:12:26.346root 11241100x8000000000000000698206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1c7f722331a5a52023-02-07 15:12:26.346root 11241100x8000000000000000698205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd2668f43b0f91e2023-02-07 15:12:26.346root 11241100x8000000000000000698204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a10223d42512b172023-02-07 15:12:26.346root 11241100x8000000000000000698203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc8d23d9f86af4a2023-02-07 15:12:26.346root 11241100x8000000000000000698202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af6e1350b386dab2023-02-07 15:12:26.346root 11241100x8000000000000000698201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c594ae2d41583f2023-02-07 15:12:26.346root 11241100x8000000000000000698200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d737719e57d9065e2023-02-07 15:12:26.346root 11241100x8000000000000000698199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff1c1497cb8f6092023-02-07 15:12:26.346root 11241100x8000000000000000698198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcf33f5064620912023-02-07 15:12:26.346root 11241100x8000000000000000698197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ebd2b0e28a02592023-02-07 15:12:26.346root 11241100x8000000000000000698196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2622cd22a29e942023-02-07 15:12:26.346root 11241100x8000000000000000698210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d480617312d69a2023-02-07 15:12:26.347root 11241100x8000000000000000698211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc4fc3208f305aa2023-02-07 15:12:26.845root 11241100x8000000000000000698225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1b74ca4dccf7362023-02-07 15:12:26.846root 11241100x8000000000000000698224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f1e93135efbe02023-02-07 15:12:26.846root 11241100x8000000000000000698223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9504a6fc84ce71d22023-02-07 15:12:26.846root 11241100x8000000000000000698222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085ff603110c873a2023-02-07 15:12:26.846root 11241100x8000000000000000698221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab414c99bab2a002023-02-07 15:12:26.846root 11241100x8000000000000000698220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4fec0e35f783852023-02-07 15:12:26.846root 11241100x8000000000000000698219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eb07bfcdba81452023-02-07 15:12:26.846root 11241100x8000000000000000698218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2683c4c63d07428b2023-02-07 15:12:26.846root 11241100x8000000000000000698217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb51a6106ba7fafb2023-02-07 15:12:26.846root 11241100x8000000000000000698216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4322918db99c5f92023-02-07 15:12:26.846root 11241100x8000000000000000698215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6abf615d1f77f32023-02-07 15:12:26.846root 11241100x8000000000000000698214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6102c5c199ab8992023-02-07 15:12:26.846root 11241100x8000000000000000698213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80783a352dde44482023-02-07 15:12:26.846root 11241100x8000000000000000698212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817c58b905078ed32023-02-07 15:12:26.846root 11241100x8000000000000000698238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bb9dfeab4dedbe2023-02-07 15:12:27.346root 11241100x8000000000000000698237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98de745ca0d507fa2023-02-07 15:12:27.346root 11241100x8000000000000000698236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d226782a3f90da2023-02-07 15:12:27.346root 11241100x8000000000000000698235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d00120dd977c42023-02-07 15:12:27.346root 11241100x8000000000000000698234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe761e58ce15a42023-02-07 15:12:27.346root 11241100x8000000000000000698233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66886c9addf48c7b2023-02-07 15:12:27.346root 11241100x8000000000000000698232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5089932811bb5d2023-02-07 15:12:27.346root 11241100x8000000000000000698231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22838ab90200b4f2023-02-07 15:12:27.346root 11241100x8000000000000000698230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa31c6fc1c7ab9b2023-02-07 15:12:27.346root 11241100x8000000000000000698229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdfbcdfd47639ef2023-02-07 15:12:27.346root 11241100x8000000000000000698228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d85a0e6ee7738db2023-02-07 15:12:27.346root 11241100x8000000000000000698227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801fd1741f0230672023-02-07 15:12:27.346root 11241100x8000000000000000698226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073e43ce61c090892023-02-07 15:12:27.346root 11241100x8000000000000000698240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b839476526da03112023-02-07 15:12:27.347root 11241100x8000000000000000698239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b359ca78852983f2023-02-07 15:12:27.347root 11241100x8000000000000000698244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16f25af48599c582023-02-07 15:12:27.732root 11241100x8000000000000000698243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9087141a221877c32023-02-07 15:12:27.732root 11241100x8000000000000000698242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7617c3789b517d162023-02-07 15:12:27.732root 23542300x8000000000000000698241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.732{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000698248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374ca20c933b3d822023-02-07 15:12:27.733root 11241100x8000000000000000698247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981d12fe2bfa11012023-02-07 15:12:27.733root 11241100x8000000000000000698246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1782ae6294557ef82023-02-07 15:12:27.733root 11241100x8000000000000000698245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0427b8d8b15c1232023-02-07 15:12:27.733root 11241100x8000000000000000698259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aa96a6dab7416e2023-02-07 15:12:27.735root 11241100x8000000000000000698258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca2bcb1e42f07d42023-02-07 15:12:27.735root 11241100x8000000000000000698257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1fc2c5f76d559b2023-02-07 15:12:27.735root 11241100x8000000000000000698256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c06565c32543402023-02-07 15:12:27.735root 11241100x8000000000000000698255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b839e62dd5432a052023-02-07 15:12:27.735root 11241100x8000000000000000698254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8874a94bb64a5682023-02-07 15:12:27.735root 11241100x8000000000000000698253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5627c9db4ce18362023-02-07 15:12:27.735root 11241100x8000000000000000698252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859ad70af7802ffd2023-02-07 15:12:27.735root 11241100x8000000000000000698251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7352f944ba9279492023-02-07 15:12:27.735root 11241100x8000000000000000698250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028fd329f5a532f62023-02-07 15:12:27.735root 11241100x8000000000000000698249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31916400a1a202532023-02-07 15:12:27.735root 11241100x8000000000000000698264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d6d12e4fde66832023-02-07 15:12:27.736root 11241100x8000000000000000698263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8181d828204049092023-02-07 15:12:27.736root 11241100x8000000000000000698262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5393cf72565a60582023-02-07 15:12:27.736root 11241100x8000000000000000698261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ab7acf7e0025b2023-02-07 15:12:27.736root 11241100x8000000000000000698260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a4dc074ca881702023-02-07 15:12:27.736root 11241100x8000000000000000698269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b31903f9254ab82023-02-07 15:12:28.095root 11241100x8000000000000000698268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c001092fcf1f232023-02-07 15:12:28.095root 11241100x8000000000000000698267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042177aa63077d972023-02-07 15:12:28.095root 11241100x8000000000000000698266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beaeeb5cc47de592023-02-07 15:12:28.095root 11241100x8000000000000000698265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267c73d23ed4715f2023-02-07 15:12:28.095root 11241100x8000000000000000698279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6b10d7c2acd91a2023-02-07 15:12:28.096root 11241100x8000000000000000698278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe6bbfa9c9dc7a2023-02-07 15:12:28.096root 11241100x8000000000000000698277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c16e33d3c967992023-02-07 15:12:28.096root 11241100x8000000000000000698276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fea7b5614445df2023-02-07 15:12:28.096root 11241100x8000000000000000698275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5210fdb330576472023-02-07 15:12:28.096root 11241100x8000000000000000698274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865512e11264a51e2023-02-07 15:12:28.096root 11241100x8000000000000000698273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61756c4af0fe9df12023-02-07 15:12:28.096root 11241100x8000000000000000698272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35cb8875ab4ecb02023-02-07 15:12:28.096root 11241100x8000000000000000698271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bd2d8f10adb26d2023-02-07 15:12:28.096root 11241100x8000000000000000698270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2de8ee916d592992023-02-07 15:12:28.096root 11241100x8000000000000000698280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c2c0158968b2d42023-02-07 15:12:28.097root 11241100x8000000000000000698285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c1d93dcfd48ce42023-02-07 15:12:28.595root 11241100x8000000000000000698284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a89bd993f04a902023-02-07 15:12:28.595root 11241100x8000000000000000698283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2729bca61e5268da2023-02-07 15:12:28.595root 11241100x8000000000000000698282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616e97b64eb181372023-02-07 15:12:28.595root 11241100x8000000000000000698281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b144c0ddbc3b67252023-02-07 15:12:28.595root 11241100x8000000000000000698291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f82a1517a26a952023-02-07 15:12:28.596root 11241100x8000000000000000698290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192bbfb82cdc01952023-02-07 15:12:28.596root 11241100x8000000000000000698289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88886ab3a0875ee2023-02-07 15:12:28.596root 11241100x8000000000000000698288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848dc2f4d4002b142023-02-07 15:12:28.596root 11241100x8000000000000000698287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1940190dbafdf0022023-02-07 15:12:28.596root 11241100x8000000000000000698286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a23ff8ca6c8e8a2023-02-07 15:12:28.596root 11241100x8000000000000000698295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed5877f2749aa782023-02-07 15:12:28.597root 11241100x8000000000000000698294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5335ba4ddc3177a2023-02-07 15:12:28.597root 11241100x8000000000000000698293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de88ad4f6fd4d5a02023-02-07 15:12:28.597root 11241100x8000000000000000698292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6cc88927fff7af2023-02-07 15:12:28.597root 11241100x8000000000000000698296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79326894006d79992023-02-07 15:12:28.598root 11241100x8000000000000000698298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6ef005a63160f12023-02-07 15:12:29.095root 11241100x8000000000000000698297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5485c6e667872f5c2023-02-07 15:12:29.095root 11241100x8000000000000000698301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e4a5a02c0325312023-02-07 15:12:29.096root 11241100x8000000000000000698300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c11366844db50e22023-02-07 15:12:29.096root 11241100x8000000000000000698299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd524b8c32384c492023-02-07 15:12:29.096root 11241100x8000000000000000698304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea3158f0cf3a6732023-02-07 15:12:29.097root 11241100x8000000000000000698303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e081e1d01dc57e02023-02-07 15:12:29.097root 11241100x8000000000000000698302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11770b9036e5dbc92023-02-07 15:12:29.097root 11241100x8000000000000000698309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67becc2be79ef5e52023-02-07 15:12:29.098root 11241100x8000000000000000698308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d685b61b365dfcfb2023-02-07 15:12:29.098root 11241100x8000000000000000698307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7e2692616f0d3e2023-02-07 15:12:29.098root 11241100x8000000000000000698306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ad28898adb24c32023-02-07 15:12:29.098root 11241100x8000000000000000698305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975d4eb0e802c61b2023-02-07 15:12:29.098root 11241100x8000000000000000698312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c1afa3f6e705e12023-02-07 15:12:29.099root 11241100x8000000000000000698311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26dfd0902d31ad32023-02-07 15:12:29.099root 11241100x8000000000000000698310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b731238a078819b92023-02-07 15:12:29.099root 11241100x8000000000000000698317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf5e88bd7a424c92023-02-07 15:12:29.595root 11241100x8000000000000000698316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6900b4bc8abf4e152023-02-07 15:12:29.595root 11241100x8000000000000000698315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004b56c093439a902023-02-07 15:12:29.595root 11241100x8000000000000000698314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036494d06c3acd282023-02-07 15:12:29.595root 11241100x8000000000000000698313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e9713de074bb2c2023-02-07 15:12:29.595root 11241100x8000000000000000698327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444e567460b214562023-02-07 15:12:29.596root 11241100x8000000000000000698326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f7d5d2800a3e002023-02-07 15:12:29.596root 11241100x8000000000000000698325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b30c751ca7e522023-02-07 15:12:29.596root 11241100x8000000000000000698324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16229e2db72853c2023-02-07 15:12:29.596root 11241100x8000000000000000698323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed54a6ad5b43e7ae2023-02-07 15:12:29.596root 11241100x8000000000000000698322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3609102dc3d5a12023-02-07 15:12:29.596root 11241100x8000000000000000698321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c910812932e9db2d2023-02-07 15:12:29.596root 11241100x8000000000000000698320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d04035b7ee23e962023-02-07 15:12:29.596root 11241100x8000000000000000698319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee6f0d0960607102023-02-07 15:12:29.596root 11241100x8000000000000000698318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b454988e314a19c2023-02-07 15:12:29.596root 11241100x8000000000000000698328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068bc92a4eb7b9152023-02-07 15:12:29.597root 11241100x8000000000000000698333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63767a2c4a70504a2023-02-07 15:12:30.095root 11241100x8000000000000000698332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fc3502980f865a2023-02-07 15:12:30.095root 11241100x8000000000000000698331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93156cb671927342023-02-07 15:12:30.095root 11241100x8000000000000000698330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a17b0bfddb87ac22023-02-07 15:12:30.095root 11241100x8000000000000000698329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b572becd5d608ba2023-02-07 15:12:30.095root 11241100x8000000000000000698342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aab06e55fbc5bbe2023-02-07 15:12:30.096root 11241100x8000000000000000698341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a273d2d8b154bb02023-02-07 15:12:30.096root 11241100x8000000000000000698340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a91c6ec2214bc22023-02-07 15:12:30.096root 11241100x8000000000000000698339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babda76c2f26974c2023-02-07 15:12:30.096root 11241100x8000000000000000698338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4581f4120cc0f72c2023-02-07 15:12:30.096root 11241100x8000000000000000698337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7297b88deb0922023-02-07 15:12:30.096root 11241100x8000000000000000698336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c80e606dff7a2b12023-02-07 15:12:30.096root 11241100x8000000000000000698335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe7007bad5d3c3e2023-02-07 15:12:30.096root 11241100x8000000000000000698334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4886432ea530912023-02-07 15:12:30.096root 11241100x8000000000000000698344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df16ef351998e32023-02-07 15:12:30.097root 11241100x8000000000000000698343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081a1a97881e8e452023-02-07 15:12:30.097root 11241100x8000000000000000698348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2095ef7e47a15f52023-02-07 15:12:30.595root 11241100x8000000000000000698347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff7b242c3dc00cb2023-02-07 15:12:30.595root 11241100x8000000000000000698346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd825f48d44f23562023-02-07 15:12:30.595root 11241100x8000000000000000698345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0da70a0cada62bd2023-02-07 15:12:30.595root 11241100x8000000000000000698356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660fd985344ea1fc2023-02-07 15:12:30.596root 11241100x8000000000000000698355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9903f789a9ea582023-02-07 15:12:30.596root 11241100x8000000000000000698354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721d55d8354fdfa2023-02-07 15:12:30.596root 11241100x8000000000000000698353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea809a80eb24f6092023-02-07 15:12:30.596root 11241100x8000000000000000698352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffc88ba6ad931ec2023-02-07 15:12:30.596root 11241100x8000000000000000698351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a0008571d6fca62023-02-07 15:12:30.596root 11241100x8000000000000000698350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23b1458b200ccbe2023-02-07 15:12:30.596root 11241100x8000000000000000698349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dcbd5d457c7ef82023-02-07 15:12:30.596root 11241100x8000000000000000698360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64772e467ce60fa2023-02-07 15:12:30.597root 11241100x8000000000000000698359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f90adc7ffbad652023-02-07 15:12:30.597root 11241100x8000000000000000698358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329fbc10318c47f2023-02-07 15:12:30.597root 11241100x8000000000000000698357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7a873ce389e00d2023-02-07 15:12:30.597root 11241100x8000000000000000698362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936abb28846941282023-02-07 15:12:31.095root 11241100x8000000000000000698361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e33b66d1522b2a32023-02-07 15:12:31.095root 11241100x8000000000000000698367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41d12b8afebf13b2023-02-07 15:12:31.096root 11241100x8000000000000000698366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee3c1347fd1f31b2023-02-07 15:12:31.096root 11241100x8000000000000000698365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc4a6bcbae82dc22023-02-07 15:12:31.096root 11241100x8000000000000000698364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99c5730a20514002023-02-07 15:12:31.096root 11241100x8000000000000000698363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c91816df247caa52023-02-07 15:12:31.096root 11241100x8000000000000000698377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a089e2124c94b5652023-02-07 15:12:31.097root 11241100x8000000000000000698376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f10e711345921d62023-02-07 15:12:31.097root 11241100x8000000000000000698375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df8ebd320296d122023-02-07 15:12:31.097root 11241100x8000000000000000698374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc3939dc2e47ce32023-02-07 15:12:31.097root 11241100x8000000000000000698373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccc270000e4ab052023-02-07 15:12:31.097root 11241100x8000000000000000698372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c4049554a782dc2023-02-07 15:12:31.097root 11241100x8000000000000000698371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca52b388d4d1af572023-02-07 15:12:31.097root 11241100x8000000000000000698370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d127648ebff7a3f2023-02-07 15:12:31.097root 11241100x8000000000000000698369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbd772b15276aa02023-02-07 15:12:31.097root 11241100x8000000000000000698368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e99de1804c11a662023-02-07 15:12:31.097root 354300x8000000000000000698378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.213{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41068-false10.0.1.12-8000- 11241100x8000000000000000698385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e3fa5f1089194a2023-02-07 15:12:31.595root 11241100x8000000000000000698384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c5668768863c702023-02-07 15:12:31.595root 11241100x8000000000000000698383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8accd34b7147c69d2023-02-07 15:12:31.595root 11241100x8000000000000000698382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b546424741d81c2023-02-07 15:12:31.595root 11241100x8000000000000000698381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603913ca2aadb83e2023-02-07 15:12:31.595root 11241100x8000000000000000698380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5e9003dd43ced12023-02-07 15:12:31.595root 11241100x8000000000000000698379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f249ae5d293fe7cf2023-02-07 15:12:31.595root 11241100x8000000000000000698396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3c8440029f027e2023-02-07 15:12:31.596root 11241100x8000000000000000698395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a06a6bb1ccea3792023-02-07 15:12:31.596root 11241100x8000000000000000698394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e585b1d4f09b9c6b2023-02-07 15:12:31.596root 11241100x8000000000000000698393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410380bc5e26bf112023-02-07 15:12:31.596root 11241100x8000000000000000698392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25681296a4d1add12023-02-07 15:12:31.596root 11241100x8000000000000000698391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d034b5986d71946c2023-02-07 15:12:31.596root 11241100x8000000000000000698390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d5eb3c528d36672023-02-07 15:12:31.596root 11241100x8000000000000000698389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e544be6d17fd7e412023-02-07 15:12:31.596root 11241100x8000000000000000698388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39df536f812da1b2023-02-07 15:12:31.596root 11241100x8000000000000000698387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490fc0815c8ca3a52023-02-07 15:12:31.596root 11241100x8000000000000000698386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc95119f554495a2023-02-07 15:12:31.596root 11241100x8000000000000000698403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02679db2614dac02023-02-07 15:12:32.095root 11241100x8000000000000000698402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76409670b1f836a62023-02-07 15:12:32.095root 11241100x8000000000000000698401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8aa906e691faa72023-02-07 15:12:32.095root 11241100x8000000000000000698400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4af720eae819212023-02-07 15:12:32.095root 11241100x8000000000000000698399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9754c639fd9c2c3a2023-02-07 15:12:32.095root 11241100x8000000000000000698398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ab8461f3c544592023-02-07 15:12:32.095root 11241100x8000000000000000698397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bbc62382eda4562023-02-07 15:12:32.095root 11241100x8000000000000000698413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd73466f4dce90182023-02-07 15:12:32.096root 11241100x8000000000000000698412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2707d5cb99ff83ab2023-02-07 15:12:32.096root 11241100x8000000000000000698411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a77e42220298d232023-02-07 15:12:32.096root 11241100x8000000000000000698410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c416ed1e21a2ab622023-02-07 15:12:32.096root 11241100x8000000000000000698409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea70280b67150212023-02-07 15:12:32.096root 11241100x8000000000000000698408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53fbe5da18825cf2023-02-07 15:12:32.096root 11241100x8000000000000000698407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f200400579ed4f2023-02-07 15:12:32.096root 11241100x8000000000000000698406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bb8a34d7711f572023-02-07 15:12:32.096root 11241100x8000000000000000698405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e36441e22afd5f72023-02-07 15:12:32.096root 11241100x8000000000000000698404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e957232b4db350742023-02-07 15:12:32.096root 11241100x8000000000000000698420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d949ca05202d19142023-02-07 15:12:32.595root 11241100x8000000000000000698419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6072cb8f68555f2023-02-07 15:12:32.595root 11241100x8000000000000000698418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b9c5ddb8b0269a2023-02-07 15:12:32.595root 11241100x8000000000000000698417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4358fde825cf7ee2023-02-07 15:12:32.595root 11241100x8000000000000000698416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34febccb85ff83b72023-02-07 15:12:32.595root 11241100x8000000000000000698415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea632f15a194f2292023-02-07 15:12:32.595root 11241100x8000000000000000698414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874415a20ae8698f2023-02-07 15:12:32.595root 11241100x8000000000000000698430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb892e23efa10ddc2023-02-07 15:12:32.596root 11241100x8000000000000000698429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b7469ade99cecd2023-02-07 15:12:32.596root 11241100x8000000000000000698428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aef92953510c8492023-02-07 15:12:32.596root 11241100x8000000000000000698427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ab1184b9e9a70a2023-02-07 15:12:32.596root 11241100x8000000000000000698426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b521c7ae8ed7a7262023-02-07 15:12:32.596root 11241100x8000000000000000698425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885a0e5ac9ab6be2023-02-07 15:12:32.596root 11241100x8000000000000000698424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe4901494b77e02023-02-07 15:12:32.596root 11241100x8000000000000000698423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c22310f6fcc1da62023-02-07 15:12:32.596root 11241100x8000000000000000698422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57e4bbdb89a21ad2023-02-07 15:12:32.596root 11241100x8000000000000000698421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff2e8041f3f4f82023-02-07 15:12:32.596root 11241100x8000000000000000698437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99aeea9d4a103ee2023-02-07 15:12:33.095root 11241100x8000000000000000698436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de75c0f4cbd65b2023-02-07 15:12:33.095root 11241100x8000000000000000698435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf66712a3852db2023-02-07 15:12:33.095root 11241100x8000000000000000698434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8532731d563a302023-02-07 15:12:33.095root 11241100x8000000000000000698433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d91bb0cfe84142023-02-07 15:12:33.095root 11241100x8000000000000000698432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b417bfb5dd478b2023-02-07 15:12:33.095root 11241100x8000000000000000698431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d92d808b186cd822023-02-07 15:12:33.095root 11241100x8000000000000000698447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5781c617ca098a82023-02-07 15:12:33.096root 11241100x8000000000000000698446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c93209a22a9e8962023-02-07 15:12:33.096root 11241100x8000000000000000698445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd266e1c71898062023-02-07 15:12:33.096root 11241100x8000000000000000698444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e052de526513a9492023-02-07 15:12:33.096root 11241100x8000000000000000698443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfba4662970d190f2023-02-07 15:12:33.096root 11241100x8000000000000000698442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb502262de37c4e2023-02-07 15:12:33.096root 11241100x8000000000000000698441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47b393fe75031562023-02-07 15:12:33.096root 11241100x8000000000000000698440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b6ab3bd1206d612023-02-07 15:12:33.096root 11241100x8000000000000000698439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6807060fa474c3332023-02-07 15:12:33.096root 11241100x8000000000000000698438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10be182dd6080bd2023-02-07 15:12:33.096root 11241100x8000000000000000698451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9707dcbe2d1e9132023-02-07 15:12:33.595root 11241100x8000000000000000698450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67113642624f1e362023-02-07 15:12:33.595root 11241100x8000000000000000698449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2494aa40a37fa5942023-02-07 15:12:33.595root 11241100x8000000000000000698448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31b2b20e3c071482023-02-07 15:12:33.595root 11241100x8000000000000000698457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c6adee8dd8d5f2023-02-07 15:12:33.596root 11241100x8000000000000000698456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55066760efd7ba052023-02-07 15:12:33.596root 11241100x8000000000000000698455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345965ad2a5c19572023-02-07 15:12:33.596root 11241100x8000000000000000698454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba121d92b99f2792023-02-07 15:12:33.596root 11241100x8000000000000000698453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819c914992ce2a892023-02-07 15:12:33.596root 11241100x8000000000000000698452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb74c7832ba06342023-02-07 15:12:33.596root 11241100x8000000000000000698464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3932f74aa7b9cb2023-02-07 15:12:33.597root 11241100x8000000000000000698463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b8b0e1640e24e42023-02-07 15:12:33.597root 11241100x8000000000000000698462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0676e45f8326305c2023-02-07 15:12:33.597root 11241100x8000000000000000698461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbedbb7b25bbf2f2023-02-07 15:12:33.597root 11241100x8000000000000000698460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc96dbe4c908fd2e2023-02-07 15:12:33.597root 11241100x8000000000000000698459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c90ac29cc82e3d2023-02-07 15:12:33.597root 11241100x8000000000000000698458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a091741fdbf7d82023-02-07 15:12:33.597root 11241100x8000000000000000698474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cd40632bb587fc2023-02-07 15:12:34.096root 11241100x8000000000000000698473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5a2f3f10bce9862023-02-07 15:12:34.096root 11241100x8000000000000000698472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a278a61703e1a702023-02-07 15:12:34.096root 11241100x8000000000000000698471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8976688842fc5b2023-02-07 15:12:34.096root 11241100x8000000000000000698470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1437226f62d8a39e2023-02-07 15:12:34.096root 11241100x8000000000000000698469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3664a30b238e5c0b2023-02-07 15:12:34.096root 11241100x8000000000000000698468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87713ec717f14db02023-02-07 15:12:34.096root 11241100x8000000000000000698467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e24d73613c242092023-02-07 15:12:34.096root 11241100x8000000000000000698466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d55c3916bfd2ad2023-02-07 15:12:34.096root 11241100x8000000000000000698465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d86b285c5dbd32023-02-07 15:12:34.096root 11241100x8000000000000000698481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ea275e6be81b1d2023-02-07 15:12:34.097root 11241100x8000000000000000698480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad5727edf89ccc12023-02-07 15:12:34.097root 11241100x8000000000000000698479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f2d67cc1e33c252023-02-07 15:12:34.097root 11241100x8000000000000000698478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3806dfb64ced6bea2023-02-07 15:12:34.097root 11241100x8000000000000000698477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ef0cf5830a87a42023-02-07 15:12:34.097root 11241100x8000000000000000698476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461ea7130300bacd2023-02-07 15:12:34.097root 11241100x8000000000000000698475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c934d7115eae65a2023-02-07 15:12:34.097root 11241100x8000000000000000698487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28d96daba089f2c2023-02-07 15:12:34.595root 11241100x8000000000000000698486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7462d351729cca222023-02-07 15:12:34.595root 11241100x8000000000000000698485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d533676f1ac51aae2023-02-07 15:12:34.595root 11241100x8000000000000000698484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8a6f95835542372023-02-07 15:12:34.595root 11241100x8000000000000000698483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f714c8ca06e4632023-02-07 15:12:34.595root 11241100x8000000000000000698482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f070ef4e9ff943602023-02-07 15:12:34.595root 11241100x8000000000000000698496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d776e92fa7bed32023-02-07 15:12:34.596root 11241100x8000000000000000698495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b110c403093c3f732023-02-07 15:12:34.596root 11241100x8000000000000000698494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a21460701727732023-02-07 15:12:34.596root 11241100x8000000000000000698493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78be93d465470bb72023-02-07 15:12:34.596root 11241100x8000000000000000698492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c28e31fa5e0b41b2023-02-07 15:12:34.596root 11241100x8000000000000000698491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1184522c2c6d1c642023-02-07 15:12:34.596root 11241100x8000000000000000698490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba11c8db9f9cb2132023-02-07 15:12:34.596root 11241100x8000000000000000698489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50eeed0d95f52a42023-02-07 15:12:34.596root 11241100x8000000000000000698488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ffd66408a65f592023-02-07 15:12:34.596root 11241100x8000000000000000698499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eddd8f9292d6672023-02-07 15:12:34.597root 11241100x8000000000000000698498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18654ce244f78ec2023-02-07 15:12:34.597root 11241100x8000000000000000698497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd632e5c8a5e3fb2023-02-07 15:12:34.597root 11241100x8000000000000000698503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96092a2f3b8e7002023-02-07 15:12:35.095root 11241100x8000000000000000698502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b4ba088036752f2023-02-07 15:12:35.095root 11241100x8000000000000000698501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bfadb54512c5f92023-02-07 15:12:35.095root 11241100x8000000000000000698500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422cb9597e6736e2023-02-07 15:12:35.095root 11241100x8000000000000000698510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaddfa1336d3dfd52023-02-07 15:12:35.096root 11241100x8000000000000000698509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d84cf1f1a0a7722023-02-07 15:12:35.096root 11241100x8000000000000000698508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07266bde0347da862023-02-07 15:12:35.096root 11241100x8000000000000000698507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1c1c770f54b0952023-02-07 15:12:35.096root 11241100x8000000000000000698506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7458ad1fc67d791c2023-02-07 15:12:35.096root 11241100x8000000000000000698505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c7497cc7b31a772023-02-07 15:12:35.096root 11241100x8000000000000000698504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d003a02f669ac72023-02-07 15:12:35.096root 11241100x8000000000000000698516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997e7d5f08225a362023-02-07 15:12:35.097root 11241100x8000000000000000698515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ead2406e2d5d932023-02-07 15:12:35.097root 11241100x8000000000000000698514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a02ba8eebeb63d2023-02-07 15:12:35.097root 11241100x8000000000000000698513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a29760ae9911fb2023-02-07 15:12:35.097root 11241100x8000000000000000698512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965974224286e2882023-02-07 15:12:35.097root 11241100x8000000000000000698511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253798bb153491c32023-02-07 15:12:35.097root 11241100x8000000000000000698520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a4c17dd74651932023-02-07 15:12:35.595root 11241100x8000000000000000698519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271eebfcc3894d432023-02-07 15:12:35.595root 11241100x8000000000000000698518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993435358da733442023-02-07 15:12:35.595root 11241100x8000000000000000698517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10cade0fd4daddc2023-02-07 15:12:35.595root 11241100x8000000000000000698526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b53759c64a9adc2023-02-07 15:12:35.596root 11241100x8000000000000000698525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faefe9a3d1ddcb7e2023-02-07 15:12:35.596root 11241100x8000000000000000698524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa87f7629831afb02023-02-07 15:12:35.596root 11241100x8000000000000000698523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c4ae00e4ae3fc2023-02-07 15:12:35.596root 11241100x8000000000000000698522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc63a4038542c712023-02-07 15:12:35.596root 11241100x8000000000000000698521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eaaca13fc520312023-02-07 15:12:35.596root 11241100x8000000000000000698533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824cf10f79308a722023-02-07 15:12:35.597root 11241100x8000000000000000698532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcefbaa7dbc88142023-02-07 15:12:35.597root 11241100x8000000000000000698531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181dc715a1e3d11f2023-02-07 15:12:35.597root 11241100x8000000000000000698530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba347e690a801d2023-02-07 15:12:35.597root 11241100x8000000000000000698529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44e04af56febc0a2023-02-07 15:12:35.597root 11241100x8000000000000000698528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7843187dff991c32023-02-07 15:12:35.597root 11241100x8000000000000000698527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555c4a2a9d526c222023-02-07 15:12:35.597root 11241100x8000000000000000698543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5536a9149bf8c42f2023-02-07 15:12:36.096root 11241100x8000000000000000698542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d3f1831fe1aad82023-02-07 15:12:36.096root 11241100x8000000000000000698541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f593cecb402ede2023-02-07 15:12:36.096root 11241100x8000000000000000698540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005c0d3287bcb3ee2023-02-07 15:12:36.096root 11241100x8000000000000000698539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe1402d959c27f52023-02-07 15:12:36.096root 11241100x8000000000000000698538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51fac6b90b0cd3c2023-02-07 15:12:36.096root 11241100x8000000000000000698537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f91d4480402dc582023-02-07 15:12:36.096root 11241100x8000000000000000698536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d377171c712eb2342023-02-07 15:12:36.096root 11241100x8000000000000000698535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a5d62162d31022023-02-07 15:12:36.096root 11241100x8000000000000000698534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a00bd154fa34a72023-02-07 15:12:36.096root 11241100x8000000000000000698550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e47d73a6c25a8bb2023-02-07 15:12:36.097root 11241100x8000000000000000698549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b09f800d0c64af92023-02-07 15:12:36.097root 11241100x8000000000000000698548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8748c5cc2b23bf212023-02-07 15:12:36.097root 11241100x8000000000000000698547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4051e3bde3dddb5d2023-02-07 15:12:36.097root 11241100x8000000000000000698546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a4ab8c24b5130c2023-02-07 15:12:36.097root 11241100x8000000000000000698545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e146ce27831d714b2023-02-07 15:12:36.097root 11241100x8000000000000000698544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7ea38219b2833d2023-02-07 15:12:36.097root 354300x8000000000000000698551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.255{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40868-false10.0.1.12-8000- 11241100x8000000000000000698558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913c9d47281502c2023-02-07 15:12:36.596root 11241100x8000000000000000698557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0b472b2366d1c42023-02-07 15:12:36.596root 11241100x8000000000000000698556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e25e8deba2e2662023-02-07 15:12:36.596root 11241100x8000000000000000698555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94a9eae904b76592023-02-07 15:12:36.596root 11241100x8000000000000000698554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef2d16aad0b05d92023-02-07 15:12:36.596root 11241100x8000000000000000698553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303d4c3dacce6612023-02-07 15:12:36.596root 11241100x8000000000000000698552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4c65c157fd9a7b2023-02-07 15:12:36.596root 11241100x8000000000000000698567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86018bc1a20d3ee32023-02-07 15:12:36.597root 11241100x8000000000000000698566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21241569a5fc9e92023-02-07 15:12:36.597root 11241100x8000000000000000698565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4729dc24838e5e92023-02-07 15:12:36.597root 11241100x8000000000000000698564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f19a9b75c8434e2023-02-07 15:12:36.597root 11241100x8000000000000000698563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910bbdb4310d65882023-02-07 15:12:36.597root 11241100x8000000000000000698562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7323cb25084350712023-02-07 15:12:36.597root 11241100x8000000000000000698561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53982f88f09114b02023-02-07 15:12:36.597root 11241100x8000000000000000698560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb1e23b7e7c7e842023-02-07 15:12:36.597root 11241100x8000000000000000698559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ee048e9ce0c5f82023-02-07 15:12:36.597root 11241100x8000000000000000698569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e392c23b70f4fe2023-02-07 15:12:36.598root 11241100x8000000000000000698568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78092e4c7f8492522023-02-07 15:12:36.598root 11241100x8000000000000000698573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3204782577d48fb12023-02-07 15:12:37.095root 11241100x8000000000000000698572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de05529bca4822682023-02-07 15:12:37.095root 11241100x8000000000000000698571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cdbc745326d2432023-02-07 15:12:37.095root 11241100x8000000000000000698570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ce6b93dd7e8aef2023-02-07 15:12:37.095root 11241100x8000000000000000698578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eda0bde92b9da8c2023-02-07 15:12:37.096root 11241100x8000000000000000698577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f2a67c44750f942023-02-07 15:12:37.096root 11241100x8000000000000000698576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af70731b312b12012023-02-07 15:12:37.096root 11241100x8000000000000000698575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c251a42ca2f88b22023-02-07 15:12:37.096root 11241100x8000000000000000698574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cd816b89d1ef772023-02-07 15:12:37.096root 11241100x8000000000000000698585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4f9c174d682e162023-02-07 15:12:37.097root 11241100x8000000000000000698584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653ee1fa0e35d51e2023-02-07 15:12:37.097root 11241100x8000000000000000698583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db49814674d7d7302023-02-07 15:12:37.097root 11241100x8000000000000000698582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe7d2fff3c175ac2023-02-07 15:12:37.097root 11241100x8000000000000000698581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917bf747fe76e5202023-02-07 15:12:37.097root 11241100x8000000000000000698580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d768aeb927ffcd882023-02-07 15:12:37.097root 11241100x8000000000000000698579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bc42dd02d2d57c2023-02-07 15:12:37.097root 11241100x8000000000000000698592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9ddcb3d2cfc9842023-02-07 15:12:37.098root 11241100x8000000000000000698591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1069b0e88f89afd62023-02-07 15:12:37.098root 11241100x8000000000000000698590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bcac817f073b862023-02-07 15:12:37.098root 11241100x8000000000000000698589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694f548a37783d692023-02-07 15:12:37.098root 11241100x8000000000000000698588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b0a876944a777a2023-02-07 15:12:37.098root 11241100x8000000000000000698587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16b92520e4180542023-02-07 15:12:37.098root 11241100x8000000000000000698586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27552ff5c6b145082023-02-07 15:12:37.098root 11241100x8000000000000000698594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc9e0b2dea320c2023-02-07 15:12:37.595root 11241100x8000000000000000698593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0997c0365d59ff7c2023-02-07 15:12:37.595root 11241100x8000000000000000698598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e16c1f6d00c432023-02-07 15:12:37.596root 11241100x8000000000000000698597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1181136b51ec89cd2023-02-07 15:12:37.596root 11241100x8000000000000000698596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e80651489babb32023-02-07 15:12:37.596root 11241100x8000000000000000698595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc22e390ac65332023-02-07 15:12:37.596root 11241100x8000000000000000698604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c81d6f192f2a2d12023-02-07 15:12:37.597root 11241100x8000000000000000698603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1855a8e14e17952023-02-07 15:12:37.597root 11241100x8000000000000000698602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955edf2cb8ff65612023-02-07 15:12:37.597root 11241100x8000000000000000698601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c35193a551ad5a2023-02-07 15:12:37.597root 11241100x8000000000000000698600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3414389a0382562023-02-07 15:12:37.597root 11241100x8000000000000000698599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6800df5a4334593e2023-02-07 15:12:37.597root 11241100x8000000000000000698610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8851e5a38227eb7d2023-02-07 15:12:37.598root 11241100x8000000000000000698609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69767ff8dc8577c2023-02-07 15:12:37.598root 11241100x8000000000000000698608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a907125e4ce9a42023-02-07 15:12:37.598root 11241100x8000000000000000698607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9688aea61dd8c92023-02-07 15:12:37.598root 11241100x8000000000000000698606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79554f9488ecb7d82023-02-07 15:12:37.598root 11241100x8000000000000000698605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf0658e00d522e2023-02-07 15:12:37.598root 11241100x8000000000000000698614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0765e32a59007abe2023-02-07 15:12:38.095root 11241100x8000000000000000698613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591a9fb30fba1b7b2023-02-07 15:12:38.095root 11241100x8000000000000000698612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c66e38029cfd32023-02-07 15:12:38.095root 11241100x8000000000000000698611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34fd6b13b1c003a2023-02-07 15:12:38.095root 11241100x8000000000000000698619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922c3bd14bb218802023-02-07 15:12:38.096root 11241100x8000000000000000698618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf80b256e5b6a222023-02-07 15:12:38.096root 11241100x8000000000000000698617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0269bbbb33fa2a1d2023-02-07 15:12:38.096root 11241100x8000000000000000698616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f27cecb884915812023-02-07 15:12:38.096root 11241100x8000000000000000698615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af05e483bf55dc022023-02-07 15:12:38.096root 11241100x8000000000000000698622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19028a7b67a147642023-02-07 15:12:38.097root 11241100x8000000000000000698621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15d7c060395addb2023-02-07 15:12:38.097root 11241100x8000000000000000698620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e801018562185fff2023-02-07 15:12:38.097root 11241100x8000000000000000698627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ffd3479773c0f82023-02-07 15:12:38.098root 11241100x8000000000000000698626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f61408e838268c2023-02-07 15:12:38.098root 11241100x8000000000000000698625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77300a03e9fb88872023-02-07 15:12:38.098root 11241100x8000000000000000698624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a22fa2576107802023-02-07 15:12:38.098root 11241100x8000000000000000698623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905034d2660ccfa62023-02-07 15:12:38.098root 11241100x8000000000000000698628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8264d17983e5d0542023-02-07 15:12:38.099root 11241100x8000000000000000698632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167f8ddcdd6116172023-02-07 15:12:38.595root 11241100x8000000000000000698631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1335e383a2da34f42023-02-07 15:12:38.595root 11241100x8000000000000000698630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e2849484c6d4a72023-02-07 15:12:38.595root 11241100x8000000000000000698629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c46bd5045314bfe2023-02-07 15:12:38.595root 11241100x8000000000000000698638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182613cc724dbfa2023-02-07 15:12:38.596root 11241100x8000000000000000698637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7243cba185d0813c2023-02-07 15:12:38.596root 11241100x8000000000000000698636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2994cdfcfa88312023-02-07 15:12:38.596root 11241100x8000000000000000698635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e2c2e2f51d5d6e2023-02-07 15:12:38.596root 11241100x8000000000000000698634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a10d236aa54c7c32023-02-07 15:12:38.596root 11241100x8000000000000000698633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5908279ea5dce5d62023-02-07 15:12:38.596root 11241100x8000000000000000698645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e178e487f72a002023-02-07 15:12:38.597root 11241100x8000000000000000698644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370d4db7970b58da2023-02-07 15:12:38.597root 11241100x8000000000000000698643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e3560b505900b72023-02-07 15:12:38.597root 11241100x8000000000000000698642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8776a3ff1de59bf22023-02-07 15:12:38.597root 11241100x8000000000000000698641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b82c1594dcd6bf2023-02-07 15:12:38.597root 11241100x8000000000000000698640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4207607967a36a512023-02-07 15:12:38.597root 11241100x8000000000000000698639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6f000d8861d4582023-02-07 15:12:38.597root 11241100x8000000000000000698648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c8c39cbcc83ab42023-02-07 15:12:38.598root 11241100x8000000000000000698647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69bb3c91c83a8c92023-02-07 15:12:38.598root 11241100x8000000000000000698646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60140f3acb692df2023-02-07 15:12:38.598root 11241100x8000000000000000698657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a735a3a9e3732d82023-02-07 15:12:39.096root 11241100x8000000000000000698656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ea2d9b0e6df6cd2023-02-07 15:12:39.096root 11241100x8000000000000000698655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9baaace4bcc8a52023-02-07 15:12:39.096root 11241100x8000000000000000698654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6202b6685d7bf55a2023-02-07 15:12:39.096root 11241100x8000000000000000698653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a7c97459e5dec2023-02-07 15:12:39.096root 11241100x8000000000000000698652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f78ea80981a2cd2023-02-07 15:12:39.096root 11241100x8000000000000000698651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9f17a1a50f97852023-02-07 15:12:39.096root 11241100x8000000000000000698650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8cdb2616ef8a802023-02-07 15:12:39.096root 11241100x8000000000000000698649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f70e8125e76d94a2023-02-07 15:12:39.096root 11241100x8000000000000000698666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80c4d48d66334e02023-02-07 15:12:39.097root 11241100x8000000000000000698665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4770526a35cdfe3e2023-02-07 15:12:39.097root 11241100x8000000000000000698664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c370a4eea9c2c3be2023-02-07 15:12:39.097root 11241100x8000000000000000698663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cf3a94eaa747ae2023-02-07 15:12:39.097root 11241100x8000000000000000698662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bc4419be012d602023-02-07 15:12:39.097root 11241100x8000000000000000698661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960818e93bc758712023-02-07 15:12:39.097root 11241100x8000000000000000698660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc30369ae8f8d0722023-02-07 15:12:39.097root 11241100x8000000000000000698659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d303b854310ca32023-02-07 15:12:39.097root 11241100x8000000000000000698658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c2c16aa39a5de32023-02-07 15:12:39.097root 11241100x8000000000000000698668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc5f63f480c47df2023-02-07 15:12:39.595root 11241100x8000000000000000698667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247d368b0462a78d2023-02-07 15:12:39.595root 11241100x8000000000000000698675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d4f0c0b84b8382023-02-07 15:12:39.596root 11241100x8000000000000000698674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb68ebeb43e45ce2023-02-07 15:12:39.596root 11241100x8000000000000000698673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eeda821291ee0b2023-02-07 15:12:39.596root 11241100x8000000000000000698672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e61384c4fad4492023-02-07 15:12:39.596root 11241100x8000000000000000698671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97a2917812107ab2023-02-07 15:12:39.596root 11241100x8000000000000000698670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed11b4648be1f3a22023-02-07 15:12:39.596root 11241100x8000000000000000698669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ae3a233fcb9f462023-02-07 15:12:39.596root 11241100x8000000000000000698682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57817d9e691576172023-02-07 15:12:39.597root 11241100x8000000000000000698681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb29b5131c0e6d2023-02-07 15:12:39.597root 11241100x8000000000000000698680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875533fb7ff5520c2023-02-07 15:12:39.597root 11241100x8000000000000000698679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a1d22d8609a7142023-02-07 15:12:39.597root 11241100x8000000000000000698678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ee45ccf0f0c2082023-02-07 15:12:39.597root 11241100x8000000000000000698677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb51f491a96eca132023-02-07 15:12:39.597root 11241100x8000000000000000698676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf83c9dfc632146c2023-02-07 15:12:39.597root 11241100x8000000000000000698684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76048071563380eb2023-02-07 15:12:39.598root 11241100x8000000000000000698683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356deeb5759a78402023-02-07 15:12:39.598root 11241100x8000000000000000698688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f232ea014e071e02023-02-07 15:12:40.095root 11241100x8000000000000000698687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2fe60323fd9ce52023-02-07 15:12:40.095root 11241100x8000000000000000698686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7acc4cefd1134e2023-02-07 15:12:40.095root 11241100x8000000000000000698685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e69e09ee04fe052023-02-07 15:12:40.095root 11241100x8000000000000000698695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4afc3fdc6ad9b22023-02-07 15:12:40.096root 11241100x8000000000000000698694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db1a055cb4df04c2023-02-07 15:12:40.096root 11241100x8000000000000000698693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9d22a8944eda732023-02-07 15:12:40.096root 11241100x8000000000000000698692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041a68c565d638712023-02-07 15:12:40.096root 11241100x8000000000000000698691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f156fb975e155a2023-02-07 15:12:40.096root 11241100x8000000000000000698690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6627c942b8026d012023-02-07 15:12:40.096root 11241100x8000000000000000698689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c880868555c47bc2023-02-07 15:12:40.096root 11241100x8000000000000000698702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19de1495c6663da2023-02-07 15:12:40.097root 11241100x8000000000000000698701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8126a52ae48d9e812023-02-07 15:12:40.097root 11241100x8000000000000000698700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc656e3b8174b5492023-02-07 15:12:40.097root 11241100x8000000000000000698699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251cdb81347d0eea2023-02-07 15:12:40.097root 11241100x8000000000000000698698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b94935bbf16cf332023-02-07 15:12:40.097root 11241100x8000000000000000698697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b362b14533d61e2023-02-07 15:12:40.097root 11241100x8000000000000000698696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bea9b05c2b85b8e2023-02-07 15:12:40.097root 11241100x8000000000000000698706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa28da62e1557b2023-02-07 15:12:40.595root 11241100x8000000000000000698705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abb772ebf7e80e32023-02-07 15:12:40.595root 11241100x8000000000000000698704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bd6db0df6262312023-02-07 15:12:40.595root 11241100x8000000000000000698703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d58753afc3e027d2023-02-07 15:12:40.595root 11241100x8000000000000000698712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bc194fc81c14032023-02-07 15:12:40.596root 11241100x8000000000000000698711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439d19630f5e304e2023-02-07 15:12:40.596root 11241100x8000000000000000698710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ab1d9d619fc8442023-02-07 15:12:40.596root 11241100x8000000000000000698709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a678e60bd89231af2023-02-07 15:12:40.596root 11241100x8000000000000000698708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132eb117e53c343b2023-02-07 15:12:40.596root 11241100x8000000000000000698707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c4fb9f3ecb53052023-02-07 15:12:40.596root 11241100x8000000000000000698720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69492ab9ab581ac2023-02-07 15:12:40.597root 11241100x8000000000000000698719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796999866b7913742023-02-07 15:12:40.597root 11241100x8000000000000000698718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b8a788aa83d7012023-02-07 15:12:40.597root 11241100x8000000000000000698717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20872181edc881a2023-02-07 15:12:40.597root 11241100x8000000000000000698716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf1a1067920d822023-02-07 15:12:40.597root 11241100x8000000000000000698715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbec0a908360d292023-02-07 15:12:40.597root 11241100x8000000000000000698714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4294556d368cba4d2023-02-07 15:12:40.597root 11241100x8000000000000000698713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b3e3c7de1cac542023-02-07 15:12:40.597root 11241100x8000000000000000698724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ca04c590adebbd2023-02-07 15:12:41.095root 11241100x8000000000000000698723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a34829fbf846f42023-02-07 15:12:41.095root 11241100x8000000000000000698722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f5a4dfed6eb75d2023-02-07 15:12:41.095root 11241100x8000000000000000698721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67b96adb95472d2023-02-07 15:12:41.095root 11241100x8000000000000000698730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45dc63249b4e5e82023-02-07 15:12:41.096root 11241100x8000000000000000698729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ce6d83f7b1ba192023-02-07 15:12:41.096root 11241100x8000000000000000698728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0d1383f3cc8e4c2023-02-07 15:12:41.096root 11241100x8000000000000000698727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a139df3e7931c22023-02-07 15:12:41.096root 11241100x8000000000000000698726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21c1138d36731862023-02-07 15:12:41.096root 11241100x8000000000000000698725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5714b19eb6a5fc2023-02-07 15:12:41.096root 11241100x8000000000000000698734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e61c4c0c448cf2023-02-07 15:12:41.097root 11241100x8000000000000000698733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7910653ef31d72023-02-07 15:12:41.097root 11241100x8000000000000000698732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83e3d7dcee93def2023-02-07 15:12:41.097root 11241100x8000000000000000698731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59ee295ed7379052023-02-07 15:12:41.097root 11241100x8000000000000000698735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dece815c02dc3892023-02-07 15:12:41.099root 11241100x8000000000000000698738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f94c111145002e62023-02-07 15:12:41.100root 11241100x8000000000000000698737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fa5afde49cd4c52023-02-07 15:12:41.100root 11241100x8000000000000000698736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf248276648ccf12023-02-07 15:12:41.100root 11241100x8000000000000000698739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425b91338abba5a2023-02-07 15:12:41.595root 11241100x8000000000000000698744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97edfd2eef2418c82023-02-07 15:12:41.596root 11241100x8000000000000000698743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7546f8b3e7c8951f2023-02-07 15:12:41.596root 11241100x8000000000000000698742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c108fc0437f42ed22023-02-07 15:12:41.596root 11241100x8000000000000000698741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641c550b8ead93692023-02-07 15:12:41.596root 11241100x8000000000000000698740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec820f07ec8fa982023-02-07 15:12:41.596root 11241100x8000000000000000698749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38243d7580c468072023-02-07 15:12:41.597root 11241100x8000000000000000698748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcbb0684e3c1a932023-02-07 15:12:41.597root 11241100x8000000000000000698747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c15be5e596c4b2023-02-07 15:12:41.597root 11241100x8000000000000000698746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c19ef8decd20a2023-02-07 15:12:41.597root 11241100x8000000000000000698745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e74e3e5eda9a7d2023-02-07 15:12:41.597root 11241100x8000000000000000698755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4728ad3d980b7f902023-02-07 15:12:41.598root 11241100x8000000000000000698754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0387de392924bd2023-02-07 15:12:41.598root 11241100x8000000000000000698753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b9ef7dc92461d62023-02-07 15:12:41.598root 11241100x8000000000000000698752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3f6fa87f8d6e0a2023-02-07 15:12:41.598root 11241100x8000000000000000698751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb19e7824dbb9f9a2023-02-07 15:12:41.598root 11241100x8000000000000000698750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b39a5f1afc3b3242023-02-07 15:12:41.598root 11241100x8000000000000000698760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a12966a584994c2023-02-07 15:12:41.599root 11241100x8000000000000000698759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf0c24eae27546d2023-02-07 15:12:41.599root 11241100x8000000000000000698758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274df0050f6300372023-02-07 15:12:41.599root 11241100x8000000000000000698757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa52dedf0f7fe65e2023-02-07 15:12:41.599root 11241100x8000000000000000698756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96778307ede9e43f2023-02-07 15:12:41.599root 354300x8000000000000000698761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.023{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40880-false10.0.1.12-8000- 11241100x8000000000000000698764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8582d4e0a602d32023-02-07 15:12:42.024root 11241100x8000000000000000698763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bb5670a830cd592023-02-07 15:12:42.024root 11241100x8000000000000000698762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.024{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5644b277e3825cf2023-02-07 15:12:42.024root 11241100x8000000000000000698773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22303fe7a87f12092023-02-07 15:12:42.025root 11241100x8000000000000000698772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158e2bfcb81153d92023-02-07 15:12:42.025root 11241100x8000000000000000698771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af18a4909073542023-02-07 15:12:42.025root 11241100x8000000000000000698770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b45646e9a6be352023-02-07 15:12:42.025root 11241100x8000000000000000698769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1bade27c5322192023-02-07 15:12:42.025root 11241100x8000000000000000698768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c27eacd5453bad52023-02-07 15:12:42.025root 11241100x8000000000000000698767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d318050ef1f24ba32023-02-07 15:12:42.025root 11241100x8000000000000000698766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10f4337393de21c2023-02-07 15:12:42.025root 11241100x8000000000000000698765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.025{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c845fb7ff670122023-02-07 15:12:42.025root 11241100x8000000000000000698780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de96757a0462f0502023-02-07 15:12:42.026root 11241100x8000000000000000698779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36a346fe18c39ff2023-02-07 15:12:42.026root 11241100x8000000000000000698778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c67be84e3823a82023-02-07 15:12:42.026root 11241100x8000000000000000698777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f659dab7df890d2023-02-07 15:12:42.026root 11241100x8000000000000000698776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8f211f2ecaaa192023-02-07 15:12:42.026root 11241100x8000000000000000698775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5e0d57497a9a1d2023-02-07 15:12:42.026root 11241100x8000000000000000698774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107b879b565a5d0c2023-02-07 15:12:42.026root 11241100x8000000000000000698784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7604eb448d1d39422023-02-07 15:12:42.346root 11241100x8000000000000000698783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11501d4b254d6da32023-02-07 15:12:42.346root 11241100x8000000000000000698782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f529a60a22406d12023-02-07 15:12:42.346root 11241100x8000000000000000698781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5d37e1e30ac7712023-02-07 15:12:42.346root 11241100x8000000000000000698788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b46600a814a8a42023-02-07 15:12:42.347root 11241100x8000000000000000698787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c109dae89e526482023-02-07 15:12:42.347root 11241100x8000000000000000698786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49ca34fda13c832023-02-07 15:12:42.347root 11241100x8000000000000000698785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd361481a999bc22023-02-07 15:12:42.347root 11241100x8000000000000000698793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dc13eb4f2d5d1a2023-02-07 15:12:42.348root 11241100x8000000000000000698792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834e4bbc1877e2752023-02-07 15:12:42.348root 11241100x8000000000000000698791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feafcfebee29a1c92023-02-07 15:12:42.348root 11241100x8000000000000000698790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803f6237e2a6c07b2023-02-07 15:12:42.348root 11241100x8000000000000000698789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c0a5dd88c821352023-02-07 15:12:42.348root 11241100x8000000000000000698799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1d3d42c520e01e2023-02-07 15:12:42.349root 11241100x8000000000000000698798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85ccaa909b371262023-02-07 15:12:42.349root 11241100x8000000000000000698797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0993b348f5249ad2023-02-07 15:12:42.349root 11241100x8000000000000000698796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f73815ea07045a2023-02-07 15:12:42.349root 11241100x8000000000000000698795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09aa02a83c9afd122023-02-07 15:12:42.349root 11241100x8000000000000000698794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0ea9b79e2c1fe22023-02-07 15:12:42.349root 11241100x8000000000000000698809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b326c88f1eb343262023-02-07 15:12:42.846root 11241100x8000000000000000698808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99c15c2f8ab7a9b2023-02-07 15:12:42.846root 11241100x8000000000000000698807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60cf297c70685242023-02-07 15:12:42.846root 11241100x8000000000000000698806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f46a04ce6c4f2442023-02-07 15:12:42.846root 11241100x8000000000000000698805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c594024636087c652023-02-07 15:12:42.846root 11241100x8000000000000000698804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46991e59da9119c32023-02-07 15:12:42.846root 11241100x8000000000000000698803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ef6ede36a975732023-02-07 15:12:42.846root 11241100x8000000000000000698802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9be6190505231b2023-02-07 15:12:42.846root 11241100x8000000000000000698801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673945843310ef0d2023-02-07 15:12:42.846root 11241100x8000000000000000698800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6abcdc0a96f6fb2023-02-07 15:12:42.846root 11241100x8000000000000000698817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902c5b65aaab36f42023-02-07 15:12:42.847root 11241100x8000000000000000698816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00277c9484bc27e62023-02-07 15:12:42.847root 11241100x8000000000000000698815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da84c9e17503762023-02-07 15:12:42.847root 11241100x8000000000000000698814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf4cdb7d255bb412023-02-07 15:12:42.847root 11241100x8000000000000000698813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f7e529bcdf26032023-02-07 15:12:42.847root 11241100x8000000000000000698812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b31d7cd773595202023-02-07 15:12:42.847root 11241100x8000000000000000698811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572c01d1c7ef3b8f2023-02-07 15:12:42.847root 11241100x8000000000000000698810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc19fccb24cedac52023-02-07 15:12:42.847root 11241100x8000000000000000698818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489dd93e2f50e2962023-02-07 15:12:42.848root 11241100x8000000000000000698830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe1b7916f1d48732023-02-07 15:12:43.346root 11241100x8000000000000000698829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14316f965cfdb0682023-02-07 15:12:43.346root 11241100x8000000000000000698828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ef3d03d99a92ce2023-02-07 15:12:43.346root 11241100x8000000000000000698827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a799ceedfddfac2023-02-07 15:12:43.346root 11241100x8000000000000000698826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b8237c71b268322023-02-07 15:12:43.346root 11241100x8000000000000000698825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd4bd7be141c1902023-02-07 15:12:43.346root 11241100x8000000000000000698824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfd765f3e1c45892023-02-07 15:12:43.346root 11241100x8000000000000000698823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a723249f2677f6d12023-02-07 15:12:43.346root 11241100x8000000000000000698822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1598ec7a0fd7a052023-02-07 15:12:43.346root 11241100x8000000000000000698821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb152401420bf762023-02-07 15:12:43.346root 11241100x8000000000000000698820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ed10ece1bdba1f2023-02-07 15:12:43.346root 11241100x8000000000000000698819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab3e31aa68c5f612023-02-07 15:12:43.346root 11241100x8000000000000000698835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b6b34ea22db94e2023-02-07 15:12:43.347root 11241100x8000000000000000698834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae05f194877bd4f2023-02-07 15:12:43.347root 11241100x8000000000000000698833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc540b33a57dfec2023-02-07 15:12:43.347root 11241100x8000000000000000698832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05b238ac1be74dc2023-02-07 15:12:43.347root 11241100x8000000000000000698831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7224b53b84a6d92023-02-07 15:12:43.347root 11241100x8000000000000000698837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b56140f6ccb3b642023-02-07 15:12:43.348root 11241100x8000000000000000698836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b12233818e5fe12023-02-07 15:12:43.348root 11241100x8000000000000000698848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955f417c5b07362f2023-02-07 15:12:43.846root 11241100x8000000000000000698847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca65c473b0c087d2023-02-07 15:12:43.846root 11241100x8000000000000000698846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82913942153330cd2023-02-07 15:12:43.846root 11241100x8000000000000000698845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b82a809521c43b2023-02-07 15:12:43.846root 11241100x8000000000000000698844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9474d7b6982e2e782023-02-07 15:12:43.846root 11241100x8000000000000000698843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab716c5c7fe4132d2023-02-07 15:12:43.846root 11241100x8000000000000000698842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61604c5cca7e8d802023-02-07 15:12:43.846root 11241100x8000000000000000698841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1229e8172b8cac2023-02-07 15:12:43.846root 11241100x8000000000000000698840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f15e1528bd911a02023-02-07 15:12:43.846root 11241100x8000000000000000698839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750cd095da5f4582023-02-07 15:12:43.846root 11241100x8000000000000000698838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de76196ce849c5b2023-02-07 15:12:43.846root 11241100x8000000000000000698856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b7bde30d342baf2023-02-07 15:12:43.847root 11241100x8000000000000000698855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeaf91f3412170d2023-02-07 15:12:43.847root 11241100x8000000000000000698854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b41fb9d06be61b2023-02-07 15:12:43.847root 11241100x8000000000000000698853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9956a5f3a7d55e542023-02-07 15:12:43.847root 11241100x8000000000000000698852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42930cef2988d2c32023-02-07 15:12:43.847root 11241100x8000000000000000698851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27545737d7ad43ac2023-02-07 15:12:43.847root 11241100x8000000000000000698850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d948db0db638f61e2023-02-07 15:12:43.847root 11241100x8000000000000000698849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c2e951a6cd2c4b2023-02-07 15:12:43.847root 11241100x8000000000000000698868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbe89438d39dd6c2023-02-07 15:12:44.346root 11241100x8000000000000000698867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3699d6271637812023-02-07 15:12:44.346root 11241100x8000000000000000698866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81faa01617f4735a2023-02-07 15:12:44.346root 11241100x8000000000000000698865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0af072d3045442023-02-07 15:12:44.346root 11241100x8000000000000000698864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb064e777e88b82023-02-07 15:12:44.346root 11241100x8000000000000000698863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e06a276fb07f892023-02-07 15:12:44.346root 11241100x8000000000000000698862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21ff64d008ef3ce2023-02-07 15:12:44.346root 11241100x8000000000000000698861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb58d957631ac4172023-02-07 15:12:44.346root 11241100x8000000000000000698860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba58dd0204b28b22023-02-07 15:12:44.346root 11241100x8000000000000000698859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b857b2b8f0c40f2023-02-07 15:12:44.346root 11241100x8000000000000000698858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f982c8893e2559f22023-02-07 15:12:44.346root 11241100x8000000000000000698857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371f0e5081936fff2023-02-07 15:12:44.346root 11241100x8000000000000000698875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eab13399820cf72023-02-07 15:12:44.347root 11241100x8000000000000000698874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dbd281f3a5040f2023-02-07 15:12:44.347root 11241100x8000000000000000698873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a72590fc8d5942a2023-02-07 15:12:44.347root 11241100x8000000000000000698872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ad4c03eefb6d0d2023-02-07 15:12:44.347root 11241100x8000000000000000698871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5372dd14ced08c92023-02-07 15:12:44.347root 11241100x8000000000000000698870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1770541d6df10a392023-02-07 15:12:44.347root 11241100x8000000000000000698869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af69fa083d21eff12023-02-07 15:12:44.347root 11241100x8000000000000000698886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139d497e5f95f7602023-02-07 15:12:44.846root 11241100x8000000000000000698885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6bad1f0921a0cd2023-02-07 15:12:44.846root 11241100x8000000000000000698884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d3439a903443fb2023-02-07 15:12:44.846root 11241100x8000000000000000698883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dacd6bceac0e8b2023-02-07 15:12:44.846root 11241100x8000000000000000698882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5489bd200b53d22c2023-02-07 15:12:44.846root 11241100x8000000000000000698881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629cf4633b9badb2023-02-07 15:12:44.846root 11241100x8000000000000000698880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ac98b7fbc34e7f2023-02-07 15:12:44.846root 11241100x8000000000000000698879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be3eaec6725159e2023-02-07 15:12:44.846root 11241100x8000000000000000698878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50935b6692d2fb302023-02-07 15:12:44.846root 11241100x8000000000000000698877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb94d344d91e18782023-02-07 15:12:44.846root 11241100x8000000000000000698876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c49cc3fc04671372023-02-07 15:12:44.846root 11241100x8000000000000000698894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329b6fa71fd3e6012023-02-07 15:12:44.847root 11241100x8000000000000000698893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f31945704bbf9c2023-02-07 15:12:44.847root 11241100x8000000000000000698892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a87935b70bf4002023-02-07 15:12:44.847root 11241100x8000000000000000698891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e97b3b839cdc38f2023-02-07 15:12:44.847root 11241100x8000000000000000698890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134ebf1c7461155a2023-02-07 15:12:44.847root 11241100x8000000000000000698889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f2d88f5fc171b22023-02-07 15:12:44.847root 11241100x8000000000000000698888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f9824aaee2eef2023-02-07 15:12:44.847root 11241100x8000000000000000698887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4354a191553786a22023-02-07 15:12:44.847root 11241100x8000000000000000698904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1067f9956d3e812023-02-07 15:12:45.346root 11241100x8000000000000000698903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e41166c294b1972023-02-07 15:12:45.346root 11241100x8000000000000000698902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d092974c61b8174c2023-02-07 15:12:45.346root 11241100x8000000000000000698901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fae55b22c84cdc2023-02-07 15:12:45.346root 11241100x8000000000000000698900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb17484198b4de2023-02-07 15:12:45.346root 11241100x8000000000000000698899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2dde1a9c92bb6d2023-02-07 15:12:45.346root 11241100x8000000000000000698898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530889e5d22b4f8a2023-02-07 15:12:45.346root 11241100x8000000000000000698897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a6db23050b24142023-02-07 15:12:45.346root 11241100x8000000000000000698896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c96132ab80634c62023-02-07 15:12:45.346root 11241100x8000000000000000698895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f4c6812bc091892023-02-07 15:12:45.346root 11241100x8000000000000000698913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f78f4c5d79c972023-02-07 15:12:45.347root 11241100x8000000000000000698912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6279dfa11c923ec2023-02-07 15:12:45.347root 11241100x8000000000000000698911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1724f7bd1c5293782023-02-07 15:12:45.347root 11241100x8000000000000000698910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abd7fb8da9f1d9e2023-02-07 15:12:45.347root 11241100x8000000000000000698909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0bb6f6c934eccf2023-02-07 15:12:45.347root 11241100x8000000000000000698908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3befc19b0706232023-02-07 15:12:45.347root 11241100x8000000000000000698907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edbe65113048a322023-02-07 15:12:45.347root 11241100x8000000000000000698906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ed922c6d82a9c2023-02-07 15:12:45.347root 11241100x8000000000000000698905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923fa19fb980da1c2023-02-07 15:12:45.347root 11241100x8000000000000000698925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1421f86a894cd8ed2023-02-07 15:12:45.846root 11241100x8000000000000000698924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180ce8ad785ff60a2023-02-07 15:12:45.846root 11241100x8000000000000000698923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750454f9f183ba8d2023-02-07 15:12:45.846root 11241100x8000000000000000698922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd3713ff14b6f42023-02-07 15:12:45.846root 11241100x8000000000000000698921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c813a7e73a9cb12023-02-07 15:12:45.846root 11241100x8000000000000000698920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1246ad52f888e8c62023-02-07 15:12:45.846root 11241100x8000000000000000698919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a9d9fd36f867b82023-02-07 15:12:45.846root 11241100x8000000000000000698918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160b81e8b2ffd4642023-02-07 15:12:45.846root 11241100x8000000000000000698917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a36dd28396a8752023-02-07 15:12:45.846root 11241100x8000000000000000698916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5246805e0c22520d2023-02-07 15:12:45.846root 11241100x8000000000000000698915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a25f8be1bcd0b72023-02-07 15:12:45.846root 11241100x8000000000000000698914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62863d96052c17942023-02-07 15:12:45.846root 11241100x8000000000000000698932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3d1e4bd5c84d282023-02-07 15:12:45.847root 11241100x8000000000000000698931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a82aa8962982eeb2023-02-07 15:12:45.847root 11241100x8000000000000000698930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff47257e291f916f2023-02-07 15:12:45.847root 11241100x8000000000000000698929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d78160436fc4f3f2023-02-07 15:12:45.847root 11241100x8000000000000000698928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b5e28caa67463a2023-02-07 15:12:45.847root 11241100x8000000000000000698927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee8992708965ce92023-02-07 15:12:45.847root 11241100x8000000000000000698926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b55a6e643b426362023-02-07 15:12:45.847root 11241100x8000000000000000698942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea9a5f5198661432023-02-07 15:12:46.346root 11241100x8000000000000000698941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cc61a10eb3152e2023-02-07 15:12:46.346root 11241100x8000000000000000698940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbed6f9b7411c6132023-02-07 15:12:46.346root 11241100x8000000000000000698939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a375224db1b24e02023-02-07 15:12:46.346root 11241100x8000000000000000698938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db9aa484c97b2e12023-02-07 15:12:46.346root 11241100x8000000000000000698937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c3f2ce947bcfb92023-02-07 15:12:46.346root 11241100x8000000000000000698936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f1e9e16aa2b7b2023-02-07 15:12:46.346root 11241100x8000000000000000698935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1468fe573eb4fa2023-02-07 15:12:46.346root 11241100x8000000000000000698934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a1f3844392a3f2023-02-07 15:12:46.346root 11241100x8000000000000000698933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44bfd9b99541aca2023-02-07 15:12:46.346root 11241100x8000000000000000698951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be63d8baff87f7f2023-02-07 15:12:46.347root 11241100x8000000000000000698950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd77431941cb7ff2023-02-07 15:12:46.347root 11241100x8000000000000000698949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964f04d44983c00e2023-02-07 15:12:46.347root 11241100x8000000000000000698948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef232bf9ca6b0fd2023-02-07 15:12:46.347root 11241100x8000000000000000698947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdae9e6ffd9b6a22023-02-07 15:12:46.347root 11241100x8000000000000000698946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073c03bff094576c2023-02-07 15:12:46.347root 11241100x8000000000000000698945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0356c2b7c10b61302023-02-07 15:12:46.347root 11241100x8000000000000000698944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a163f6cf2b423a5b2023-02-07 15:12:46.347root 11241100x8000000000000000698943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075e7374ace6a7fb2023-02-07 15:12:46.347root 11241100x8000000000000000698961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e8a4a448ace4a42023-02-07 15:12:46.846root 11241100x8000000000000000698960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908d343a4fe826a52023-02-07 15:12:46.846root 11241100x8000000000000000698959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfee5357aad346452023-02-07 15:12:46.846root 11241100x8000000000000000698958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbcd668adf725a82023-02-07 15:12:46.846root 11241100x8000000000000000698957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1fef52ac6568fa2023-02-07 15:12:46.846root 11241100x8000000000000000698956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ff1172b2bb169c2023-02-07 15:12:46.846root 11241100x8000000000000000698955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0595233979b3b862023-02-07 15:12:46.846root 11241100x8000000000000000698954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853daf49f957ef0e2023-02-07 15:12:46.846root 11241100x8000000000000000698953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6a54d80afc29e22023-02-07 15:12:46.846root 11241100x8000000000000000698952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8613f622fd3295152023-02-07 15:12:46.846root 11241100x8000000000000000698970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4f844299740e532023-02-07 15:12:46.847root 11241100x8000000000000000698969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbace46e38699f12023-02-07 15:12:46.847root 11241100x8000000000000000698968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4dd7a21ec95ad72023-02-07 15:12:46.847root 11241100x8000000000000000698967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3e02aedf39212a2023-02-07 15:12:46.847root 11241100x8000000000000000698966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18bb74925f2b74d2023-02-07 15:12:46.847root 11241100x8000000000000000698965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc03f3559755258d2023-02-07 15:12:46.847root 11241100x8000000000000000698964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45764ba8f0261482023-02-07 15:12:46.847root 11241100x8000000000000000698963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ce38ffa31108412023-02-07 15:12:46.847root 11241100x8000000000000000698962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:46.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d57bd760c88cf92023-02-07 15:12:46.847root 354300x8000000000000000698971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.137{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47482-false10.0.1.12-8000- 11241100x8000000000000000698974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35366ec59d8040222023-02-07 15:12:47.138root 11241100x8000000000000000698973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2417e3d7be656532023-02-07 15:12:47.138root 11241100x8000000000000000698972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac79471401d242952023-02-07 15:12:47.138root 11241100x8000000000000000698982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c76bd54f27268a2023-02-07 15:12:47.139root 11241100x8000000000000000698981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c677295badc99542023-02-07 15:12:47.139root 11241100x8000000000000000698980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a96095021fd46ae2023-02-07 15:12:47.139root 11241100x8000000000000000698979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a47d2c8f39177e52023-02-07 15:12:47.139root 11241100x8000000000000000698978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de5973237f0af662023-02-07 15:12:47.139root 11241100x8000000000000000698977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9e20870ce8b71c2023-02-07 15:12:47.139root 11241100x8000000000000000698976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e86a67c2ebdc0b2023-02-07 15:12:47.139root 11241100x8000000000000000698975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa28fc232046eb322023-02-07 15:12:47.139root 11241100x8000000000000000698988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.140{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12059480d2c0f8f2023-02-07 15:12:47.140root 11241100x8000000000000000698987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.140{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde8cd2d49ecb47a2023-02-07 15:12:47.140root 11241100x8000000000000000698986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.140{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e1f8d241f36402023-02-07 15:12:47.140root 11241100x8000000000000000698985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.140{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70637ad68ca2df682023-02-07 15:12:47.140root 11241100x8000000000000000698984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.140{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d00a07e58f0216f2023-02-07 15:12:47.140root 11241100x8000000000000000698983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.140{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438f4653c4861822023-02-07 15:12:47.140root 11241100x8000000000000000698992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.141{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33e777e686d09e52023-02-07 15:12:47.141root 11241100x8000000000000000698991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.141{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9468218ffceb52c92023-02-07 15:12:47.141root 11241100x8000000000000000698990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.141{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f4d18ffe12b9482023-02-07 15:12:47.141root 11241100x8000000000000000698989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.141{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5772c55bbaba59a22023-02-07 15:12:47.141root 11241100x8000000000000000698998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.142{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46ad8b89c3ce9582023-02-07 15:12:47.142root 11241100x8000000000000000698997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.142{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddbb97dd9c8644b2023-02-07 15:12:47.142root 11241100x8000000000000000698996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.142{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a6635e0bff760c2023-02-07 15:12:47.142root 11241100x8000000000000000698995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.142{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c8e525c9c96e332023-02-07 15:12:47.142root 11241100x8000000000000000698994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.142{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80025a0a716d99d52023-02-07 15:12:47.142root 11241100x8000000000000000698993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.142{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801a2bc71891453c2023-02-07 15:12:47.142root 11241100x8000000000000000699002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.143{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4175bb3b0e364cad2023-02-07 15:12:47.143root 11241100x8000000000000000699001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.143{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e86ad98ad428e2023-02-07 15:12:47.143root 11241100x8000000000000000699000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.143{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731712822c11d5e62023-02-07 15:12:47.143root 11241100x8000000000000000698999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.143{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503cf7e41066d5222023-02-07 15:12:47.143root 11241100x8000000000000000699007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.144{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1e6682c15cc6522023-02-07 15:12:47.144root 11241100x8000000000000000699006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.144{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cb49098c8ec2d62023-02-07 15:12:47.144root 11241100x8000000000000000699005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.144{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae80f93e9ec95b2023-02-07 15:12:47.144root 11241100x8000000000000000699004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.144{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f9607d87143d52023-02-07 15:12:47.144root 11241100x8000000000000000699003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.144{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425c1e9afe83240c2023-02-07 15:12:47.144root 11241100x8000000000000000699012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af64f136e124e12023-02-07 15:12:47.595root 11241100x8000000000000000699011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3a56a54ee84f9c2023-02-07 15:12:47.595root 11241100x8000000000000000699010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d611dcda62f004762023-02-07 15:12:47.595root 11241100x8000000000000000699009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a092105b4ba1a3002023-02-07 15:12:47.595root 11241100x8000000000000000699008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d11de3a0e88552023-02-07 15:12:47.595root 11241100x8000000000000000699019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83125155f51c47d62023-02-07 15:12:47.596root 11241100x8000000000000000699018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57db2d6c8d69d052023-02-07 15:12:47.596root 11241100x8000000000000000699017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fe32460a7ec34c2023-02-07 15:12:47.596root 11241100x8000000000000000699016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28a566b28c1480d2023-02-07 15:12:47.596root 11241100x8000000000000000699015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c38947e115fa2762023-02-07 15:12:47.596root 11241100x8000000000000000699014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6884ac42cda1b1492023-02-07 15:12:47.596root 11241100x8000000000000000699013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5b87af8dcc2f142023-02-07 15:12:47.596root 11241100x8000000000000000699024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a26a3a993d633682023-02-07 15:12:47.597root 11241100x8000000000000000699023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc943e6824039972023-02-07 15:12:47.597root 11241100x8000000000000000699022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e8c5f173cb80f2023-02-07 15:12:47.597root 11241100x8000000000000000699021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f097b5e5c277ecf42023-02-07 15:12:47.597root 11241100x8000000000000000699020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01c0918fb34dd452023-02-07 15:12:47.597root 11241100x8000000000000000699029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f8f517c78241e92023-02-07 15:12:47.598root 11241100x8000000000000000699028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432bcaff57cd73192023-02-07 15:12:47.598root 11241100x8000000000000000699027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88977a1ce75233562023-02-07 15:12:47.598root 11241100x8000000000000000699026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a720bf32d333ca2023-02-07 15:12:47.598root 11241100x8000000000000000699025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d8b20fe17ad8292023-02-07 15:12:47.598root 11241100x8000000000000000699033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83197296b90d71b92023-02-07 15:12:48.095root 11241100x8000000000000000699032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1303c5bea523782023-02-07 15:12:48.095root 11241100x8000000000000000699031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1b66cb5069d0262023-02-07 15:12:48.095root 11241100x8000000000000000699030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab7bf76f260a4542023-02-07 15:12:48.095root 11241100x8000000000000000699040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc450777a66fce3b2023-02-07 15:12:48.096root 11241100x8000000000000000699039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa61c2f0ca683de2023-02-07 15:12:48.096root 11241100x8000000000000000699038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7435ee58d0de242023-02-07 15:12:48.096root 11241100x8000000000000000699037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e49056ff0516d502023-02-07 15:12:48.096root 11241100x8000000000000000699036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa074db0d4c252a2023-02-07 15:12:48.096root 11241100x8000000000000000699035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e314df8efb64b912023-02-07 15:12:48.096root 11241100x8000000000000000699034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f08d2c9643328472023-02-07 15:12:48.096root 11241100x8000000000000000699049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1633a63a2184029a2023-02-07 15:12:48.097root 11241100x8000000000000000699048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689f339dfca1ade32023-02-07 15:12:48.097root 11241100x8000000000000000699047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4af539fccf3a312023-02-07 15:12:48.097root 11241100x8000000000000000699046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7235cbaf7dd83ec2023-02-07 15:12:48.097root 11241100x8000000000000000699045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e9cea1238eb9d42023-02-07 15:12:48.097root 11241100x8000000000000000699044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c1c4912686ae8d2023-02-07 15:12:48.097root 11241100x8000000000000000699043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b659621bac7c142023-02-07 15:12:48.097root 11241100x8000000000000000699042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb07b2814427baed2023-02-07 15:12:48.097root 11241100x8000000000000000699041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a37df55ca2cfe772023-02-07 15:12:48.097root 11241100x8000000000000000699056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7666e890dc70342023-02-07 15:12:48.595root 11241100x8000000000000000699055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e779d5374793d55e2023-02-07 15:12:48.595root 11241100x8000000000000000699054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5918d44946e15e2023-02-07 15:12:48.595root 11241100x8000000000000000699053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d076d128beeb9952023-02-07 15:12:48.595root 11241100x8000000000000000699052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b95eb3d30a53b42023-02-07 15:12:48.595root 11241100x8000000000000000699051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8972083b5e5d04b2023-02-07 15:12:48.595root 11241100x8000000000000000699050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2044e520af9203e22023-02-07 15:12:48.595root 11241100x8000000000000000699066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b9e0fd23c493b82023-02-07 15:12:48.596root 11241100x8000000000000000699065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4a330f9d6de272023-02-07 15:12:48.596root 11241100x8000000000000000699064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f111641bab03ffcf2023-02-07 15:12:48.596root 11241100x8000000000000000699063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343f292ab59bcfe62023-02-07 15:12:48.596root 11241100x8000000000000000699062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66ba43188f18e432023-02-07 15:12:48.596root 11241100x8000000000000000699061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e59056a7d3546c82023-02-07 15:12:48.596root 11241100x8000000000000000699060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49cc34cb55a98fe2023-02-07 15:12:48.596root 11241100x8000000000000000699059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef5cf6d34687a9b2023-02-07 15:12:48.596root 11241100x8000000000000000699058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdb103991dd034b2023-02-07 15:12:48.596root 11241100x8000000000000000699057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c66330be9b79e52023-02-07 15:12:48.596root 11241100x8000000000000000699069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388a85fc83f2fb892023-02-07 15:12:48.597root 11241100x8000000000000000699068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8669fdd49cae1d552023-02-07 15:12:48.597root 11241100x8000000000000000699067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740952654ef8c12d2023-02-07 15:12:48.597root 11241100x8000000000000000699073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056c6c826762de162023-02-07 15:12:49.095root 11241100x8000000000000000699072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674af4e964543d592023-02-07 15:12:49.095root 11241100x8000000000000000699071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7855c25d72697cea2023-02-07 15:12:49.095root 11241100x8000000000000000699070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99156dbf34fe3592023-02-07 15:12:49.095root 11241100x8000000000000000699079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8e42097246222e2023-02-07 15:12:49.096root 11241100x8000000000000000699078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f6430e2c0fe5142023-02-07 15:12:49.096root 11241100x8000000000000000699077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04918eebb9d743f02023-02-07 15:12:49.096root 11241100x8000000000000000699076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f723f4ea4328d6c32023-02-07 15:12:49.096root 11241100x8000000000000000699075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd6e7a54c27b7cc2023-02-07 15:12:49.096root 11241100x8000000000000000699074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1005c14160b16acc2023-02-07 15:12:49.096root 11241100x8000000000000000699083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102996b95e32f8fe2023-02-07 15:12:49.097root 11241100x8000000000000000699082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626f114b7ab09fc02023-02-07 15:12:49.097root 11241100x8000000000000000699081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c44451bad6868b72023-02-07 15:12:49.097root 11241100x8000000000000000699080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec7048f8e98431d2023-02-07 15:12:49.097root 11241100x8000000000000000699089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5383c75c6a04822023-02-07 15:12:49.098root 11241100x8000000000000000699088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dde242bc0c52e52023-02-07 15:12:49.098root 11241100x8000000000000000699087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724762250b2719f12023-02-07 15:12:49.098root 11241100x8000000000000000699086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1c78defedbd2d72023-02-07 15:12:49.098root 11241100x8000000000000000699085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea8f939509f80182023-02-07 15:12:49.098root 11241100x8000000000000000699084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ca00baff1829382023-02-07 15:12:49.098root 11241100x8000000000000000699093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca0d321ce8373c92023-02-07 15:12:49.595root 11241100x8000000000000000699092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34daa5292af8b2e62023-02-07 15:12:49.595root 11241100x8000000000000000699091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8377b54a5a0d8ec92023-02-07 15:12:49.595root 11241100x8000000000000000699090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3d1965a8ee676c2023-02-07 15:12:49.595root 11241100x8000000000000000699099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4fc9ce85b956ba2023-02-07 15:12:49.596root 11241100x8000000000000000699098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b9c1609d4086762023-02-07 15:12:49.596root 11241100x8000000000000000699097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6d07825a1fbecc2023-02-07 15:12:49.596root 11241100x8000000000000000699096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce8572da562c14c2023-02-07 15:12:49.596root 11241100x8000000000000000699095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0ef4c91eb1302a2023-02-07 15:12:49.596root 11241100x8000000000000000699094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8802104b202aaf2023-02-07 15:12:49.596root 11241100x8000000000000000699106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e57fa7109cc0d4a2023-02-07 15:12:49.597root 11241100x8000000000000000699105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64ba8750b7cf7352023-02-07 15:12:49.597root 11241100x8000000000000000699104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963b01caa67414b92023-02-07 15:12:49.597root 11241100x8000000000000000699103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eb9131a8e5c9b52023-02-07 15:12:49.597root 11241100x8000000000000000699102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3e2aea8ed62412023-02-07 15:12:49.597root 11241100x8000000000000000699101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ab27089ccc42372023-02-07 15:12:49.597root 11241100x8000000000000000699100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15574b33ba3788c72023-02-07 15:12:49.597root 11241100x8000000000000000699110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1498f4052fedc302023-02-07 15:12:49.598root 11241100x8000000000000000699109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385556f36513423a2023-02-07 15:12:49.598root 11241100x8000000000000000699108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dbcacd76d8e8742023-02-07 15:12:49.598root 11241100x8000000000000000699107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b99bb1822decd442023-02-07 15:12:49.598root 11241100x8000000000000000699113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eca226e5e573a32023-02-07 15:12:50.095root 11241100x8000000000000000699112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dd0b4701e772952023-02-07 15:12:50.095root 11241100x8000000000000000699111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab7cc8f35126d6b2023-02-07 15:12:50.095root 11241100x8000000000000000699117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce868cd1481b6aa12023-02-07 15:12:50.096root 11241100x8000000000000000699116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc967bda414b41052023-02-07 15:12:50.096root 11241100x8000000000000000699115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4e76fc7ead30b62023-02-07 15:12:50.096root 11241100x8000000000000000699114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49d2c302cc0cc022023-02-07 15:12:50.096root 11241100x8000000000000000699122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92d1dc39365afa72023-02-07 15:12:50.097root 11241100x8000000000000000699121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7736b802463eac072023-02-07 15:12:50.097root 11241100x8000000000000000699120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a3661a203687e22023-02-07 15:12:50.097root 11241100x8000000000000000699119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ed075df52979cb2023-02-07 15:12:50.097root 11241100x8000000000000000699118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9861c561760efd02023-02-07 15:12:50.097root 11241100x8000000000000000699126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567e6d3479ba95762023-02-07 15:12:50.098root 11241100x8000000000000000699125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588fa383198d9a8f2023-02-07 15:12:50.098root 11241100x8000000000000000699124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f75a4bbfa768b2023-02-07 15:12:50.098root 11241100x8000000000000000699123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425b68845d9aa6d92023-02-07 15:12:50.098root 11241100x8000000000000000699129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48385b539d7361032023-02-07 15:12:50.099root 11241100x8000000000000000699128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af484ca19e104602023-02-07 15:12:50.099root 11241100x8000000000000000699127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d93c6a18da88d0d2023-02-07 15:12:50.099root 11241100x8000000000000000699131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59c0669198738d52023-02-07 15:12:50.100root 11241100x8000000000000000699130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7094ce05a2e368182023-02-07 15:12:50.100root 11241100x8000000000000000699135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08453b17a19f0fad2023-02-07 15:12:50.595root 11241100x8000000000000000699134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e37bea45c333962023-02-07 15:12:50.595root 11241100x8000000000000000699133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd609c35e7e88a392023-02-07 15:12:50.595root 11241100x8000000000000000699132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43389c8ee0b4210c2023-02-07 15:12:50.595root 11241100x8000000000000000699140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2691847c11d9b7d12023-02-07 15:12:50.596root 11241100x8000000000000000699139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1958cb44a27df02023-02-07 15:12:50.596root 11241100x8000000000000000699138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e6b891e54dccd32023-02-07 15:12:50.596root 11241100x8000000000000000699137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ceb9bf353a3025e2023-02-07 15:12:50.596root 11241100x8000000000000000699136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf59acde4d708e2023-02-07 15:12:50.596root 11241100x8000000000000000699146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6010d45b31f89c572023-02-07 15:12:50.597root 11241100x8000000000000000699145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d6f9cabfd0b4fd2023-02-07 15:12:50.597root 11241100x8000000000000000699144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddf2395334c77942023-02-07 15:12:50.597root 11241100x8000000000000000699143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e8bf2466d498852023-02-07 15:12:50.597root 11241100x8000000000000000699142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c25eeec920d0fbf2023-02-07 15:12:50.597root 11241100x8000000000000000699141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1aa9465ee2669e2023-02-07 15:12:50.597root 11241100x8000000000000000699151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c0cf0dcb7d111e2023-02-07 15:12:50.598root 11241100x8000000000000000699150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefd2670f60d7c6d2023-02-07 15:12:50.598root 11241100x8000000000000000699149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb65b2f0eb397f62023-02-07 15:12:50.598root 11241100x8000000000000000699148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94984d470417bcc72023-02-07 15:12:50.598root 11241100x8000000000000000699147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42be457c80e2c08d2023-02-07 15:12:50.598root 11241100x8000000000000000699152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce03eccd2c7b58e2023-02-07 15:12:50.599root 11241100x8000000000000000699156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e31fc28f67f5412023-02-07 15:12:51.095root 11241100x8000000000000000699155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2670fdc339433a702023-02-07 15:12:51.095root 11241100x8000000000000000699154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0c0926b6c3a8512023-02-07 15:12:51.095root 11241100x8000000000000000699153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f01b68baf88c28c2023-02-07 15:12:51.095root 11241100x8000000000000000699164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be904749ae96b26b2023-02-07 15:12:51.096root 11241100x8000000000000000699163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ade9608caa0b36e2023-02-07 15:12:51.096root 11241100x8000000000000000699162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cf6bddf5f358312023-02-07 15:12:51.096root 11241100x8000000000000000699161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bcf25b87bb95632023-02-07 15:12:51.096root 11241100x8000000000000000699160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddb6f84286796a52023-02-07 15:12:51.096root 11241100x8000000000000000699159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fd8d6b67778a242023-02-07 15:12:51.096root 11241100x8000000000000000699158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53600a48eaf9bcce2023-02-07 15:12:51.096root 11241100x8000000000000000699157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b29df52b7165d402023-02-07 15:12:51.096root 11241100x8000000000000000699171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2627d6bbbffc624f2023-02-07 15:12:51.097root 11241100x8000000000000000699170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e67c1084e15bc52023-02-07 15:12:51.097root 11241100x8000000000000000699169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e862c624c51b77a22023-02-07 15:12:51.097root 11241100x8000000000000000699168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b0bf4941d1120b2023-02-07 15:12:51.097root 11241100x8000000000000000699167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907cbfb6073eb07c2023-02-07 15:12:51.097root 11241100x8000000000000000699166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d7fabd5e1620cc2023-02-07 15:12:51.097root 11241100x8000000000000000699165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8574ce02720f8d262023-02-07 15:12:51.097root 11241100x8000000000000000699174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecb17af6d0965d42023-02-07 15:12:51.098root 11241100x8000000000000000699173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7458631245e56832023-02-07 15:12:51.098root 11241100x8000000000000000699172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d18ac809232c3d52023-02-07 15:12:51.098root 154100x8000000000000000699175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.188{ec244aba-6a73-63e2-6884-133ac0550000}6105/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000699176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.206{ec244aba-6a73-63e2-6884-133ac0550000}6105/bin/psroot 11241100x8000000000000000699184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42175576c23bafa72023-02-07 15:12:51.596root 11241100x8000000000000000699183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead40dd2585abb902023-02-07 15:12:51.596root 11241100x8000000000000000699182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9819d1ae913ee6e02023-02-07 15:12:51.596root 11241100x8000000000000000699181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1832038dfbb03a0b2023-02-07 15:12:51.596root 11241100x8000000000000000699180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563b5112a992dbb22023-02-07 15:12:51.596root 11241100x8000000000000000699179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43593ea77a6d1422023-02-07 15:12:51.596root 11241100x8000000000000000699178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6396e3edb2f186d2023-02-07 15:12:51.596root 11241100x8000000000000000699177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737c43f33e5f3d7e2023-02-07 15:12:51.596root 11241100x8000000000000000699193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6420c736e2f553492023-02-07 15:12:51.597root 11241100x8000000000000000699192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95549bb4b10c8242023-02-07 15:12:51.597root 11241100x8000000000000000699191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a8aa62643e90682023-02-07 15:12:51.597root 11241100x8000000000000000699190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90397b31bec9a16c2023-02-07 15:12:51.597root 11241100x8000000000000000699189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bef2de5fc9646b2023-02-07 15:12:51.597root 11241100x8000000000000000699188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1136a6621923a6812023-02-07 15:12:51.597root 11241100x8000000000000000699187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590fa9512ab55eb32023-02-07 15:12:51.597root 11241100x8000000000000000699186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97db339600969982023-02-07 15:12:51.597root 11241100x8000000000000000699185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22867312938b749a2023-02-07 15:12:51.597root 11241100x8000000000000000699198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a0dba763bb9cb12023-02-07 15:12:51.598root 11241100x8000000000000000699197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cefbc128c7763c82023-02-07 15:12:51.598root 11241100x8000000000000000699196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a3c1bb9b76c9ea2023-02-07 15:12:51.598root 11241100x8000000000000000699195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef62a07b6bb1e7aa2023-02-07 15:12:51.598root 11241100x8000000000000000699194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a71286a0f0a55f2023-02-07 15:12:51.598root 11241100x8000000000000000699202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a41e8675f1e5c92023-02-07 15:12:52.095root 11241100x8000000000000000699201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b994996e7ea92f9a2023-02-07 15:12:52.095root 11241100x8000000000000000699200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619bf6218148c87e2023-02-07 15:12:52.095root 11241100x8000000000000000699199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec515b9c32421992023-02-07 15:12:52.095root 11241100x8000000000000000699209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74aa59106e4fe152023-02-07 15:12:52.096root 11241100x8000000000000000699208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833868ea2639f5812023-02-07 15:12:52.096root 11241100x8000000000000000699207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa5cc6e0719b4d52023-02-07 15:12:52.096root 11241100x8000000000000000699206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ba0542ff25eb592023-02-07 15:12:52.096root 11241100x8000000000000000699205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0e3297266d38632023-02-07 15:12:52.096root 11241100x8000000000000000699204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feb6d26d91a88b52023-02-07 15:12:52.096root 11241100x8000000000000000699203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daf6ea363d6361f2023-02-07 15:12:52.096root 11241100x8000000000000000699215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bab1f001e7263532023-02-07 15:12:52.097root 11241100x8000000000000000699214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930b04e04f042fc42023-02-07 15:12:52.097root 11241100x8000000000000000699213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8207c0a56935142023-02-07 15:12:52.097root 11241100x8000000000000000699212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73fc17d84cb4f1a2023-02-07 15:12:52.097root 11241100x8000000000000000699211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68196e293f8ad2502023-02-07 15:12:52.097root 11241100x8000000000000000699210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e69b67c25c9d482023-02-07 15:12:52.097root 11241100x8000000000000000699218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dd65a89b41bfb52023-02-07 15:12:52.098root 11241100x8000000000000000699217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8042b3cc7969b65e2023-02-07 15:12:52.098root 11241100x8000000000000000699216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef3b202caac1d9f2023-02-07 15:12:52.098root 11241100x8000000000000000699220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f4fe8f03048a2e2023-02-07 15:12:52.101root 11241100x8000000000000000699219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8d99fd402b79612023-02-07 15:12:52.101root 11241100x8000000000000000699221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023fb7bbc22c8a462023-02-07 15:12:52.102root 354300x8000000000000000699222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.186{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47496-false10.0.1.12-8000- 11241100x8000000000000000699228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ae5d9a0a58ae452023-02-07 15:12:52.596root 11241100x8000000000000000699227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edcb18d6c11c91b2023-02-07 15:12:52.596root 11241100x8000000000000000699226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8352801a8df491f62023-02-07 15:12:52.596root 11241100x8000000000000000699225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdff0226d67f28b22023-02-07 15:12:52.596root 11241100x8000000000000000699224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47992e62df08c3712023-02-07 15:12:52.596root 11241100x8000000000000000699223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a942647f2d9822c2023-02-07 15:12:52.596root 11241100x8000000000000000699239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7ac0b21a494d6b2023-02-07 15:12:52.597root 11241100x8000000000000000699238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f01663173bc10af2023-02-07 15:12:52.597root 11241100x8000000000000000699237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f30da5f6bfe83092023-02-07 15:12:52.597root 11241100x8000000000000000699236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348f5630706a047f2023-02-07 15:12:52.597root 11241100x8000000000000000699235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad65ea711cdb7db62023-02-07 15:12:52.597root 11241100x8000000000000000699234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdaafed3d4f75dd2023-02-07 15:12:52.597root 11241100x8000000000000000699233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196d309c516cb8e2023-02-07 15:12:52.597root 11241100x8000000000000000699232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc61487b8ee134b2023-02-07 15:12:52.597root 11241100x8000000000000000699231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7744cf99df6436062023-02-07 15:12:52.597root 11241100x8000000000000000699230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f94e6169a491c62023-02-07 15:12:52.597root 11241100x8000000000000000699229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f123583b898259e02023-02-07 15:12:52.597root 11241100x8000000000000000699245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389ac0eebe7f5d452023-02-07 15:12:52.598root 11241100x8000000000000000699244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b6f0aef5f45f3d2023-02-07 15:12:52.598root 11241100x8000000000000000699243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7775058b622e822023-02-07 15:12:52.598root 11241100x8000000000000000699242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6229bad44cc2e12023-02-07 15:12:52.598root 11241100x8000000000000000699241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75211b61912eab6e2023-02-07 15:12:52.598root 11241100x8000000000000000699240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fc1f418b2d65de2023-02-07 15:12:52.598root 11241100x8000000000000000699249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e9a289489de1532023-02-07 15:12:53.095root 11241100x8000000000000000699248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413f27eb464b36d42023-02-07 15:12:53.095root 11241100x8000000000000000699247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ff8420ef46f8652023-02-07 15:12:53.095root 11241100x8000000000000000699246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efe2a52baad5c42023-02-07 15:12:53.095root 11241100x8000000000000000699255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf9cffd9160f89e2023-02-07 15:12:53.096root 11241100x8000000000000000699254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae2eb971d098b02023-02-07 15:12:53.096root 11241100x8000000000000000699253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d246a4b1876f362023-02-07 15:12:53.096root 11241100x8000000000000000699252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881ca73d86aefccd2023-02-07 15:12:53.096root 11241100x8000000000000000699251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a16acbf306d34832023-02-07 15:12:53.096root 11241100x8000000000000000699250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbc2ff61f6478482023-02-07 15:12:53.096root 11241100x8000000000000000699259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daae19d2eae3fa6f2023-02-07 15:12:53.097root 11241100x8000000000000000699258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389adc9d9b76bda32023-02-07 15:12:53.097root 11241100x8000000000000000699257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ad88384a714d9e2023-02-07 15:12:53.097root 11241100x8000000000000000699256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7965ce005613f6052023-02-07 15:12:53.097root 11241100x8000000000000000699265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743e8490c50bb21d2023-02-07 15:12:53.098root 11241100x8000000000000000699264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cf42ce6a4fc8552023-02-07 15:12:53.098root 11241100x8000000000000000699263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3e2c3603d1ca1e2023-02-07 15:12:53.098root 11241100x8000000000000000699262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c2e7ab791616aa2023-02-07 15:12:53.098root 11241100x8000000000000000699261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b8c734379e7c6e2023-02-07 15:12:53.098root 11241100x8000000000000000699260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c979771dff71d52023-02-07 15:12:53.098root 11241100x8000000000000000699271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8415363622618df2023-02-07 15:12:53.099root 11241100x8000000000000000699270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616777a6801570192023-02-07 15:12:53.099root 11241100x8000000000000000699269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0b632e0cbdf8202023-02-07 15:12:53.099root 11241100x8000000000000000699268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b84b1ccb835c4a2023-02-07 15:12:53.099root 11241100x8000000000000000699267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c735cf2bfa491b2023-02-07 15:12:53.099root 11241100x8000000000000000699266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3515591a6d2ce93a2023-02-07 15:12:53.099root 11241100x8000000000000000699276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74797fa180c58732023-02-07 15:12:53.100root 11241100x8000000000000000699275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d459b66934d846772023-02-07 15:12:53.100root 11241100x8000000000000000699274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba64bbc1a70aece2023-02-07 15:12:53.100root 11241100x8000000000000000699273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce17be18943a4912023-02-07 15:12:53.100root 11241100x8000000000000000699272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52321c2d4e8142c22023-02-07 15:12:53.100root 11241100x8000000000000000699282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebddd82d61e6b222023-02-07 15:12:53.595root 11241100x8000000000000000699281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fba349973436cd2023-02-07 15:12:53.595root 11241100x8000000000000000699280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e608a49e533db9c42023-02-07 15:12:53.595root 11241100x8000000000000000699279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef538ed4982164cb2023-02-07 15:12:53.595root 11241100x8000000000000000699278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff0b0face68ec62023-02-07 15:12:53.595root 11241100x8000000000000000699277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1601a997ce489b92023-02-07 15:12:53.595root 11241100x8000000000000000699295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9ce6442804da0e2023-02-07 15:12:53.596root 11241100x8000000000000000699294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5fdc48bc37ab92023-02-07 15:12:53.596root 11241100x8000000000000000699293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34783ab246f17122023-02-07 15:12:53.596root 11241100x8000000000000000699292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fd34c4e9bbe6d12023-02-07 15:12:53.596root 11241100x8000000000000000699291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e2be339d8c1b22023-02-07 15:12:53.596root 11241100x8000000000000000699290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7512f28777bea2023-02-07 15:12:53.596root 11241100x8000000000000000699289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e417a622a33d3ef2023-02-07 15:12:53.596root 11241100x8000000000000000699288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1cd9249499dd682023-02-07 15:12:53.596root 11241100x8000000000000000699287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f381db73588e4d042023-02-07 15:12:53.596root 11241100x8000000000000000699286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8f1c33ec8a61262023-02-07 15:12:53.596root 11241100x8000000000000000699285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75b1804af08dd042023-02-07 15:12:53.596root 11241100x8000000000000000699284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b280a88288d84ec2023-02-07 15:12:53.596root 11241100x8000000000000000699283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aed65e6dae491c72023-02-07 15:12:53.596root 11241100x8000000000000000699304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c9426cb8a7852d2023-02-07 15:12:53.597root 11241100x8000000000000000699303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9215830c13a7962023-02-07 15:12:53.597root 11241100x8000000000000000699302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8e65cd23b97b422023-02-07 15:12:53.597root 11241100x8000000000000000699301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4ab59c64a1e552023-02-07 15:12:53.597root 11241100x8000000000000000699300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134f45ec2d75af2c2023-02-07 15:12:53.597root 11241100x8000000000000000699299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7edd0c238df6df2023-02-07 15:12:53.597root 11241100x8000000000000000699298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be510a71ed30cb312023-02-07 15:12:53.597root 11241100x8000000000000000699297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d72ba8eb9e8f342023-02-07 15:12:53.597root 11241100x8000000000000000699296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74d85c87664c54c2023-02-07 15:12:53.597root 11241100x8000000000000000699305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:53.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a85a12c5f2c5df2023-02-07 15:12:53.598root 11241100x8000000000000000699310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734bbbaa38b4510b2023-02-07 15:12:54.095root 11241100x8000000000000000699309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494964fcef03ce22023-02-07 15:12:54.095root 11241100x8000000000000000699308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3173fd9e2e561e6a2023-02-07 15:12:54.095root 11241100x8000000000000000699307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423c92b81d029512023-02-07 15:12:54.095root 11241100x8000000000000000699306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca67b08203eb7b462023-02-07 15:12:54.095root 11241100x8000000000000000699319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae7d01bea0e0c92023-02-07 15:12:54.096root 11241100x8000000000000000699318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847a44f16c5dfc322023-02-07 15:12:54.096root 11241100x8000000000000000699317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf7d7dbaf4943ce2023-02-07 15:12:54.096root 11241100x8000000000000000699316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823df3057b0e3ad82023-02-07 15:12:54.096root 11241100x8000000000000000699315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5f3008c4d543a12023-02-07 15:12:54.096root 11241100x8000000000000000699314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c01d0ef2985bf62023-02-07 15:12:54.096root 11241100x8000000000000000699313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d6587a189e10342023-02-07 15:12:54.096root 11241100x8000000000000000699312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0c78c6709bd9f2023-02-07 15:12:54.096root 11241100x8000000000000000699311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f78150df9a16e5b2023-02-07 15:12:54.096root 11241100x8000000000000000699328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8978be32d92a4a02023-02-07 15:12:54.097root 11241100x8000000000000000699327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9baf38ae509276f2023-02-07 15:12:54.097root 11241100x8000000000000000699326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4449ecdf92cfa5222023-02-07 15:12:54.097root 11241100x8000000000000000699325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee215f25a1db6312023-02-07 15:12:54.097root 11241100x8000000000000000699324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb400f1b5dcf64502023-02-07 15:12:54.097root 11241100x8000000000000000699323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8547e2255be7312023-02-07 15:12:54.097root 11241100x8000000000000000699322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c1fc4909cbf0812023-02-07 15:12:54.097root 11241100x8000000000000000699321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da97ec419d1b78402023-02-07 15:12:54.097root 11241100x8000000000000000699320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5f4079f615581e2023-02-07 15:12:54.097root 11241100x8000000000000000699331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb515532ff30122023-02-07 15:12:54.098root 11241100x8000000000000000699330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0350279f487363c72023-02-07 15:12:54.098root 11241100x8000000000000000699329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbbe3c09b3618152023-02-07 15:12:54.098root 11241100x8000000000000000699332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec8bbd1c03ed962023-02-07 15:12:54.099root 11241100x8000000000000000699336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9a5aadc62091ce2023-02-07 15:12:54.595root 11241100x8000000000000000699335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcd326b467ab5ef2023-02-07 15:12:54.595root 11241100x8000000000000000699334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f5034fc57957d42023-02-07 15:12:54.595root 11241100x8000000000000000699333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df063486f5cc6a42023-02-07 15:12:54.595root 11241100x8000000000000000699344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35780e9f954877cb2023-02-07 15:12:54.596root 11241100x8000000000000000699343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155f05a2cd98be6a2023-02-07 15:12:54.596root 11241100x8000000000000000699342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b89f6fa66c8b662023-02-07 15:12:54.596root 11241100x8000000000000000699341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b258108842bee5c52023-02-07 15:12:54.596root 11241100x8000000000000000699340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df404255fad242642023-02-07 15:12:54.596root 11241100x8000000000000000699339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb84a305c0f20b02023-02-07 15:12:54.596root 11241100x8000000000000000699338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472064c532eafc342023-02-07 15:12:54.596root 11241100x8000000000000000699337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b220e6ce5a385882023-02-07 15:12:54.596root 11241100x8000000000000000699351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfa5500afba7e822023-02-07 15:12:54.597root 11241100x8000000000000000699350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15253c5aae5d10022023-02-07 15:12:54.597root 11241100x8000000000000000699349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50324ed3ec279a012023-02-07 15:12:54.597root 11241100x8000000000000000699348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea241980651d87362023-02-07 15:12:54.597root 11241100x8000000000000000699347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943c0b52dc01c6be2023-02-07 15:12:54.597root 11241100x8000000000000000699346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220096a51e06b81d2023-02-07 15:12:54.597root 11241100x8000000000000000699345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be79c9d58dc269d92023-02-07 15:12:54.597root 11241100x8000000000000000699359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a801fd890435d1a82023-02-07 15:12:54.598root 11241100x8000000000000000699358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f816883e28284a4c2023-02-07 15:12:54.598root 11241100x8000000000000000699357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5b239b8e43ad362023-02-07 15:12:54.598root 11241100x8000000000000000699356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7ded1aa806594b2023-02-07 15:12:54.598root 11241100x8000000000000000699355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f05dada101b4f1a2023-02-07 15:12:54.598root 11241100x8000000000000000699354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5e7e95c5fc716b2023-02-07 15:12:54.598root 11241100x8000000000000000699353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37d2ff86dbab9062023-02-07 15:12:54.598root 11241100x8000000000000000699352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ae672389ae43b92023-02-07 15:12:54.598root 11241100x8000000000000000699365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf7b7c8dd1508e42023-02-07 15:12:54.599root 11241100x8000000000000000699364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93906d5b0d57d9262023-02-07 15:12:54.599root 11241100x8000000000000000699363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767d864f580863122023-02-07 15:12:54.599root 11241100x8000000000000000699362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82c9a65a062926f2023-02-07 15:12:54.599root 11241100x8000000000000000699361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64004c58caaed672023-02-07 15:12:54.599root 11241100x8000000000000000699360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f843b66f6591962023-02-07 15:12:54.599root 11241100x8000000000000000699367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdccbe982c18fa22023-02-07 15:12:54.600root 11241100x8000000000000000699366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5746a33ff83a62023-02-07 15:12:54.600root 11241100x8000000000000000699368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:54.730{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:12:54.730root 11241100x8000000000000000699372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8004767ff10d8cc52023-02-07 15:12:55.095root 11241100x8000000000000000699371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbc42b9351e72872023-02-07 15:12:55.095root 11241100x8000000000000000699370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625068be646265d2023-02-07 15:12:55.095root 11241100x8000000000000000699369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e44dfeb6badb7a2023-02-07 15:12:55.095root 11241100x8000000000000000699381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfcc95129b6083f2023-02-07 15:12:55.096root 11241100x8000000000000000699380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e391168d4b38385c2023-02-07 15:12:55.096root 11241100x8000000000000000699379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37c342dbd223b782023-02-07 15:12:55.096root 11241100x8000000000000000699378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481a13ac98bb22c2023-02-07 15:12:55.096root 11241100x8000000000000000699377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767f77a595ae51af2023-02-07 15:12:55.096root 11241100x8000000000000000699376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47b6c8054e0ef682023-02-07 15:12:55.096root 11241100x8000000000000000699375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340ccf9993f2931e2023-02-07 15:12:55.096root 11241100x8000000000000000699374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05432097bc4b497d2023-02-07 15:12:55.096root 11241100x8000000000000000699373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3773c32a35b547a2023-02-07 15:12:55.096root 11241100x8000000000000000699391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b9d36d1e212cec2023-02-07 15:12:55.097root 11241100x8000000000000000699390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e0e2a7afa3d1812023-02-07 15:12:55.097root 11241100x8000000000000000699389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfc8e6b42a8c83c2023-02-07 15:12:55.097root 11241100x8000000000000000699388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d575e3a0bbe32c52023-02-07 15:12:55.097root 11241100x8000000000000000699387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46169b50b9aaf1f52023-02-07 15:12:55.097root 11241100x8000000000000000699386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cdced4d4ecb1672023-02-07 15:12:55.097root 11241100x8000000000000000699385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26356a936f84901f2023-02-07 15:12:55.097root 11241100x8000000000000000699384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce936f6c95502142023-02-07 15:12:55.097root 11241100x8000000000000000699383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0fc5e8c5a19c9e2023-02-07 15:12:55.097root 11241100x8000000000000000699382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260d7509cb1938c12023-02-07 15:12:55.097root 11241100x8000000000000000699394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a288596dc2f2a02023-02-07 15:12:55.098root 11241100x8000000000000000699393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b9f1c49feaf6402023-02-07 15:12:55.098root 11241100x8000000000000000699392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363385874a6b33e62023-02-07 15:12:55.098root 11241100x8000000000000000699398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d0a88bdd7f9b6f2023-02-07 15:12:55.595root 11241100x8000000000000000699397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a1a4cdc99c6ae22023-02-07 15:12:55.595root 11241100x8000000000000000699396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10af7a05c5d080a42023-02-07 15:12:55.595root 11241100x8000000000000000699395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d178ba3a08fc2b942023-02-07 15:12:55.595root 11241100x8000000000000000699404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58f63a6165154202023-02-07 15:12:55.596root 11241100x8000000000000000699403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b6fe5867e488202023-02-07 15:12:55.596root 11241100x8000000000000000699402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fda8a39e736ec2023-02-07 15:12:55.596root 11241100x8000000000000000699401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e11a8914ee5689a2023-02-07 15:12:55.596root 11241100x8000000000000000699400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ae6fe4068cdcdb2023-02-07 15:12:55.596root 11241100x8000000000000000699399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7219e497e46e78292023-02-07 15:12:55.596root 11241100x8000000000000000699410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c79491f2c5006122023-02-07 15:12:55.597root 11241100x8000000000000000699409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815e3d5d75d5753a2023-02-07 15:12:55.597root 11241100x8000000000000000699408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf641302bb284242023-02-07 15:12:55.597root 11241100x8000000000000000699407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd3faf5f6db9822023-02-07 15:12:55.597root 11241100x8000000000000000699406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb0ef90559a881d2023-02-07 15:12:55.597root 11241100x8000000000000000699405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006943b56224e5042023-02-07 15:12:55.597root 11241100x8000000000000000699417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6f6a876dd6f6e2023-02-07 15:12:55.598root 11241100x8000000000000000699416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e2bd0dbb8d2fe2023-02-07 15:12:55.598root 11241100x8000000000000000699415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d6fcd9306d57a42023-02-07 15:12:55.598root 11241100x8000000000000000699414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab156500d442362023-02-07 15:12:55.598root 11241100x8000000000000000699413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50011b878b8a82a52023-02-07 15:12:55.598root 11241100x8000000000000000699412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52b214f4265e3b32023-02-07 15:12:55.598root 11241100x8000000000000000699411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82315087bc011f992023-02-07 15:12:55.598root 11241100x8000000000000000699423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8cc3f45b8a178b2023-02-07 15:12:55.599root 11241100x8000000000000000699422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc50551e327f13f32023-02-07 15:12:55.599root 11241100x8000000000000000699421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dfb4097ce8e9e12023-02-07 15:12:55.599root 11241100x8000000000000000699420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ff6810f594b1502023-02-07 15:12:55.599root 11241100x8000000000000000699419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaf7644bb6db72d2023-02-07 15:12:55.599root 11241100x8000000000000000699418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f61fd81bd2ae122023-02-07 15:12:55.599root 11241100x8000000000000000699427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7174f08fc80fb3d52023-02-07 15:12:55.600root 11241100x8000000000000000699426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39815e37cc8de852023-02-07 15:12:55.600root 11241100x8000000000000000699425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f7ab464d6389732023-02-07 15:12:55.600root 11241100x8000000000000000699424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0635432249e3032023-02-07 15:12:55.600root 11241100x8000000000000000699431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9dc99f700283312023-02-07 15:12:56.095root 11241100x8000000000000000699430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0cb15e0d7130d2023-02-07 15:12:56.095root 11241100x8000000000000000699429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e79649dd770a642023-02-07 15:12:56.095root 11241100x8000000000000000699428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e65fc69b60745ac2023-02-07 15:12:56.095root 11241100x8000000000000000699436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf51d7aaeafebf62023-02-07 15:12:56.096root 11241100x8000000000000000699435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86540961a5b410c2023-02-07 15:12:56.096root 11241100x8000000000000000699434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecadb35b7d23f5ee2023-02-07 15:12:56.096root 11241100x8000000000000000699433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625b5ebc8e43e5322023-02-07 15:12:56.096root 11241100x8000000000000000699432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81290b4d98366d042023-02-07 15:12:56.096root 11241100x8000000000000000699440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a223e1212680072023-02-07 15:12:56.097root 11241100x8000000000000000699439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb9fb4d334857c52023-02-07 15:12:56.097root 11241100x8000000000000000699438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dca8763be558b6e2023-02-07 15:12:56.097root 11241100x8000000000000000699437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb21d2e01ba09f42023-02-07 15:12:56.097root 11241100x8000000000000000699443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a184d94773c84d2023-02-07 15:12:56.098root 11241100x8000000000000000699442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191fce151422b6312023-02-07 15:12:56.098root 11241100x8000000000000000699441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d45331fa362d3e2023-02-07 15:12:56.098root 11241100x8000000000000000699447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d312ce29c53be0f2023-02-07 15:12:56.099root 11241100x8000000000000000699446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5974487c0e79602023-02-07 15:12:56.099root 11241100x8000000000000000699445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e120094962a9e72023-02-07 15:12:56.099root 11241100x8000000000000000699444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafe65f79613bdc02023-02-07 15:12:56.099root 11241100x8000000000000000699450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbf8aa68bfb007a2023-02-07 15:12:56.100root 11241100x8000000000000000699449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5370b6c1aec32e202023-02-07 15:12:56.100root 11241100x8000000000000000699448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9439674dbd205e9b2023-02-07 15:12:56.100root 11241100x8000000000000000699453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a6ade2277d9a5c2023-02-07 15:12:56.101root 11241100x8000000000000000699452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3037562079cd3d22023-02-07 15:12:56.101root 11241100x8000000000000000699451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7869e82b88f95a12023-02-07 15:12:56.101root 11241100x8000000000000000699456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5a2097007bc4352023-02-07 15:12:56.102root 11241100x8000000000000000699455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326a3360c65e59252023-02-07 15:12:56.102root 11241100x8000000000000000699454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2761d450264809e2023-02-07 15:12:56.102root 11241100x8000000000000000699463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3205abdfe8de5a4b2023-02-07 15:12:56.596root 11241100x8000000000000000699462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f46dce865ec55c2023-02-07 15:12:56.596root 11241100x8000000000000000699461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43a63e75db2f8682023-02-07 15:12:56.596root 11241100x8000000000000000699460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe30954563201882023-02-07 15:12:56.596root 11241100x8000000000000000699459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad2cd1dace00222023-02-07 15:12:56.596root 11241100x8000000000000000699458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a3073f9515c7622023-02-07 15:12:56.596root 11241100x8000000000000000699457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703eea8a6b3650422023-02-07 15:12:56.596root 11241100x8000000000000000699473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a7790639c631a92023-02-07 15:12:56.597root 11241100x8000000000000000699472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b4b33d0398c3a2023-02-07 15:12:56.597root 11241100x8000000000000000699471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ecbf7d518fbcc32023-02-07 15:12:56.597root 11241100x8000000000000000699470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2abfbce59ee354c2023-02-07 15:12:56.597root 11241100x8000000000000000699469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140056713c8fb69a2023-02-07 15:12:56.597root 11241100x8000000000000000699468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af76edcb4e8edc32023-02-07 15:12:56.597root 11241100x8000000000000000699467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e50e3fe73380522023-02-07 15:12:56.597root 11241100x8000000000000000699466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4274053a01e94112023-02-07 15:12:56.597root 11241100x8000000000000000699465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b647f4ad26e032023-02-07 15:12:56.597root 11241100x8000000000000000699464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df032b7719d2e6cb2023-02-07 15:12:56.597root 11241100x8000000000000000699478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33e2df1f341dbea2023-02-07 15:12:56.598root 11241100x8000000000000000699477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7086a39912072102023-02-07 15:12:56.598root 11241100x8000000000000000699476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c927ae9730c6c1a42023-02-07 15:12:56.598root 11241100x8000000000000000699475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f7f53edb2b0e1b2023-02-07 15:12:56.598root 11241100x8000000000000000699474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c2fccc3cc03d52023-02-07 15:12:56.598root 11241100x8000000000000000699480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec85ad671c2a9712023-02-07 15:12:56.599root 11241100x8000000000000000699479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2026e334d01f64b12023-02-07 15:12:56.599root 11241100x8000000000000000699485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36025c01cce2a7de2023-02-07 15:12:57.095root 11241100x8000000000000000699484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b44ef30fe8aa062023-02-07 15:12:57.095root 11241100x8000000000000000699483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8db90229b3f8d262023-02-07 15:12:57.095root 11241100x8000000000000000699482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7bcc706ba180382023-02-07 15:12:57.095root 11241100x8000000000000000699481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3118616a1f797252023-02-07 15:12:57.095root 11241100x8000000000000000699491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1ab9856cf5923d2023-02-07 15:12:57.096root 11241100x8000000000000000699490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d8aa23539f95ce2023-02-07 15:12:57.096root 11241100x8000000000000000699489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa585bdfac713a362023-02-07 15:12:57.096root 11241100x8000000000000000699488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3062025d8643cde62023-02-07 15:12:57.096root 11241100x8000000000000000699487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5568d1c19fca1942023-02-07 15:12:57.096root 11241100x8000000000000000699486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76dd2af44173ecf2023-02-07 15:12:57.096root 11241100x8000000000000000699497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691e1d8e0c48d51f2023-02-07 15:12:57.097root 11241100x8000000000000000699496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b02b58dbb2eb8672023-02-07 15:12:57.097root 11241100x8000000000000000699495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1341aa56efafba4c2023-02-07 15:12:57.097root 11241100x8000000000000000699494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603a46e9c8b7c5222023-02-07 15:12:57.097root 11241100x8000000000000000699493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf6e8615b53e722023-02-07 15:12:57.097root 11241100x8000000000000000699492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b3a9b5beecbeaa2023-02-07 15:12:57.097root 11241100x8000000000000000699504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5b75b5de52bce32023-02-07 15:12:57.098root 11241100x8000000000000000699503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44714fa1567078042023-02-07 15:12:57.098root 11241100x8000000000000000699502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefa7fd08bccd2202023-02-07 15:12:57.098root 11241100x8000000000000000699501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2e710a4ed2c21c2023-02-07 15:12:57.098root 11241100x8000000000000000699500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3b4ec806010e482023-02-07 15:12:57.098root 11241100x8000000000000000699499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdedb4b258bc32922023-02-07 15:12:57.098root 11241100x8000000000000000699498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24aed6246dce99092023-02-07 15:12:57.098root 11241100x8000000000000000699507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a16e3ddee25a042023-02-07 15:12:57.099root 11241100x8000000000000000699506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5f2fce6bcaca6e2023-02-07 15:12:57.099root 11241100x8000000000000000699505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430ebae2d959ad1d2023-02-07 15:12:57.099root 11241100x8000000000000000699512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643d4feb04f8fa2a2023-02-07 15:12:57.595root 11241100x8000000000000000699511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e83aa386848f112023-02-07 15:12:57.595root 11241100x8000000000000000699510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012d3bb3036de812023-02-07 15:12:57.595root 11241100x8000000000000000699509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b699aa4fc13778b2023-02-07 15:12:57.595root 11241100x8000000000000000699508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4a54cece83fe362023-02-07 15:12:57.595root 11241100x8000000000000000699519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8c9e6c6fcbf7582023-02-07 15:12:57.596root 11241100x8000000000000000699518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c888dc5b4283682023-02-07 15:12:57.596root 11241100x8000000000000000699517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35933c9a431117252023-02-07 15:12:57.596root 11241100x8000000000000000699516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b09b049f7c18082023-02-07 15:12:57.596root 11241100x8000000000000000699515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe61086b8742d252023-02-07 15:12:57.596root 11241100x8000000000000000699514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb6a91a8aa7967a2023-02-07 15:12:57.596root 11241100x8000000000000000699513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd13c552f1e1db2023-02-07 15:12:57.596root 11241100x8000000000000000699524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18553f38143136302023-02-07 15:12:57.597root 11241100x8000000000000000699523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fcbd58539b3f3a2023-02-07 15:12:57.597root 11241100x8000000000000000699522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad58df1deb1c03862023-02-07 15:12:57.597root 11241100x8000000000000000699521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e3be1d3de689ac2023-02-07 15:12:57.597root 11241100x8000000000000000699520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b76d7fe8cd929032023-02-07 15:12:57.597root 11241100x8000000000000000699531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3acff114bf223802023-02-07 15:12:57.598root 11241100x8000000000000000699530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c27cbc18ea0d812023-02-07 15:12:57.598root 11241100x8000000000000000699529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38359209f853c242023-02-07 15:12:57.598root 11241100x8000000000000000699528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed9d1535c7af1f72023-02-07 15:12:57.598root 11241100x8000000000000000699527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7646d1e5833609252023-02-07 15:12:57.598root 11241100x8000000000000000699526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539bb36e8f8fae0d2023-02-07 15:12:57.598root 11241100x8000000000000000699525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dde2e364d4c40f52023-02-07 15:12:57.598root 11241100x8000000000000000699542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee4772f4f00145c2023-02-07 15:12:57.599root 11241100x8000000000000000699541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e83921742a195be2023-02-07 15:12:57.599root 11241100x8000000000000000699540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8386e3308617f862023-02-07 15:12:57.599root 11241100x8000000000000000699539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a4735857cbe94a2023-02-07 15:12:57.599root 11241100x8000000000000000699538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4abb8d1d14ef822023-02-07 15:12:57.599root 11241100x8000000000000000699537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b2008115ba4ebe2023-02-07 15:12:57.599root 11241100x8000000000000000699536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2b559b8b478cc72023-02-07 15:12:57.599root 11241100x8000000000000000699535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5d3cdb5c3139642023-02-07 15:12:57.599root 11241100x8000000000000000699534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c0b29872a132e12023-02-07 15:12:57.599root 11241100x8000000000000000699533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37f0106b89d85b72023-02-07 15:12:57.599root 11241100x8000000000000000699532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff60c3925e981b1a2023-02-07 15:12:57.599root 23542300x8000000000000000699543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:57.731{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000699544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.014{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37906-false10.0.1.12-8000- 11241100x8000000000000000699549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.015{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2addf0555047168c2023-02-07 15:12:58.015root 11241100x8000000000000000699548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.015{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad94e3ed48b9fb412023-02-07 15:12:58.015root 11241100x8000000000000000699547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.015{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802d18b6ac8069762023-02-07 15:12:58.015root 11241100x8000000000000000699546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.015{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23d53376438fc772023-02-07 15:12:58.015root 11241100x8000000000000000699545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.015{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37feacdd9819602023-02-07 15:12:58.015root 11241100x8000000000000000699559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd6043955796352023-02-07 15:12:58.016root 11241100x8000000000000000699558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d9053a11eb7ced2023-02-07 15:12:58.016root 11241100x8000000000000000699557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867ca41b1216f49f2023-02-07 15:12:58.016root 11241100x8000000000000000699556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ea5b48e675f4c72023-02-07 15:12:58.016root 11241100x8000000000000000699555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43ba21da9ccde02023-02-07 15:12:58.016root 11241100x8000000000000000699554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17efb240dcf54dde2023-02-07 15:12:58.016root 11241100x8000000000000000699553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0334c2f9f1400de32023-02-07 15:12:58.016root 11241100x8000000000000000699552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5c2638709394752023-02-07 15:12:58.016root 11241100x8000000000000000699551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1099bbae61ef97982023-02-07 15:12:58.016root 11241100x8000000000000000699550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d906c7171456b1e72023-02-07 15:12:58.016root 11241100x8000000000000000699570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f0bf27ecce2b272023-02-07 15:12:58.017root 11241100x8000000000000000699569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad471bad79d53642023-02-07 15:12:58.017root 11241100x8000000000000000699568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475a87b7c1ab0ad52023-02-07 15:12:58.017root 11241100x8000000000000000699567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c4dc41bd1b32c2023-02-07 15:12:58.017root 11241100x8000000000000000699566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51577d01f3b7fbbd2023-02-07 15:12:58.017root 11241100x8000000000000000699565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dce43ebcdaa11902023-02-07 15:12:58.017root 11241100x8000000000000000699564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72da95cd71f3bf22023-02-07 15:12:58.017root 11241100x8000000000000000699563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16372ec407729c82023-02-07 15:12:58.017root 11241100x8000000000000000699562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9217808203c8c802023-02-07 15:12:58.017root 11241100x8000000000000000699561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea9a44adbd61452023-02-07 15:12:58.017root 11241100x8000000000000000699560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0896a4489f8ce222023-02-07 15:12:58.017root 11241100x8000000000000000699571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.018{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508f7bc8d661782d2023-02-07 15:12:58.018root 11241100x8000000000000000699575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781e7e8b7399710d2023-02-07 15:12:58.346root 11241100x8000000000000000699574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c2ede360c657d2023-02-07 15:12:58.346root 11241100x8000000000000000699573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26585171f0ce51db2023-02-07 15:12:58.346root 11241100x8000000000000000699572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f088cccd9c460e612023-02-07 15:12:58.346root 11241100x8000000000000000699584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b959a02ee85d322023-02-07 15:12:58.347root 11241100x8000000000000000699583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abbe4a2471061162023-02-07 15:12:58.347root 11241100x8000000000000000699582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d35b4d5cacc482023-02-07 15:12:58.347root 11241100x8000000000000000699581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fc6d7c6f2e50e92023-02-07 15:12:58.347root 11241100x8000000000000000699580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ba9ef3127b71f02023-02-07 15:12:58.347root 11241100x8000000000000000699579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577c10070d7575b52023-02-07 15:12:58.347root 11241100x8000000000000000699578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc152d0bf0c4c402023-02-07 15:12:58.347root 11241100x8000000000000000699577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb3db7df9c092f92023-02-07 15:12:58.347root 11241100x8000000000000000699576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3e4532ad60ef7e2023-02-07 15:12:58.347root 11241100x8000000000000000699594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f7a1752d94ac182023-02-07 15:12:58.348root 11241100x8000000000000000699593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fdffe330124a6d2023-02-07 15:12:58.348root 11241100x8000000000000000699592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1fce98709667062023-02-07 15:12:58.348root 11241100x8000000000000000699591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84844e834cf529a82023-02-07 15:12:58.348root 11241100x8000000000000000699590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d559605608c91d5e2023-02-07 15:12:58.348root 11241100x8000000000000000699589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae1a4ee891571812023-02-07 15:12:58.348root 11241100x8000000000000000699588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752ea352c141d4d22023-02-07 15:12:58.348root 11241100x8000000000000000699587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e181d5d2410c4eff2023-02-07 15:12:58.348root 11241100x8000000000000000699586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50776d37ec5b8b0d2023-02-07 15:12:58.348root 11241100x8000000000000000699585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3108f4b011847142023-02-07 15:12:58.348root 11241100x8000000000000000699597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c61c9dd46327d0f2023-02-07 15:12:58.349root 11241100x8000000000000000699596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3332b092c5164e2023-02-07 15:12:58.349root 11241100x8000000000000000699595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bab6751cb3f76642023-02-07 15:12:58.349root 11241100x8000000000000000699602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b05cc614e40c61d2023-02-07 15:12:58.846root 11241100x8000000000000000699601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e18dd7b57b0cbb2023-02-07 15:12:58.846root 11241100x8000000000000000699600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17493f42d9e86232023-02-07 15:12:58.846root 11241100x8000000000000000699599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2e56db482d17db2023-02-07 15:12:58.846root 11241100x8000000000000000699598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad3e4f460753bd32023-02-07 15:12:58.846root 11241100x8000000000000000699612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696abcfc426cecc12023-02-07 15:12:58.847root 11241100x8000000000000000699611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd760c2315ccc022023-02-07 15:12:58.847root 11241100x8000000000000000699610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86919077e42b58d2023-02-07 15:12:58.847root 11241100x8000000000000000699609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae268fa68471f9752023-02-07 15:12:58.847root 11241100x8000000000000000699608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764df49b8a73d3cd2023-02-07 15:12:58.847root 11241100x8000000000000000699607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbcdc1ecc79c8de2023-02-07 15:12:58.847root 11241100x8000000000000000699606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0b8184f3f3f75f2023-02-07 15:12:58.847root 11241100x8000000000000000699605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d6910798acb512023-02-07 15:12:58.847root 11241100x8000000000000000699604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435040746a3dc8572023-02-07 15:12:58.847root 11241100x8000000000000000699603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45a1273da8cd64f2023-02-07 15:12:58.847root 11241100x8000000000000000699623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26e7a9248ad7ce72023-02-07 15:12:58.848root 11241100x8000000000000000699622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49936653dcb999e2023-02-07 15:12:58.848root 11241100x8000000000000000699621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9b50c46dba61822023-02-07 15:12:58.848root 11241100x8000000000000000699620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd69ee54693d6d92023-02-07 15:12:58.848root 11241100x8000000000000000699619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07d7e12e8bc82d02023-02-07 15:12:58.848root 11241100x8000000000000000699618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5467d3d734af41b82023-02-07 15:12:58.848root 11241100x8000000000000000699617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088e8d17d5aa12e22023-02-07 15:12:58.848root 11241100x8000000000000000699616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34edc3533ed80df32023-02-07 15:12:58.848root 11241100x8000000000000000699615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cc82ce2d1001292023-02-07 15:12:58.848root 11241100x8000000000000000699614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da0c6d00f3541452023-02-07 15:12:58.848root 11241100x8000000000000000699613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b4350fef98bf9f2023-02-07 15:12:58.848root 11241100x8000000000000000699629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5602b94561994c5b2023-02-07 15:12:59.346root 11241100x8000000000000000699628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5916433ee0d6772023-02-07 15:12:59.346root 11241100x8000000000000000699627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe111c01e68521d2023-02-07 15:12:59.346root 11241100x8000000000000000699626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4771fdda5052162023-02-07 15:12:59.346root 11241100x8000000000000000699625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b8035e991cfe062023-02-07 15:12:59.346root 11241100x8000000000000000699624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c270d3994d54057c2023-02-07 15:12:59.346root 11241100x8000000000000000699638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508619bd5ad8a0dc2023-02-07 15:12:59.347root 11241100x8000000000000000699637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fb60c133f88fdc2023-02-07 15:12:59.347root 11241100x8000000000000000699636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb2f3fe35533772023-02-07 15:12:59.347root 11241100x8000000000000000699635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aef38871e1cdbce2023-02-07 15:12:59.347root 11241100x8000000000000000699634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db191102b6aa14452023-02-07 15:12:59.347root 11241100x8000000000000000699633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236295fa98f98aae2023-02-07 15:12:59.347root 11241100x8000000000000000699632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e997a9930a35f82023-02-07 15:12:59.347root 11241100x8000000000000000699631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9456ec79703ac5a2023-02-07 15:12:59.347root 11241100x8000000000000000699630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b000935ddcc9acf02023-02-07 15:12:59.347root 11241100x8000000000000000699643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578d0b61db9597be2023-02-07 15:12:59.348root 11241100x8000000000000000699642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205d049a92aa60ec2023-02-07 15:12:59.348root 11241100x8000000000000000699641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a5395a347de2b22023-02-07 15:12:59.348root 11241100x8000000000000000699640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e262e8e6169fb852023-02-07 15:12:59.348root 11241100x8000000000000000699639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185139e9e66f6cad2023-02-07 15:12:59.348root 11241100x8000000000000000699648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688ff37938c8552a2023-02-07 15:12:59.349root 11241100x8000000000000000699647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceadd3258131c7512023-02-07 15:12:59.349root 11241100x8000000000000000699646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b5d9953d64f3982023-02-07 15:12:59.349root 11241100x8000000000000000699645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd899dd3ba065b62023-02-07 15:12:59.349root 11241100x8000000000000000699644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918385379d6f3d6c2023-02-07 15:12:59.349root 11241100x8000000000000000699649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877467206f0bddfb2023-02-07 15:12:59.350root 11241100x8000000000000000699652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c61014080fe78c2023-02-07 15:12:59.846root 11241100x8000000000000000699651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c5c5b3d6d60d782023-02-07 15:12:59.846root 11241100x8000000000000000699650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f48cf458740e552023-02-07 15:12:59.846root 11241100x8000000000000000699656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687ff08cfe9e452c2023-02-07 15:12:59.847root 11241100x8000000000000000699655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4437f78d575581c52023-02-07 15:12:59.847root 11241100x8000000000000000699654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b137ab2752c6262023-02-07 15:12:59.847root 11241100x8000000000000000699653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cacd4d5adfebaea2023-02-07 15:12:59.847root 11241100x8000000000000000699666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf77ac433e71b8e82023-02-07 15:12:59.848root 11241100x8000000000000000699665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf615154d93a0ed2023-02-07 15:12:59.848root 11241100x8000000000000000699664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f608abb945c2a0162023-02-07 15:12:59.848root 11241100x8000000000000000699663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdd672bd464d0d32023-02-07 15:12:59.848root 11241100x8000000000000000699662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa014f79904b5082023-02-07 15:12:59.848root 11241100x8000000000000000699661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28de67319bd3ec812023-02-07 15:12:59.848root 11241100x8000000000000000699660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc3f4b7571417c72023-02-07 15:12:59.848root 11241100x8000000000000000699659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4a77b1787b73932023-02-07 15:12:59.848root 11241100x8000000000000000699658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724c4bf38bf73b4d2023-02-07 15:12:59.848root 11241100x8000000000000000699657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86223e20c87e096a2023-02-07 15:12:59.848root 11241100x8000000000000000699675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c45d48fb5ae3e02023-02-07 15:12:59.849root 11241100x8000000000000000699674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e696a166744878c22023-02-07 15:12:59.849root 11241100x8000000000000000699673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37830b6b04278add2023-02-07 15:12:59.849root 11241100x8000000000000000699672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb988c197170b6b72023-02-07 15:12:59.849root 11241100x8000000000000000699671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f363e38c70d304092023-02-07 15:12:59.849root 11241100x8000000000000000699670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08c5f88e6b176f42023-02-07 15:12:59.849root 11241100x8000000000000000699669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30228bbf8b08c8bd2023-02-07 15:12:59.849root 11241100x8000000000000000699668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192a33185636f9462023-02-07 15:12:59.849root 11241100x8000000000000000699667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:12:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715e33d322ded7362023-02-07 15:12:59.849root 11241100x8000000000000000699682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3597d56092d45e2a2023-02-07 15:13:00.346root 11241100x8000000000000000699681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb083080ed923e882023-02-07 15:13:00.346root 11241100x8000000000000000699680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6c8e8a8d642daf2023-02-07 15:13:00.346root 11241100x8000000000000000699679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b85325cf3350392023-02-07 15:13:00.346root 11241100x8000000000000000699678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bab4d16fc77d872023-02-07 15:13:00.346root 11241100x8000000000000000699677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b1e815e90f12472023-02-07 15:13:00.346root 11241100x8000000000000000699676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648f0255449a5a252023-02-07 15:13:00.346root 11241100x8000000000000000699694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ae3f05bf17af3e2023-02-07 15:13:00.347root 11241100x8000000000000000699693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1eea1ecc40c329c2023-02-07 15:13:00.347root 11241100x8000000000000000699692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce8d47568449d062023-02-07 15:13:00.347root 11241100x8000000000000000699691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff89669411e7fe02023-02-07 15:13:00.347root 11241100x8000000000000000699690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44eb4f715dbb5282023-02-07 15:13:00.347root 11241100x8000000000000000699689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8096bae15bf03dc2023-02-07 15:13:00.347root 11241100x8000000000000000699688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c0ac01fa454fb42023-02-07 15:13:00.347root 11241100x8000000000000000699687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6704e527a4937b2023-02-07 15:13:00.347root 11241100x8000000000000000699686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d3b4f89adb4e862023-02-07 15:13:00.347root 11241100x8000000000000000699685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e9da807c758e8c2023-02-07 15:13:00.347root 11241100x8000000000000000699684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5be818c954d6b062023-02-07 15:13:00.347root 11241100x8000000000000000699683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef551d442b2a976a2023-02-07 15:13:00.347root 11241100x8000000000000000699701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6d98b5fded50132023-02-07 15:13:00.348root 11241100x8000000000000000699700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c17d00eebd5a962023-02-07 15:13:00.348root 11241100x8000000000000000699699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2042f057f5c5bf002023-02-07 15:13:00.348root 11241100x8000000000000000699698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9ce8a287dc3d5e2023-02-07 15:13:00.348root 11241100x8000000000000000699697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1269dbe37274752023-02-07 15:13:00.348root 11241100x8000000000000000699696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f9726777d90a9a2023-02-07 15:13:00.348root 11241100x8000000000000000699695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdc6bef7cb360872023-02-07 15:13:00.348root 11241100x8000000000000000699706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4991cc072abd0bba2023-02-07 15:13:00.846root 11241100x8000000000000000699705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dbfebe57dba9132023-02-07 15:13:00.846root 11241100x8000000000000000699704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ff2131f7065a182023-02-07 15:13:00.846root 11241100x8000000000000000699703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d947fe65be7a06bb2023-02-07 15:13:00.846root 11241100x8000000000000000699702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1c5c38f888e6dd2023-02-07 15:13:00.846root 11241100x8000000000000000699713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979909a062e7fa072023-02-07 15:13:00.847root 11241100x8000000000000000699712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d562d59cf86eb52023-02-07 15:13:00.847root 11241100x8000000000000000699711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1518689c053a2d0d2023-02-07 15:13:00.847root 11241100x8000000000000000699710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02db99a95e56d812023-02-07 15:13:00.847root 11241100x8000000000000000699709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecfad57371389062023-02-07 15:13:00.847root 11241100x8000000000000000699708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e57805bdaff2542023-02-07 15:13:00.847root 11241100x8000000000000000699707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7400d1da4e90f8372023-02-07 15:13:00.847root 11241100x8000000000000000699718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0f13a2f8ef8de12023-02-07 15:13:00.848root 11241100x8000000000000000699717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7939119d8800eba62023-02-07 15:13:00.848root 11241100x8000000000000000699716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f1527ac18e23f62023-02-07 15:13:00.848root 11241100x8000000000000000699715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce36d90f21e1cd8f2023-02-07 15:13:00.848root 11241100x8000000000000000699714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a46f945a93f5c2023-02-07 15:13:00.848root 11241100x8000000000000000699722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3568520ec989e092023-02-07 15:13:00.849root 11241100x8000000000000000699721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c2291bdfa4135e2023-02-07 15:13:00.849root 11241100x8000000000000000699720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca2a2e5cc3f19632023-02-07 15:13:00.849root 11241100x8000000000000000699719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d95afb405f77222023-02-07 15:13:00.849root 11241100x8000000000000000699727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc6752fe03d55592023-02-07 15:13:00.850root 11241100x8000000000000000699726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0704df8e10d36892023-02-07 15:13:00.850root 11241100x8000000000000000699725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e897c96473b3cf0e2023-02-07 15:13:00.850root 11241100x8000000000000000699724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34061f5fbae6b61c2023-02-07 15:13:00.850root 11241100x8000000000000000699723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:00.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1fa8581f57aafc2023-02-07 15:13:00.850root 11241100x8000000000000000699729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329e83aaef778782023-02-07 15:13:01.346root 11241100x8000000000000000699728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eef1c18dfb66902023-02-07 15:13:01.346root 11241100x8000000000000000699734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48edffc9df16b53b2023-02-07 15:13:01.347root 11241100x8000000000000000699733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65882c27511b51232023-02-07 15:13:01.347root 11241100x8000000000000000699732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6782f6c3b08092382023-02-07 15:13:01.347root 11241100x8000000000000000699731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b449356b20499c2023-02-07 15:13:01.347root 11241100x8000000000000000699730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ac3fe5e53fd0072023-02-07 15:13:01.347root 11241100x8000000000000000699739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14daa6d97a8610da2023-02-07 15:13:01.348root 11241100x8000000000000000699738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff9adcefbe5cf362023-02-07 15:13:01.348root 11241100x8000000000000000699737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fff69c7588971f2023-02-07 15:13:01.348root 11241100x8000000000000000699736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be10f4c9b04cd982023-02-07 15:13:01.348root 11241100x8000000000000000699735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237ac310ff81300a2023-02-07 15:13:01.348root 11241100x8000000000000000699744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e5986edd7cd8142023-02-07 15:13:01.349root 11241100x8000000000000000699743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2c0a5e885a94092023-02-07 15:13:01.349root 11241100x8000000000000000699742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d8dacd0763a872023-02-07 15:13:01.349root 11241100x8000000000000000699741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c4847c5e4c59ad2023-02-07 15:13:01.349root 11241100x8000000000000000699740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1cb9f3b8ae3d812023-02-07 15:13:01.349root 11241100x8000000000000000699748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5b6fec5e550d452023-02-07 15:13:01.350root 11241100x8000000000000000699747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905b6daf7dc2e7ce2023-02-07 15:13:01.350root 11241100x8000000000000000699746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7149207f27741872023-02-07 15:13:01.350root 11241100x8000000000000000699745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2b34849fbe55a22023-02-07 15:13:01.350root 11241100x8000000000000000699753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef44bb40f6c5bf4c2023-02-07 15:13:01.351root 11241100x8000000000000000699752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146ab0a482b3cf692023-02-07 15:13:01.351root 11241100x8000000000000000699751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd833d9a83c8c9b12023-02-07 15:13:01.351root 11241100x8000000000000000699750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420600e1debab5022023-02-07 15:13:01.351root 11241100x8000000000000000699749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c83e49116c03512023-02-07 15:13:01.351root 11241100x8000000000000000699757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f1dc616573a2ee2023-02-07 15:13:01.846root 11241100x8000000000000000699756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c085c9b0df0e02023-02-07 15:13:01.846root 11241100x8000000000000000699755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8502e6ec08f271422023-02-07 15:13:01.846root 11241100x8000000000000000699754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5aa738327428e02023-02-07 15:13:01.846root 11241100x8000000000000000699764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eb8b58c3c942e42023-02-07 15:13:01.847root 11241100x8000000000000000699763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b718b96a1604502023-02-07 15:13:01.847root 11241100x8000000000000000699762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de99ea7f71e9a5a72023-02-07 15:13:01.847root 11241100x8000000000000000699761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37370bbf687562702023-02-07 15:13:01.847root 11241100x8000000000000000699760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bff66a16bb7ccce2023-02-07 15:13:01.847root 11241100x8000000000000000699759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fd232a027771f32023-02-07 15:13:01.847root 11241100x8000000000000000699758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f8b834aec1b3562023-02-07 15:13:01.847root 11241100x8000000000000000699765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eefbea35ae38ab2023-02-07 15:13:01.848root 11241100x8000000000000000699767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad91a66a15f82ac52023-02-07 15:13:01.849root 11241100x8000000000000000699766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5499166c7a669b1a2023-02-07 15:13:01.849root 11241100x8000000000000000699773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7364ffad84c4bb0f2023-02-07 15:13:01.850root 11241100x8000000000000000699772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f99d801c2356042023-02-07 15:13:01.850root 11241100x8000000000000000699771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d07dc5b6024b3f2023-02-07 15:13:01.850root 11241100x8000000000000000699770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33d699d32f1eef22023-02-07 15:13:01.850root 11241100x8000000000000000699769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7a4f76c202d9e82023-02-07 15:13:01.850root 11241100x8000000000000000699768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781b73b0cce6c4972023-02-07 15:13:01.850root 11241100x8000000000000000699776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25afa1fb5bac07b2023-02-07 15:13:01.851root 11241100x8000000000000000699775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f97224b54e29522023-02-07 15:13:01.851root 11241100x8000000000000000699774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9867ac64784804cf2023-02-07 15:13:01.851root 11241100x8000000000000000699779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ba7b9dd5982c0a2023-02-07 15:13:01.852root 11241100x8000000000000000699778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f4142656cbad202023-02-07 15:13:01.852root 11241100x8000000000000000699777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:01.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08553bb795292552023-02-07 15:13:01.852root 11241100x8000000000000000699783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66eec7292e33c842023-02-07 15:13:02.346root 11241100x8000000000000000699782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb07a7a81101d42023-02-07 15:13:02.346root 11241100x8000000000000000699781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a852daed33f9afa52023-02-07 15:13:02.346root 11241100x8000000000000000699780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afc44a08e8017942023-02-07 15:13:02.346root 11241100x8000000000000000699788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdf84c1f70b9eb92023-02-07 15:13:02.347root 11241100x8000000000000000699787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbe869c39e0563a2023-02-07 15:13:02.347root 11241100x8000000000000000699786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2eec77a5f0ab502023-02-07 15:13:02.347root 11241100x8000000000000000699785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ad64aa42c8d0972023-02-07 15:13:02.347root 11241100x8000000000000000699784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1a7b7d16911e6d2023-02-07 15:13:02.347root 11241100x8000000000000000699796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afb13bc97ba51772023-02-07 15:13:02.348root 11241100x8000000000000000699795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8da28936745a7f2023-02-07 15:13:02.348root 11241100x8000000000000000699794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e9550b7bf846bb2023-02-07 15:13:02.348root 11241100x8000000000000000699793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e0a8caab45f23a2023-02-07 15:13:02.348root 11241100x8000000000000000699792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017be37af1253b6f2023-02-07 15:13:02.348root 11241100x8000000000000000699791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684baa683b1ba7892023-02-07 15:13:02.348root 11241100x8000000000000000699790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea32006992c45752023-02-07 15:13:02.348root 11241100x8000000000000000699789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6156bc00127b9b12023-02-07 15:13:02.348root 11241100x8000000000000000699805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141dbb8065da49652023-02-07 15:13:02.349root 11241100x8000000000000000699804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd80fd565f45ec42023-02-07 15:13:02.349root 11241100x8000000000000000699803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e30b55725820c7a2023-02-07 15:13:02.349root 11241100x8000000000000000699802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f0547aa6e5ea562023-02-07 15:13:02.349root 11241100x8000000000000000699801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf275bf6bddd6492023-02-07 15:13:02.349root 11241100x8000000000000000699800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c11bd6d9db75a362023-02-07 15:13:02.349root 11241100x8000000000000000699799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5156cc9cd8d5cf2023-02-07 15:13:02.349root 11241100x8000000000000000699798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e566c7be1fe642023-02-07 15:13:02.349root 11241100x8000000000000000699797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a5cfddaceb98c82023-02-07 15:13:02.349root 11241100x8000000000000000699808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c4775cf7899dbe2023-02-07 15:13:02.846root 11241100x8000000000000000699807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee9c16ac403aab52023-02-07 15:13:02.846root 11241100x8000000000000000699806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e7296be91c9a5f2023-02-07 15:13:02.846root 11241100x8000000000000000699814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29865899ef8f07042023-02-07 15:13:02.847root 11241100x8000000000000000699813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da27739189a237fc2023-02-07 15:13:02.847root 11241100x8000000000000000699812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d804eb3eb660b2ea2023-02-07 15:13:02.847root 11241100x8000000000000000699811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e69f49eb0e88eb2023-02-07 15:13:02.847root 11241100x8000000000000000699810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120371a9c6ef43c42023-02-07 15:13:02.847root 11241100x8000000000000000699809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3641f721e4dc4b2023-02-07 15:13:02.847root 11241100x8000000000000000699824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911fc297334ab89b2023-02-07 15:13:02.848root 11241100x8000000000000000699823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e624496f24d196c2023-02-07 15:13:02.848root 11241100x8000000000000000699822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de219ee3c39ff06c2023-02-07 15:13:02.848root 11241100x8000000000000000699821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b96997aa479fce2023-02-07 15:13:02.848root 11241100x8000000000000000699820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58464cb405d924c2023-02-07 15:13:02.848root 11241100x8000000000000000699819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d084a39482d5f62023-02-07 15:13:02.848root 11241100x8000000000000000699818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80f592077c92b12023-02-07 15:13:02.848root 11241100x8000000000000000699817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2108e3a4626199022023-02-07 15:13:02.848root 11241100x8000000000000000699816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884f3c67918a5cb92023-02-07 15:13:02.848root 11241100x8000000000000000699815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250d7ec36a9d3e922023-02-07 15:13:02.848root 11241100x8000000000000000699829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dbed56cebcca4c2023-02-07 15:13:02.850root 11241100x8000000000000000699828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a94191309e89432023-02-07 15:13:02.850root 11241100x8000000000000000699827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b3c50c72d5495c2023-02-07 15:13:02.850root 11241100x8000000000000000699826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cbf1a77d8684f62023-02-07 15:13:02.850root 11241100x8000000000000000699825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7505e4902228d8e72023-02-07 15:13:02.850root 11241100x8000000000000000699831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8144fb9ae4c6232023-02-07 15:13:02.851root 11241100x8000000000000000699830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581c5d6a1a9d36382023-02-07 15:13:02.851root 354300x8000000000000000699832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.255{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37914-false10.0.1.12-8000- 11241100x8000000000000000699835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9591a7fd9823c0982023-02-07 15:13:03.256root 11241100x8000000000000000699834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f8188ab8d684cf2023-02-07 15:13:03.256root 11241100x8000000000000000699833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27917ee66c6bc6b2023-02-07 15:13:03.256root 11241100x8000000000000000699839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c28add0b67fc0982023-02-07 15:13:03.257root 11241100x8000000000000000699838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d168d9585a3ca352023-02-07 15:13:03.257root 11241100x8000000000000000699837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4289c7e49f4ab5572023-02-07 15:13:03.257root 11241100x8000000000000000699836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2093c72df92b81dd2023-02-07 15:13:03.257root 11241100x8000000000000000699848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e095182c093477382023-02-07 15:13:03.258root 11241100x8000000000000000699847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4058900818fd03992023-02-07 15:13:03.258root 11241100x8000000000000000699846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ae7b53925871d42023-02-07 15:13:03.258root 11241100x8000000000000000699845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7daa491f75fd7cb2023-02-07 15:13:03.258root 11241100x8000000000000000699844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0101f6d1387f0c5a2023-02-07 15:13:03.258root 11241100x8000000000000000699843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12feca74aa963092023-02-07 15:13:03.258root 11241100x8000000000000000699842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b89203af546a37f2023-02-07 15:13:03.258root 11241100x8000000000000000699841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282775be8cb6ff22023-02-07 15:13:03.258root 11241100x8000000000000000699840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9538750358226c672023-02-07 15:13:03.258root 11241100x8000000000000000699855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.259{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438133b08f24b4d92023-02-07 15:13:03.259root 11241100x8000000000000000699854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.259{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c052f8ad48ef642023-02-07 15:13:03.259root 11241100x8000000000000000699853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.259{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7326bcd3e9f62eb2023-02-07 15:13:03.259root 11241100x8000000000000000699852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.259{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0d572202a9a44b2023-02-07 15:13:03.259root 11241100x8000000000000000699851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.259{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6afed051675dccf2023-02-07 15:13:03.259root 11241100x8000000000000000699850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.259{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace84c7a7db034232023-02-07 15:13:03.259root 11241100x8000000000000000699849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.259{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e048a0edfd678f2023-02-07 15:13:03.259root 11241100x8000000000000000699858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f664bfed04fb05e42023-02-07 15:13:03.260root 11241100x8000000000000000699857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa438a33e8ee195f2023-02-07 15:13:03.260root 11241100x8000000000000000699856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50cbb6928de3d812023-02-07 15:13:03.260root 11241100x8000000000000000699860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.261{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a5d16e4e75e0562023-02-07 15:13:03.261root 11241100x8000000000000000699859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.261{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cf337a89182da82023-02-07 15:13:03.261root 11241100x8000000000000000699865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.262{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b2d55e830137b72023-02-07 15:13:03.262root 11241100x8000000000000000699864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.262{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8497b67ede6c1522023-02-07 15:13:03.262root 11241100x8000000000000000699863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.262{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116ba122e18385392023-02-07 15:13:03.262root 11241100x8000000000000000699862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.262{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef43ace6764186fe2023-02-07 15:13:03.262root 11241100x8000000000000000699861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.262{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6371e54fe36368c2023-02-07 15:13:03.262root 11241100x8000000000000000699868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.263{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe59487031fc2d12023-02-07 15:13:03.263root 11241100x8000000000000000699867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.263{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccaf1f08964260e2023-02-07 15:13:03.263root 11241100x8000000000000000699866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.263{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da73e242eed1ab382023-02-07 15:13:03.263root 11241100x8000000000000000699870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c1aa818e38e69d2023-02-07 15:13:03.595root 11241100x8000000000000000699869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01245873c6a3c3b82023-02-07 15:13:03.595root 11241100x8000000000000000699874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb350a8f047c09382023-02-07 15:13:03.596root 11241100x8000000000000000699873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f43a1c9a26496e2023-02-07 15:13:03.596root 11241100x8000000000000000699872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf401d64f8fae32023-02-07 15:13:03.596root 11241100x8000000000000000699871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb757689f5249942023-02-07 15:13:03.596root 11241100x8000000000000000699878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e269d935bfe1f592023-02-07 15:13:03.597root 11241100x8000000000000000699877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e04d0099a5d8942023-02-07 15:13:03.597root 11241100x8000000000000000699876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e20ba65831829252023-02-07 15:13:03.597root 11241100x8000000000000000699875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbf2737180bdb732023-02-07 15:13:03.597root 11241100x8000000000000000699882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d69ce3928929a92023-02-07 15:13:03.598root 11241100x8000000000000000699881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a89fbf5ae2e512023-02-07 15:13:03.598root 11241100x8000000000000000699880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155a374122c398092023-02-07 15:13:03.598root 11241100x8000000000000000699879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b281051a26a3f74b2023-02-07 15:13:03.598root 11241100x8000000000000000699887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ce9226068998f62023-02-07 15:13:03.599root 11241100x8000000000000000699886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c7efa50726f5582023-02-07 15:13:03.599root 11241100x8000000000000000699885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e391559cdb33e012023-02-07 15:13:03.599root 11241100x8000000000000000699884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530c977beb270342023-02-07 15:13:03.599root 11241100x8000000000000000699883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d0b90c5f8f63822023-02-07 15:13:03.599root 11241100x8000000000000000699897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28db8f846f06cec42023-02-07 15:13:03.600root 11241100x8000000000000000699896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e5970e88b1cc9c2023-02-07 15:13:03.600root 11241100x8000000000000000699895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4583b9cafefc8c272023-02-07 15:13:03.600root 11241100x8000000000000000699894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180f505cf93f07572023-02-07 15:13:03.600root 11241100x8000000000000000699893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1e03482d6236692023-02-07 15:13:03.600root 11241100x8000000000000000699892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688d1c814d40c94e2023-02-07 15:13:03.600root 11241100x8000000000000000699891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd5868e67ff0e532023-02-07 15:13:03.600root 11241100x8000000000000000699890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2c3561404f307e2023-02-07 15:13:03.600root 11241100x8000000000000000699889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a51ca123f714372023-02-07 15:13:03.600root 11241100x8000000000000000699888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec6197e229978a52023-02-07 15:13:03.600root 11241100x8000000000000000699898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:03.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd11a2e8f1dd64ff2023-02-07 15:13:03.601root 11241100x8000000000000000699902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e9b0614f73d3632023-02-07 15:13:04.095root 11241100x8000000000000000699901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4750922b10db64962023-02-07 15:13:04.095root 11241100x8000000000000000699900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2a4281bfd7fa782023-02-07 15:13:04.095root 11241100x8000000000000000699899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7512ec2a6516ebf52023-02-07 15:13:04.095root 11241100x8000000000000000699907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802265b52a49aa412023-02-07 15:13:04.096root 11241100x8000000000000000699906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159bc2c66e28f6262023-02-07 15:13:04.096root 11241100x8000000000000000699905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d33065108712fa2023-02-07 15:13:04.096root 11241100x8000000000000000699904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0479e3600b1548d72023-02-07 15:13:04.096root 11241100x8000000000000000699903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d648c0c8b41562dd2023-02-07 15:13:04.096root 11241100x8000000000000000699912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db08898f03502a52023-02-07 15:13:04.097root 11241100x8000000000000000699911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0a26dc3992819d2023-02-07 15:13:04.097root 11241100x8000000000000000699910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf32c9597ef60b32023-02-07 15:13:04.097root 11241100x8000000000000000699909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd280a53b2e5ddb22023-02-07 15:13:04.097root 11241100x8000000000000000699908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b716fbaffa90b6302023-02-07 15:13:04.097root 11241100x8000000000000000699917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1831399c720705fd2023-02-07 15:13:04.098root 11241100x8000000000000000699916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f945e49e8365b42023-02-07 15:13:04.098root 11241100x8000000000000000699915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3e034267b629b32023-02-07 15:13:04.098root 11241100x8000000000000000699914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f4ab11e3b3ac632023-02-07 15:13:04.098root 11241100x8000000000000000699913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd4f498a19290bb2023-02-07 15:13:04.098root 11241100x8000000000000000699924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce3c3e4ddd4799f2023-02-07 15:13:04.099root 11241100x8000000000000000699923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500a7b474911d00a2023-02-07 15:13:04.099root 11241100x8000000000000000699922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5162c19668ac132023-02-07 15:13:04.099root 11241100x8000000000000000699921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd891ae4addfe57f2023-02-07 15:13:04.099root 11241100x8000000000000000699920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0ac7d43a87ab92023-02-07 15:13:04.099root 11241100x8000000000000000699919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c9b19789a13392023-02-07 15:13:04.099root 11241100x8000000000000000699918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9dbcf43e6ade122023-02-07 15:13:04.099root 11241100x8000000000000000699930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caac2d07ae21d0e12023-02-07 15:13:04.100root 11241100x8000000000000000699929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e6577ee9f7aa482023-02-07 15:13:04.100root 11241100x8000000000000000699928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5181951ecce664492023-02-07 15:13:04.100root 11241100x8000000000000000699927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f115c2859305069c2023-02-07 15:13:04.100root 11241100x8000000000000000699926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5395397a1f72aa9c2023-02-07 15:13:04.100root 11241100x8000000000000000699925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a619cd61c89be62023-02-07 15:13:04.100root 11241100x8000000000000000699934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500018081f0cf7be2023-02-07 15:13:04.101root 11241100x8000000000000000699933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e03990e3150c7462023-02-07 15:13:04.101root 11241100x8000000000000000699932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe9d8cf501b5372023-02-07 15:13:04.101root 11241100x8000000000000000699931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddc06e15b73ee092023-02-07 15:13:04.101root 11241100x8000000000000000699937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1034b83608ad322023-02-07 15:13:04.102root 11241100x8000000000000000699936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b7c4811e9b076f2023-02-07 15:13:04.102root 11241100x8000000000000000699935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdc7607375d71842023-02-07 15:13:04.102root 11241100x8000000000000000699942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab958a915ebedb72023-02-07 15:13:04.596root 11241100x8000000000000000699941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb002575c5d2d3a92023-02-07 15:13:04.596root 11241100x8000000000000000699940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec435c688122a7e2023-02-07 15:13:04.596root 11241100x8000000000000000699939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25264473c5d89f3a2023-02-07 15:13:04.596root 11241100x8000000000000000699938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4ef3c637640f2d2023-02-07 15:13:04.596root 11241100x8000000000000000699953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2649d97b21b9fc22023-02-07 15:13:04.597root 11241100x8000000000000000699952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068ee07a7a7042e32023-02-07 15:13:04.597root 11241100x8000000000000000699951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc10d352dc8afca2023-02-07 15:13:04.597root 11241100x8000000000000000699950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8426160688cdec2023-02-07 15:13:04.597root 11241100x8000000000000000699949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e412bcd56902e82023-02-07 15:13:04.597root 11241100x8000000000000000699948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb8ba41f891eedf2023-02-07 15:13:04.597root 11241100x8000000000000000699947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254799a58a4196952023-02-07 15:13:04.597root 11241100x8000000000000000699946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f213e57458523662023-02-07 15:13:04.597root 11241100x8000000000000000699945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c4a377e3d1d9eb2023-02-07 15:13:04.597root 11241100x8000000000000000699944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2d447e5bede11b2023-02-07 15:13:04.597root 11241100x8000000000000000699943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b049f3ffab5cfc2023-02-07 15:13:04.597root 11241100x8000000000000000699959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121ecf43abbc032a2023-02-07 15:13:04.598root 11241100x8000000000000000699958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a384b977c08c072023-02-07 15:13:04.598root 11241100x8000000000000000699957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ba14f622becd092023-02-07 15:13:04.598root 11241100x8000000000000000699956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e5fc655069f29f2023-02-07 15:13:04.598root 11241100x8000000000000000699955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edc9aee48021f622023-02-07 15:13:04.598root 11241100x8000000000000000699954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca049b0e140ce4312023-02-07 15:13:04.598root 11241100x8000000000000000699964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17ae75933f7573c2023-02-07 15:13:04.599root 11241100x8000000000000000699963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193745431dd3e7482023-02-07 15:13:04.599root 11241100x8000000000000000699962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f78fd151cf2862023-02-07 15:13:04.599root 11241100x8000000000000000699961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e88d0b06546aa02023-02-07 15:13:04.599root 11241100x8000000000000000699960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:04.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6da41aac6cc53a2023-02-07 15:13:04.599root 11241100x8000000000000000699966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04af508e95d42142023-02-07 15:13:05.095root 11241100x8000000000000000699965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bf40a266d851222023-02-07 15:13:05.095root 11241100x8000000000000000699971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040f9792aab2d43b2023-02-07 15:13:05.096root 11241100x8000000000000000699970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7fcdb93a5fc1332023-02-07 15:13:05.096root 11241100x8000000000000000699969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bb50845537dd8b2023-02-07 15:13:05.096root 11241100x8000000000000000699968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3a12261161facb2023-02-07 15:13:05.096root 11241100x8000000000000000699967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861a7780f9e3b9d12023-02-07 15:13:05.096root 11241100x8000000000000000699974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432009381d0a37452023-02-07 15:13:05.097root 11241100x8000000000000000699973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e120de89b5396e502023-02-07 15:13:05.097root 11241100x8000000000000000699972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bd53536805c3de2023-02-07 15:13:05.097root 11241100x8000000000000000699976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f362acb9a91246112023-02-07 15:13:05.098root 11241100x8000000000000000699975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104c54c605c03c492023-02-07 15:13:05.098root 11241100x8000000000000000699979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3075d8e760e1351c2023-02-07 15:13:05.099root 11241100x8000000000000000699978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4565dd09a030b1ed2023-02-07 15:13:05.099root 11241100x8000000000000000699977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835df3bc9392c5ae2023-02-07 15:13:05.099root 11241100x8000000000000000699983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9aecccf470a0f02023-02-07 15:13:05.100root 11241100x8000000000000000699982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce86c46ae299b7b2023-02-07 15:13:05.100root 11241100x8000000000000000699981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845616103c50ba5a2023-02-07 15:13:05.100root 11241100x8000000000000000699980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408fd28a3a24a5d62023-02-07 15:13:05.100root 11241100x8000000000000000699986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a47b1a4acea0e692023-02-07 15:13:05.101root 11241100x8000000000000000699985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68654deabfcb7dbe2023-02-07 15:13:05.101root 11241100x8000000000000000699984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f68f46e157a45c42023-02-07 15:13:05.101root 11241100x8000000000000000699993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e1f5eea261b8fe2023-02-07 15:13:05.102root 11241100x8000000000000000699992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3714d51fc7615a832023-02-07 15:13:05.102root 11241100x8000000000000000699991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a964b33aebc043f52023-02-07 15:13:05.102root 11241100x8000000000000000699990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be3b54a77f2e2192023-02-07 15:13:05.102root 11241100x8000000000000000699989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e9c4236bf2d7852023-02-07 15:13:05.102root 11241100x8000000000000000699988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49feb05d839263b2023-02-07 15:13:05.102root 11241100x8000000000000000699987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5ff7e72a5ffdaf2023-02-07 15:13:05.102root 11241100x8000000000000000699996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324ec950c490a222023-02-07 15:13:05.103root 11241100x8000000000000000699995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f1b83e97aaee542023-02-07 15:13:05.103root 11241100x8000000000000000699994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c25e7902054ff3f2023-02-07 15:13:05.103root 11241100x8000000000000000700002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a1da2180eef06a2023-02-07 15:13:05.595root 11241100x8000000000000000700001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d21117dcbb2f26a2023-02-07 15:13:05.595root 11241100x8000000000000000700000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c5d3186155ec882023-02-07 15:13:05.595root 11241100x8000000000000000699999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97e55591b143f4f2023-02-07 15:13:05.595root 11241100x8000000000000000699998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a178fa0e22c80a952023-02-07 15:13:05.595root 11241100x8000000000000000699997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af9442c56ff47052023-02-07 15:13:05.595root 11241100x8000000000000000700009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea57a9a5390253d12023-02-07 15:13:05.596root 11241100x8000000000000000700008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd0f8b4a04e12822023-02-07 15:13:05.596root 11241100x8000000000000000700007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00145da693bb4a682023-02-07 15:13:05.596root 11241100x8000000000000000700006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a38ebae5d377f622023-02-07 15:13:05.596root 11241100x8000000000000000700005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868274730fe592392023-02-07 15:13:05.596root 11241100x8000000000000000700004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e44da2d4825ead32023-02-07 15:13:05.596root 11241100x8000000000000000700003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158c77428b3e3dce2023-02-07 15:13:05.596root 11241100x8000000000000000700019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687591be239fbe2d2023-02-07 15:13:05.597root 11241100x8000000000000000700018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c0e85f7e4fa1cb2023-02-07 15:13:05.597root 11241100x8000000000000000700017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2ec531148df6d72023-02-07 15:13:05.597root 11241100x8000000000000000700016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd8f593fbf92adb2023-02-07 15:13:05.597root 11241100x8000000000000000700015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fa4de68285e1442023-02-07 15:13:05.597root 11241100x8000000000000000700014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76044262e31ecef32023-02-07 15:13:05.597root 11241100x8000000000000000700013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a94d0894af199552023-02-07 15:13:05.597root 11241100x8000000000000000700012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b105b1338301bb2b2023-02-07 15:13:05.597root 11241100x8000000000000000700011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81e8a490d2868a62023-02-07 15:13:05.597root 11241100x8000000000000000700010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5586870ce1f9752023-02-07 15:13:05.597root 11241100x8000000000000000700026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e885c91e9fe64cb2023-02-07 15:13:05.598root 11241100x8000000000000000700025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192b7b27d0bbee792023-02-07 15:13:05.598root 11241100x8000000000000000700024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed38450c1d8ca29a2023-02-07 15:13:05.598root 11241100x8000000000000000700023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74cbfa40235e4d72023-02-07 15:13:05.598root 11241100x8000000000000000700022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1dd28d7bc5e5c22023-02-07 15:13:05.598root 11241100x8000000000000000700021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c6e1b2825f052d2023-02-07 15:13:05.598root 11241100x8000000000000000700020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65457f712e769662023-02-07 15:13:05.598root 11241100x8000000000000000700031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53ddd753ec433572023-02-07 15:13:05.599root 11241100x8000000000000000700030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3687c55fe4ba815d2023-02-07 15:13:05.599root 11241100x8000000000000000700029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a56be1d2f471662023-02-07 15:13:05.599root 11241100x8000000000000000700028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018602dc87b061dc2023-02-07 15:13:05.599root 11241100x8000000000000000700027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bad154749275392023-02-07 15:13:05.599root 11241100x8000000000000000700035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86295a01a1a284d2023-02-07 15:13:06.095root 11241100x8000000000000000700034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa5cb0c4d6c27b2023-02-07 15:13:06.095root 11241100x8000000000000000700033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4180e53c61be53132023-02-07 15:13:06.095root 11241100x8000000000000000700032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a4eed8e2d815502023-02-07 15:13:06.095root 11241100x8000000000000000700041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85e7f2720d797e22023-02-07 15:13:06.096root 11241100x8000000000000000700040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479bb47b9243eaf72023-02-07 15:13:06.096root 11241100x8000000000000000700039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0555da61810d9cfa2023-02-07 15:13:06.096root 11241100x8000000000000000700038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019d3f1ac485ceb92023-02-07 15:13:06.096root 11241100x8000000000000000700037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c7ed0a1a3a5cd52023-02-07 15:13:06.096root 11241100x8000000000000000700036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baae6aac37b9d022023-02-07 15:13:06.096root 11241100x8000000000000000700048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7783ff38a8a63f02023-02-07 15:13:06.097root 11241100x8000000000000000700047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0a6b6df318667d2023-02-07 15:13:06.097root 11241100x8000000000000000700046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c7a00594172bfb2023-02-07 15:13:06.097root 11241100x8000000000000000700045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532f2ad52b3827c82023-02-07 15:13:06.097root 11241100x8000000000000000700044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3af782a5a94b9a2023-02-07 15:13:06.097root 11241100x8000000000000000700043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0ba2e861c49c8a2023-02-07 15:13:06.097root 11241100x8000000000000000700042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48696f5822b14042023-02-07 15:13:06.097root 11241100x8000000000000000700054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97243c69d82511dd2023-02-07 15:13:06.098root 11241100x8000000000000000700053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48588f934ee1017d2023-02-07 15:13:06.098root 11241100x8000000000000000700052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c552a801be6d7f012023-02-07 15:13:06.098root 11241100x8000000000000000700051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f107fb43d7ee8f22023-02-07 15:13:06.098root 11241100x8000000000000000700050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bbafbb2c96ba462023-02-07 15:13:06.098root 11241100x8000000000000000700049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7273a466d31384532023-02-07 15:13:06.098root 11241100x8000000000000000700061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a2cb0c846f97e2023-02-07 15:13:06.099root 11241100x8000000000000000700060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e948ce4313e08ef2023-02-07 15:13:06.099root 11241100x8000000000000000700059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bb1ef752d968a12023-02-07 15:13:06.099root 11241100x8000000000000000700058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b57518f0022bd82023-02-07 15:13:06.099root 11241100x8000000000000000700057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2237eee336dae2e12023-02-07 15:13:06.099root 11241100x8000000000000000700056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6481b75527b5bb3f2023-02-07 15:13:06.099root 11241100x8000000000000000700055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b82ef25d0daa0702023-02-07 15:13:06.099root 11241100x8000000000000000700062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912cb87221a660fc2023-02-07 15:13:06.100root 11241100x8000000000000000700064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415675d11201441f2023-02-07 15:13:06.101root 11241100x8000000000000000700063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb14edd30cc82562023-02-07 15:13:06.101root 11241100x8000000000000000700065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fef53d9bb7948782023-02-07 15:13:06.102root 11241100x8000000000000000700068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9790164add7aafd42023-02-07 15:13:06.595root 11241100x8000000000000000700067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b827c317b1408fa2023-02-07 15:13:06.595root 11241100x8000000000000000700066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aa0dc09346fd7e2023-02-07 15:13:06.595root 11241100x8000000000000000700075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4838449cf412e9382023-02-07 15:13:06.596root 11241100x8000000000000000700074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a659897ea45fbbf2023-02-07 15:13:06.596root 11241100x8000000000000000700073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01495f607d715cf2023-02-07 15:13:06.596root 11241100x8000000000000000700072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a7d34c6ff1f9602023-02-07 15:13:06.596root 11241100x8000000000000000700071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6a36a87ac705e22023-02-07 15:13:06.596root 11241100x8000000000000000700070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fba11bccf7d52192023-02-07 15:13:06.596root 11241100x8000000000000000700069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d636c7d5d42680732023-02-07 15:13:06.596root 11241100x8000000000000000700082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830d9012a8f3e1c52023-02-07 15:13:06.597root 11241100x8000000000000000700081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6e6e154399f0e62023-02-07 15:13:06.597root 11241100x8000000000000000700080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3107beac9b1812f2023-02-07 15:13:06.597root 11241100x8000000000000000700079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7948995851f0698a2023-02-07 15:13:06.597root 11241100x8000000000000000700078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f080697a86dd12023-02-07 15:13:06.597root 11241100x8000000000000000700077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adea756b9fb206112023-02-07 15:13:06.597root 11241100x8000000000000000700076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8651df8b80d2452f2023-02-07 15:13:06.597root 11241100x8000000000000000700089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3db4414846b89f2023-02-07 15:13:06.598root 11241100x8000000000000000700088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bbc94d358cfb212023-02-07 15:13:06.598root 11241100x8000000000000000700087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e6f1251a108ed22023-02-07 15:13:06.598root 11241100x8000000000000000700086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550c14a0a8dbc6b02023-02-07 15:13:06.598root 11241100x8000000000000000700085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e77d8daa9cd922023-02-07 15:13:06.598root 11241100x8000000000000000700084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e2f45a08ee547c2023-02-07 15:13:06.598root 11241100x8000000000000000700083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c856b02afe8a00552023-02-07 15:13:06.598root 11241100x8000000000000000700096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f5fde8fee7bd42023-02-07 15:13:06.599root 11241100x8000000000000000700095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b56e078479d742023-02-07 15:13:06.599root 11241100x8000000000000000700094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab275ba630332d32023-02-07 15:13:06.599root 11241100x8000000000000000700093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9170ed2f8069d7ed2023-02-07 15:13:06.599root 11241100x8000000000000000700092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693a19d4ea2273832023-02-07 15:13:06.599root 11241100x8000000000000000700091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27fcd31c8b620cf2023-02-07 15:13:06.599root 11241100x8000000000000000700090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae46b1b2bd1b2ed2023-02-07 15:13:06.599root 11241100x8000000000000000700099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f183262edce41dd2023-02-07 15:13:06.600root 11241100x8000000000000000700098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6cc24bb1e4d1842023-02-07 15:13:06.600root 11241100x8000000000000000700097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4215910c530036712023-02-07 15:13:06.600root 11241100x8000000000000000700102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831add9f31cf90ea2023-02-07 15:13:07.095root 11241100x8000000000000000700101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0294491cf596828c2023-02-07 15:13:07.095root 11241100x8000000000000000700100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd2ded92ba196532023-02-07 15:13:07.095root 11241100x8000000000000000700109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d879e4bc5eb96dea2023-02-07 15:13:07.096root 11241100x8000000000000000700108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17445046090882b2023-02-07 15:13:07.096root 11241100x8000000000000000700107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79e77119744e5e82023-02-07 15:13:07.096root 11241100x8000000000000000700106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dd08ccb4b711e62023-02-07 15:13:07.096root 11241100x8000000000000000700105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a84aa3d858a1212023-02-07 15:13:07.096root 11241100x8000000000000000700104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8801b158c271f602023-02-07 15:13:07.096root 11241100x8000000000000000700103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8c6028bda9cba12023-02-07 15:13:07.096root 11241100x8000000000000000700116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bb700a10103d192023-02-07 15:13:07.097root 11241100x8000000000000000700115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9dad845ec5d30c2023-02-07 15:13:07.097root 11241100x8000000000000000700114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f73a8a279140402023-02-07 15:13:07.097root 11241100x8000000000000000700113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263e0288c717ff1a2023-02-07 15:13:07.097root 11241100x8000000000000000700112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873c89c1b6da96792023-02-07 15:13:07.097root 11241100x8000000000000000700111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9677a3f61431812023-02-07 15:13:07.097root 11241100x8000000000000000700110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da1d7c107d3da42023-02-07 15:13:07.097root 11241100x8000000000000000700122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777b272ac34692e32023-02-07 15:13:07.098root 11241100x8000000000000000700121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638fd26edb2f46562023-02-07 15:13:07.098root 11241100x8000000000000000700120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5736a5f3a85f20952023-02-07 15:13:07.098root 11241100x8000000000000000700119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061ea08d8d7c9a642023-02-07 15:13:07.098root 11241100x8000000000000000700118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de10bccc9806e1242023-02-07 15:13:07.098root 11241100x8000000000000000700117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8688c1045401b1192023-02-07 15:13:07.098root 11241100x8000000000000000700130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6480c377ee5b1c2023-02-07 15:13:07.099root 11241100x8000000000000000700129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c959e88768728082023-02-07 15:13:07.099root 11241100x8000000000000000700128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c0dc3bb916fe302023-02-07 15:13:07.099root 11241100x8000000000000000700127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d5266b06dbd84f2023-02-07 15:13:07.099root 11241100x8000000000000000700126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a7c8580c57d8242023-02-07 15:13:07.099root 11241100x8000000000000000700125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e369a7dd8cbf1662023-02-07 15:13:07.099root 11241100x8000000000000000700124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eee1181b379e572023-02-07 15:13:07.099root 11241100x8000000000000000700123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c211678755fadbd2023-02-07 15:13:07.099root 11241100x8000000000000000700132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002db485ee9322bc2023-02-07 15:13:07.100root 11241100x8000000000000000700131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1b8a3bc51acd132023-02-07 15:13:07.100root 11241100x8000000000000000700134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f7821622779212023-02-07 15:13:07.595root 11241100x8000000000000000700133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bbd6c61e2cece02023-02-07 15:13:07.595root 11241100x8000000000000000700140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a742fac28279f2023-02-07 15:13:07.596root 11241100x8000000000000000700139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4d644871c7a2fb2023-02-07 15:13:07.596root 11241100x8000000000000000700138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504954262e04ae5d2023-02-07 15:13:07.596root 11241100x8000000000000000700137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf988e7390ca503b2023-02-07 15:13:07.596root 11241100x8000000000000000700136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53caba11e8057bf2023-02-07 15:13:07.596root 11241100x8000000000000000700135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ba72bd4805d9de2023-02-07 15:13:07.596root 11241100x8000000000000000700149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20a7e1d091bab012023-02-07 15:13:07.597root 11241100x8000000000000000700148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a61e5978ed0bbb2023-02-07 15:13:07.597root 11241100x8000000000000000700147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1ba1fcb1013c062023-02-07 15:13:07.597root 11241100x8000000000000000700146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0a3d4148be1b592023-02-07 15:13:07.597root 11241100x8000000000000000700145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9973e3dc5e440cf2023-02-07 15:13:07.597root 11241100x8000000000000000700144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0182dabe4fb786d2023-02-07 15:13:07.597root 11241100x8000000000000000700143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17cae545210eb2a2023-02-07 15:13:07.597root 11241100x8000000000000000700142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb8de123d2dc95f2023-02-07 15:13:07.597root 11241100x8000000000000000700141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0180c43e832d3eaa2023-02-07 15:13:07.597root 11241100x8000000000000000700157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a9c66d66a810c2023-02-07 15:13:07.598root 11241100x8000000000000000700156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deecab5672fb0bb32023-02-07 15:13:07.598root 11241100x8000000000000000700155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985ad67b286128752023-02-07 15:13:07.598root 11241100x8000000000000000700154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6945640b727036da2023-02-07 15:13:07.598root 11241100x8000000000000000700153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90860442174519452023-02-07 15:13:07.598root 11241100x8000000000000000700152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b41e3cc7174282023-02-07 15:13:07.598root 11241100x8000000000000000700151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6969c69f5aa05f2b2023-02-07 15:13:07.598root 11241100x8000000000000000700150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a56817c0bad2e2023-02-07 15:13:07.598root 11241100x8000000000000000700164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc682691f406922023-02-07 15:13:07.599root 11241100x8000000000000000700163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1153fd55c0bc282023-02-07 15:13:07.599root 11241100x8000000000000000700162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd467aa41468b1592023-02-07 15:13:07.599root 11241100x8000000000000000700161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3712004b9613d32023-02-07 15:13:07.599root 11241100x8000000000000000700160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8641cb42cebdd6e02023-02-07 15:13:07.599root 11241100x8000000000000000700159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e060404dbe263c2023-02-07 15:13:07.599root 11241100x8000000000000000700158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b161b33bc7429852023-02-07 15:13:07.599root 11241100x8000000000000000700170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05149351a2c525072023-02-07 15:13:08.096root 11241100x8000000000000000700169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564ffff48bd8a03e2023-02-07 15:13:08.096root 11241100x8000000000000000700168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e78c7acc6e44542023-02-07 15:13:08.096root 11241100x8000000000000000700167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dfc818d8fa65312023-02-07 15:13:08.096root 11241100x8000000000000000700166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fea59f74fbeada2023-02-07 15:13:08.096root 11241100x8000000000000000700165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2312409f963aba842023-02-07 15:13:08.096root 11241100x8000000000000000700176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b371e346b4006462023-02-07 15:13:08.097root 11241100x8000000000000000700175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37057df66a3601442023-02-07 15:13:08.097root 11241100x8000000000000000700174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e07e75ec62aa5132023-02-07 15:13:08.097root 11241100x8000000000000000700173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380425b120120af32023-02-07 15:13:08.097root 11241100x8000000000000000700172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1f34e99d1857872023-02-07 15:13:08.097root 11241100x8000000000000000700171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319471295b81b88a2023-02-07 15:13:08.097root 11241100x8000000000000000700185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00e4adada8413ea2023-02-07 15:13:08.098root 11241100x8000000000000000700184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ce73b9b32f469c2023-02-07 15:13:08.098root 11241100x8000000000000000700183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd256eeddfb51d02023-02-07 15:13:08.098root 11241100x8000000000000000700182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d2072c72016b112023-02-07 15:13:08.098root 11241100x8000000000000000700181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5904d0068b7a2c2023-02-07 15:13:08.098root 11241100x8000000000000000700180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3213aa493caaea1f2023-02-07 15:13:08.098root 11241100x8000000000000000700179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc469a5f2cc577b02023-02-07 15:13:08.098root 11241100x8000000000000000700178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6302450c5d8c1ec32023-02-07 15:13:08.098root 11241100x8000000000000000700177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3910532fc9b193f2023-02-07 15:13:08.098root 11241100x8000000000000000700187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd4b45649700df52023-02-07 15:13:08.099root 11241100x8000000000000000700186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11875883364ae8a22023-02-07 15:13:08.099root 11241100x8000000000000000700190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd11977600d1e72023-02-07 15:13:08.100root 11241100x8000000000000000700189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8a21551c03602b2023-02-07 15:13:08.100root 11241100x8000000000000000700188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6329b38b2b91ad62023-02-07 15:13:08.100root 11241100x8000000000000000700191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae1b93e17a0062e2023-02-07 15:13:08.101root 11241100x8000000000000000700196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3cffe5340a7c2e2023-02-07 15:13:08.595root 11241100x8000000000000000700195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e321736ebbe8bb92023-02-07 15:13:08.595root 11241100x8000000000000000700194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a2295caae14832023-02-07 15:13:08.595root 11241100x8000000000000000700193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cff3a5cca49c9652023-02-07 15:13:08.595root 11241100x8000000000000000700192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a674f06ff9df05bf2023-02-07 15:13:08.595root 11241100x8000000000000000700203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d88ec2e26c159042023-02-07 15:13:08.596root 11241100x8000000000000000700202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6b8a162a67b2322023-02-07 15:13:08.596root 11241100x8000000000000000700201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c78abd7703ddb772023-02-07 15:13:08.596root 11241100x8000000000000000700200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b32271da600d78f2023-02-07 15:13:08.596root 11241100x8000000000000000700199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ecd888ec56f1f12023-02-07 15:13:08.596root 11241100x8000000000000000700198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cfb86bc2e2c5032023-02-07 15:13:08.596root 11241100x8000000000000000700197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f4c2c3ea0a58da2023-02-07 15:13:08.596root 11241100x8000000000000000700208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47f77c9e7983c852023-02-07 15:13:08.597root 11241100x8000000000000000700207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5c4e525f4d507d2023-02-07 15:13:08.597root 11241100x8000000000000000700206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731ab70bb120e24a2023-02-07 15:13:08.597root 11241100x8000000000000000700205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d071b400aef1412023-02-07 15:13:08.597root 11241100x8000000000000000700204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27141d4a2f8d79e2023-02-07 15:13:08.597root 11241100x8000000000000000700216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f5275446dd87272023-02-07 15:13:08.598root 11241100x8000000000000000700215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff65ef0305a69e92023-02-07 15:13:08.598root 11241100x8000000000000000700214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f583e95d9848adc72023-02-07 15:13:08.598root 11241100x8000000000000000700213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0cf04e9e0df7722023-02-07 15:13:08.598root 11241100x8000000000000000700212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2295ee9227530532023-02-07 15:13:08.598root 11241100x8000000000000000700211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719586b79c5918862023-02-07 15:13:08.598root 11241100x8000000000000000700210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fc91ad1882fd832023-02-07 15:13:08.598root 11241100x8000000000000000700209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3521d00b88c15202023-02-07 15:13:08.598root 11241100x8000000000000000700221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afabcb3188d63d092023-02-07 15:13:08.599root 11241100x8000000000000000700220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ee1c4ea70af0a82023-02-07 15:13:08.599root 11241100x8000000000000000700219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9874088575629b2023-02-07 15:13:08.599root 11241100x8000000000000000700218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f721acb234df6182023-02-07 15:13:08.599root 11241100x8000000000000000700217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c1f464498452252023-02-07 15:13:08.599root 354300x8000000000000000700222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.059{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43074-false10.0.1.12-8000- 11241100x8000000000000000700224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.061{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3653439dd9abe5952023-02-07 15:13:09.061root 11241100x8000000000000000700223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.061{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a2e9976dc2287d2023-02-07 15:13:09.061root 11241100x8000000000000000700229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c6d750ca71a8a02023-02-07 15:13:09.062root 11241100x8000000000000000700228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a666f2fc8879c02023-02-07 15:13:09.062root 11241100x8000000000000000700227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e121462dfd006e2023-02-07 15:13:09.062root 11241100x8000000000000000700226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bb3c3a73fdbbf02023-02-07 15:13:09.062root 11241100x8000000000000000700225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.062{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314325757ccc7b522023-02-07 15:13:09.062root 11241100x8000000000000000700235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bbf614523eb3c12023-02-07 15:13:09.063root 11241100x8000000000000000700234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100c1181216f61762023-02-07 15:13:09.063root 11241100x8000000000000000700233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb79a3d224cb4242023-02-07 15:13:09.063root 11241100x8000000000000000700232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1207db048daefea32023-02-07 15:13:09.063root 11241100x8000000000000000700231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9506da2823f3cf782023-02-07 15:13:09.063root 11241100x8000000000000000700230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.063{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ad33c90c14dfc62023-02-07 15:13:09.063root 11241100x8000000000000000700240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6449a1bff0f2ebc12023-02-07 15:13:09.064root 11241100x8000000000000000700239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54491009c9dba3a12023-02-07 15:13:09.064root 11241100x8000000000000000700238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f43bcf3deb04ad2023-02-07 15:13:09.064root 11241100x8000000000000000700237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e56343149e0018f2023-02-07 15:13:09.064root 11241100x8000000000000000700236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.064{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf84593a955452d32023-02-07 15:13:09.064root 11241100x8000000000000000700244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd0b2d6e733c5d62023-02-07 15:13:09.065root 11241100x8000000000000000700243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2964f139316937c32023-02-07 15:13:09.065root 11241100x8000000000000000700242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0568f911e74ce32023-02-07 15:13:09.065root 11241100x8000000000000000700241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.065{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64a91b5356533ac2023-02-07 15:13:09.065root 11241100x8000000000000000700250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46173bb5a1eb9752023-02-07 15:13:09.066root 11241100x8000000000000000700249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0c0765928723232023-02-07 15:13:09.066root 11241100x8000000000000000700248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d8a1c7f943a85d2023-02-07 15:13:09.066root 11241100x8000000000000000700247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9d9b384867b1fd2023-02-07 15:13:09.066root 11241100x8000000000000000700246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dc8898d7b38ef92023-02-07 15:13:09.066root 11241100x8000000000000000700245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa888899f47dcd92023-02-07 15:13:09.066root 11241100x8000000000000000700253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48c3467110d17e32023-02-07 15:13:09.346root 11241100x8000000000000000700252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e7297c92467d9a2023-02-07 15:13:09.346root 11241100x8000000000000000700251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c214943e3641b3652023-02-07 15:13:09.346root 11241100x8000000000000000700262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166cef96472fed022023-02-07 15:13:09.347root 11241100x8000000000000000700261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d62b46e685d6ed12023-02-07 15:13:09.347root 11241100x8000000000000000700260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c22d854405e66f2023-02-07 15:13:09.347root 11241100x8000000000000000700259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46a1351a6a70ecd2023-02-07 15:13:09.347root 11241100x8000000000000000700258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c970143b251cf6372023-02-07 15:13:09.347root 11241100x8000000000000000700257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235143112ce96492023-02-07 15:13:09.347root 11241100x8000000000000000700256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d78f1439d2f85d2023-02-07 15:13:09.347root 11241100x8000000000000000700255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2e1a20db2f9e392023-02-07 15:13:09.347root 11241100x8000000000000000700254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac3003e54c8eb852023-02-07 15:13:09.347root 11241100x8000000000000000700269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b7b51fa3e6c16b2023-02-07 15:13:09.348root 11241100x8000000000000000700268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa67880efa940542023-02-07 15:13:09.348root 11241100x8000000000000000700267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fca5c2dd1f26e742023-02-07 15:13:09.348root 11241100x8000000000000000700266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b5089327a04f2f2023-02-07 15:13:09.348root 11241100x8000000000000000700265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee4e4e613d7446d2023-02-07 15:13:09.348root 11241100x8000000000000000700264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd12e0129f35be7b2023-02-07 15:13:09.348root 11241100x8000000000000000700263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5025ec7fb2b5961e2023-02-07 15:13:09.348root 11241100x8000000000000000700278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfd64223191fcce2023-02-07 15:13:09.349root 11241100x8000000000000000700277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8e442cb67527c22023-02-07 15:13:09.349root 11241100x8000000000000000700276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9172e6e6174396382023-02-07 15:13:09.349root 11241100x8000000000000000700275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe0f4a08a3ca3552023-02-07 15:13:09.349root 11241100x8000000000000000700274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd8bbae962666d82023-02-07 15:13:09.349root 11241100x8000000000000000700273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d9c70a7880bef62023-02-07 15:13:09.349root 11241100x8000000000000000700272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dc823d40a59a582023-02-07 15:13:09.349root 11241100x8000000000000000700271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0676ffecf0d1878f2023-02-07 15:13:09.349root 11241100x8000000000000000700270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa659febe1fbdfe72023-02-07 15:13:09.349root 11241100x8000000000000000700284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dafa6322df24092023-02-07 15:13:09.846root 11241100x8000000000000000700283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47438726399f2fa22023-02-07 15:13:09.846root 11241100x8000000000000000700282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72db8384e42824712023-02-07 15:13:09.846root 11241100x8000000000000000700281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f796b3755d48c26a2023-02-07 15:13:09.846root 11241100x8000000000000000700280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a273b5e431171be92023-02-07 15:13:09.846root 11241100x8000000000000000700279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beb6e4644989f192023-02-07 15:13:09.846root 11241100x8000000000000000700296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124d064204dff74d2023-02-07 15:13:09.847root 11241100x8000000000000000700295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c81e76e1502175e2023-02-07 15:13:09.847root 11241100x8000000000000000700294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19b242e67d4087e2023-02-07 15:13:09.847root 11241100x8000000000000000700293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83721cc95ca9b9e22023-02-07 15:13:09.847root 11241100x8000000000000000700292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6157377043ad4cd72023-02-07 15:13:09.847root 11241100x8000000000000000700291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3f9e2feb7dec3e2023-02-07 15:13:09.847root 11241100x8000000000000000700290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8136ba6651bb99942023-02-07 15:13:09.847root 11241100x8000000000000000700289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab733550dd33da082023-02-07 15:13:09.847root 11241100x8000000000000000700288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0af3d1d967879332023-02-07 15:13:09.847root 11241100x8000000000000000700287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3fd1e172cab6582023-02-07 15:13:09.847root 11241100x8000000000000000700286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d0e5ce097f58ee2023-02-07 15:13:09.847root 11241100x8000000000000000700285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adb1882b643cf992023-02-07 15:13:09.847root 11241100x8000000000000000700306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b869263931d42a732023-02-07 15:13:09.848root 11241100x8000000000000000700305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c7a028097975292023-02-07 15:13:09.848root 11241100x8000000000000000700304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a972601acf3adb2023-02-07 15:13:09.848root 11241100x8000000000000000700303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b350037197ea492023-02-07 15:13:09.848root 11241100x8000000000000000700302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400e45d4c30f3dcb2023-02-07 15:13:09.848root 11241100x8000000000000000700301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86870ad4ac426d02023-02-07 15:13:09.848root 11241100x8000000000000000700300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bc2de13a60afe82023-02-07 15:13:09.848root 11241100x8000000000000000700299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56cf01e127d28592023-02-07 15:13:09.848root 11241100x8000000000000000700298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5321d0c996701c3b2023-02-07 15:13:09.848root 11241100x8000000000000000700297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:09.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e2ff6bea2123db2023-02-07 15:13:09.848root 11241100x8000000000000000700313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbd82081b34159a2023-02-07 15:13:10.346root 11241100x8000000000000000700312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898efffda741aa572023-02-07 15:13:10.346root 11241100x8000000000000000700311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1976009914d1cb62023-02-07 15:13:10.346root 11241100x8000000000000000700310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4188debdbe9545902023-02-07 15:13:10.346root 11241100x8000000000000000700309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2993390604aeda2023-02-07 15:13:10.346root 11241100x8000000000000000700308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fc2fb32e4e41252023-02-07 15:13:10.346root 11241100x8000000000000000700307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d373f73f881b44d32023-02-07 15:13:10.346root 11241100x8000000000000000700329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d4a1016e87a8d12023-02-07 15:13:10.347root 11241100x8000000000000000700328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca3b57d22c50dd2023-02-07 15:13:10.347root 11241100x8000000000000000700327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537ca9fff9fd3ac92023-02-07 15:13:10.347root 11241100x8000000000000000700326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e02f106df0766602023-02-07 15:13:10.347root 11241100x8000000000000000700325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5c694aebc35ced2023-02-07 15:13:10.347root 11241100x8000000000000000700324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f606d7a25b2178742023-02-07 15:13:10.347root 11241100x8000000000000000700323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c011a61a9943d9452023-02-07 15:13:10.347root 11241100x8000000000000000700322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02da01902598de12023-02-07 15:13:10.347root 11241100x8000000000000000700321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261d64937c5d6b92023-02-07 15:13:10.347root 11241100x8000000000000000700320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e88400397f4b342023-02-07 15:13:10.347root 11241100x8000000000000000700319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e702c6220a2251f2023-02-07 15:13:10.347root 11241100x8000000000000000700318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81cb3e610c109ce2023-02-07 15:13:10.347root 11241100x8000000000000000700317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1adccabf92b04b2023-02-07 15:13:10.347root 11241100x8000000000000000700316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fcaac1c997fad02023-02-07 15:13:10.347root 11241100x8000000000000000700315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d591556017cf6a2023-02-07 15:13:10.347root 11241100x8000000000000000700314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1214adafd9404c2023-02-07 15:13:10.347root 11241100x8000000000000000700334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80406743a2ae2aa2023-02-07 15:13:10.348root 11241100x8000000000000000700333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5abe46ee5d2c5e2023-02-07 15:13:10.348root 11241100x8000000000000000700332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f420b178b43f12632023-02-07 15:13:10.348root 11241100x8000000000000000700331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eb8e13f003a7032023-02-07 15:13:10.348root 11241100x8000000000000000700330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89c6520b1b3b6e22023-02-07 15:13:10.348root 11241100x8000000000000000700342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5914cdb4c0c05d9e2023-02-07 15:13:10.846root 11241100x8000000000000000700341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2d834162b66e732023-02-07 15:13:10.846root 11241100x8000000000000000700340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e027681fca36942023-02-07 15:13:10.846root 11241100x8000000000000000700339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e96b87b74c23322023-02-07 15:13:10.846root 11241100x8000000000000000700338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c3d2e7f58be7162023-02-07 15:13:10.846root 11241100x8000000000000000700337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7412490bd81d622023-02-07 15:13:10.846root 11241100x8000000000000000700336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04687839e013c0f62023-02-07 15:13:10.846root 11241100x8000000000000000700335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e1894c5e6c3eb32023-02-07 15:13:10.846root 11241100x8000000000000000700357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1198ad826cd72fa92023-02-07 15:13:10.847root 11241100x8000000000000000700356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f2ee27788446822023-02-07 15:13:10.847root 11241100x8000000000000000700355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d805acfdc664bf2023-02-07 15:13:10.847root 11241100x8000000000000000700354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec390e0b8e3d75482023-02-07 15:13:10.847root 11241100x8000000000000000700353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10972dc70524f96b2023-02-07 15:13:10.847root 11241100x8000000000000000700352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875c53fee04915bf2023-02-07 15:13:10.847root 11241100x8000000000000000700351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a68c68fe056ed672023-02-07 15:13:10.847root 11241100x8000000000000000700350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b850cbfb25935fd12023-02-07 15:13:10.847root 11241100x8000000000000000700349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e31fbd7afe0a42023-02-07 15:13:10.847root 11241100x8000000000000000700348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad920929d12a1add2023-02-07 15:13:10.847root 11241100x8000000000000000700347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e64d7fcb448dbd2023-02-07 15:13:10.847root 11241100x8000000000000000700346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462829f2a01e68a22023-02-07 15:13:10.847root 11241100x8000000000000000700345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec41ad0d9d56088d2023-02-07 15:13:10.847root 11241100x8000000000000000700344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4afcee2061bb7ea2023-02-07 15:13:10.847root 11241100x8000000000000000700343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e5c481aaf386b02023-02-07 15:13:10.847root 11241100x8000000000000000700362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e167fc9f23c239c92023-02-07 15:13:10.848root 11241100x8000000000000000700361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504e2cc02b9c67de2023-02-07 15:13:10.848root 11241100x8000000000000000700360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c42b70407be4d312023-02-07 15:13:10.848root 11241100x8000000000000000700359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e352acc8555e7c02023-02-07 15:13:10.848root 11241100x8000000000000000700358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:10.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe24b1b7002e5e2023-02-07 15:13:10.848root 11241100x8000000000000000700371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d98e785295eed62023-02-07 15:13:11.346root 11241100x8000000000000000700370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2aa9988367e7032023-02-07 15:13:11.346root 11241100x8000000000000000700369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83085b4034e130c2023-02-07 15:13:11.346root 11241100x8000000000000000700368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd5a71a5b8306c92023-02-07 15:13:11.346root 11241100x8000000000000000700367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8ba54b18d488f02023-02-07 15:13:11.346root 11241100x8000000000000000700366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90549b7f18c33ec2023-02-07 15:13:11.346root 11241100x8000000000000000700365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648e49b25fe574cf2023-02-07 15:13:11.346root 11241100x8000000000000000700364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27cc8fefa1559252023-02-07 15:13:11.346root 11241100x8000000000000000700363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0699c50f6df1c32023-02-07 15:13:11.346root 11241100x8000000000000000700381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e101c8b5ef9154c82023-02-07 15:13:11.347root 11241100x8000000000000000700380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78930cb2c78868d2023-02-07 15:13:11.347root 11241100x8000000000000000700379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d7c8009f3a2eaa2023-02-07 15:13:11.347root 11241100x8000000000000000700378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a617cd2a71e988342023-02-07 15:13:11.347root 11241100x8000000000000000700377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80e042257e767802023-02-07 15:13:11.347root 11241100x8000000000000000700376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb136400b06a20682023-02-07 15:13:11.347root 11241100x8000000000000000700375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913d748bc91e2d402023-02-07 15:13:11.347root 11241100x8000000000000000700374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee812cf952275512023-02-07 15:13:11.347root 11241100x8000000000000000700373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a155115a0f68a02023-02-07 15:13:11.347root 11241100x8000000000000000700372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dc0095e2d7c4722023-02-07 15:13:11.347root 11241100x8000000000000000700390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560944bd2586ea702023-02-07 15:13:11.348root 11241100x8000000000000000700389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cbf3adc937a2cb2023-02-07 15:13:11.348root 11241100x8000000000000000700388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e511798ad3b133922023-02-07 15:13:11.348root 11241100x8000000000000000700387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c770162f54e9062023-02-07 15:13:11.348root 11241100x8000000000000000700386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17239ff6c42594f2023-02-07 15:13:11.348root 11241100x8000000000000000700385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00987e4500c45c5f2023-02-07 15:13:11.348root 11241100x8000000000000000700384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337e5fa529b0e09c2023-02-07 15:13:11.348root 11241100x8000000000000000700383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6d9cf2d1305f9a2023-02-07 15:13:11.348root 11241100x8000000000000000700382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a238301d399400952023-02-07 15:13:11.348root 11241100x8000000000000000700395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd7f7c63480433d2023-02-07 15:13:11.846root 11241100x8000000000000000700394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13bf088016cfbd02023-02-07 15:13:11.846root 11241100x8000000000000000700393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e043eae498cb62023-02-07 15:13:11.846root 11241100x8000000000000000700392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ce342520d897232023-02-07 15:13:11.846root 11241100x8000000000000000700391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dd989dbd927a682023-02-07 15:13:11.846root 11241100x8000000000000000700409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fa1326099b6fd92023-02-07 15:13:11.847root 11241100x8000000000000000700408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad64adb2b08b28d2023-02-07 15:13:11.847root 11241100x8000000000000000700407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ac2eda7090cfeb2023-02-07 15:13:11.847root 11241100x8000000000000000700406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1946ba298e97bf2023-02-07 15:13:11.847root 11241100x8000000000000000700405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c54686b6a466d7f2023-02-07 15:13:11.847root 11241100x8000000000000000700404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36111e44196639d42023-02-07 15:13:11.847root 11241100x8000000000000000700403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5badaecf7816c6b2023-02-07 15:13:11.847root 11241100x8000000000000000700402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8615ee7bdadc7f2023-02-07 15:13:11.847root 11241100x8000000000000000700401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cef2d2f21320302023-02-07 15:13:11.847root 11241100x8000000000000000700400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da23d6d7895d89a42023-02-07 15:13:11.847root 11241100x8000000000000000700399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba0b1d94b0b42622023-02-07 15:13:11.847root 11241100x8000000000000000700398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695e645c0a91fb162023-02-07 15:13:11.847root 11241100x8000000000000000700397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6a4970a5138dbc2023-02-07 15:13:11.847root 11241100x8000000000000000700396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffb0ca0156ef6582023-02-07 15:13:11.847root 11241100x8000000000000000700418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e53e87f4538d04a2023-02-07 15:13:11.848root 11241100x8000000000000000700417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ffd1637f77baf82023-02-07 15:13:11.848root 11241100x8000000000000000700416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4b63002f4ad46f2023-02-07 15:13:11.848root 11241100x8000000000000000700415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd652901da4854b2023-02-07 15:13:11.848root 11241100x8000000000000000700414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d9b7b25c4d133a2023-02-07 15:13:11.848root 11241100x8000000000000000700413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2455054f65e52012023-02-07 15:13:11.848root 11241100x8000000000000000700412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a282debb6a31612023-02-07 15:13:11.848root 11241100x8000000000000000700411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973c77f87c1767962023-02-07 15:13:11.848root 11241100x8000000000000000700410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7df1a7b34738672023-02-07 15:13:11.848root 11241100x8000000000000000700421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cbf7a21f96c7ad2023-02-07 15:13:12.346root 11241100x8000000000000000700420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3345d33b3d67e3722023-02-07 15:13:12.346root 11241100x8000000000000000700419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a335de4afc139602023-02-07 15:13:12.346root 11241100x8000000000000000700432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f548a5906aa65b2f2023-02-07 15:13:12.347root 11241100x8000000000000000700431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3660c368b67aeb32023-02-07 15:13:12.347root 11241100x8000000000000000700430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d749c96e80aea82023-02-07 15:13:12.347root 11241100x8000000000000000700429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb321f5f2bd2d252023-02-07 15:13:12.347root 11241100x8000000000000000700428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1772ca2b1b9d51a2023-02-07 15:13:12.347root 11241100x8000000000000000700427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab9f84a536e85992023-02-07 15:13:12.347root 11241100x8000000000000000700426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c484b55127203962023-02-07 15:13:12.347root 11241100x8000000000000000700425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ce588ca31b68482023-02-07 15:13:12.347root 11241100x8000000000000000700424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0b64c63885f8892023-02-07 15:13:12.347root 11241100x8000000000000000700423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9fa842061dc66b2023-02-07 15:13:12.347root 11241100x8000000000000000700422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28af22fd67a27bf2023-02-07 15:13:12.347root 11241100x8000000000000000700441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65cac73afd0ee6e2023-02-07 15:13:12.348root 11241100x8000000000000000700440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf717a95de1233d2023-02-07 15:13:12.348root 11241100x8000000000000000700439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc319f285cda858b2023-02-07 15:13:12.348root 11241100x8000000000000000700438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790d32393bdc80a2023-02-07 15:13:12.348root 11241100x8000000000000000700437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daf9cd61d1e92402023-02-07 15:13:12.348root 11241100x8000000000000000700436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fe8cd1decf7aed2023-02-07 15:13:12.348root 11241100x8000000000000000700435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0683d8935924e92f2023-02-07 15:13:12.348root 11241100x8000000000000000700434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db000d7d543fbda2023-02-07 15:13:12.348root 11241100x8000000000000000700433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62648d2f15a409582023-02-07 15:13:12.348root 11241100x8000000000000000700446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39c5181c2487c732023-02-07 15:13:12.349root 11241100x8000000000000000700445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a590fdb0756ab2282023-02-07 15:13:12.349root 11241100x8000000000000000700444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3a246f33411952023-02-07 15:13:12.349root 11241100x8000000000000000700443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d08a0e3a941dd2023-02-07 15:13:12.349root 11241100x8000000000000000700442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb03cd6ef77be502023-02-07 15:13:12.349root 11241100x8000000000000000700450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0897a9335a93a62023-02-07 15:13:12.846root 11241100x8000000000000000700449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbffdd1dbacb8b12023-02-07 15:13:12.846root 11241100x8000000000000000700448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510b41e233f94edd2023-02-07 15:13:12.846root 11241100x8000000000000000700447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2788d621d54cd52023-02-07 15:13:12.846root 11241100x8000000000000000700462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa2a3af85a180e82023-02-07 15:13:12.847root 11241100x8000000000000000700461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7060baabd94cb8892023-02-07 15:13:12.847root 11241100x8000000000000000700460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786c636bda7ab8a32023-02-07 15:13:12.847root 11241100x8000000000000000700459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb824ddcebf99fbb2023-02-07 15:13:12.847root 11241100x8000000000000000700458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd375dd73d1edad2023-02-07 15:13:12.847root 11241100x8000000000000000700457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde964c24cd61db2023-02-07 15:13:12.847root 11241100x8000000000000000700456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93b57b8fc8db0532023-02-07 15:13:12.847root 11241100x8000000000000000700455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4298b2bb62c3726e2023-02-07 15:13:12.847root 11241100x8000000000000000700454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23642a1ccc7c75402023-02-07 15:13:12.847root 11241100x8000000000000000700453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c908a8a8997f7d2023-02-07 15:13:12.847root 11241100x8000000000000000700452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ce5023e41b1fdf2023-02-07 15:13:12.847root 11241100x8000000000000000700451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed79169376a7e5522023-02-07 15:13:12.847root 11241100x8000000000000000700473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a0305e1b398acd2023-02-07 15:13:12.848root 11241100x8000000000000000700472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad039fe735944d182023-02-07 15:13:12.848root 11241100x8000000000000000700471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64315839563e086d2023-02-07 15:13:12.848root 11241100x8000000000000000700470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22e2d62155ec7272023-02-07 15:13:12.848root 11241100x8000000000000000700469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010b3dc2686e88a82023-02-07 15:13:12.848root 11241100x8000000000000000700468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a4c6b3f3034cdf2023-02-07 15:13:12.848root 11241100x8000000000000000700467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e33cdf1edd98d92023-02-07 15:13:12.848root 11241100x8000000000000000700466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d212b79c7f99dc2023-02-07 15:13:12.848root 11241100x8000000000000000700465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a3b29f41f58f052023-02-07 15:13:12.848root 11241100x8000000000000000700464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e2796bb1d9a9002023-02-07 15:13:12.848root 11241100x8000000000000000700463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462c74dccf8c82362023-02-07 15:13:12.848root 11241100x8000000000000000700474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:12.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2305584bc9b501a92023-02-07 15:13:12.849root 11241100x8000000000000000700477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef01b0fa496416e2023-02-07 15:13:13.346root 11241100x8000000000000000700476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec1ec7e122ccc42023-02-07 15:13:13.346root 11241100x8000000000000000700475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17a72e121b3137a2023-02-07 15:13:13.346root 11241100x8000000000000000700485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be9d4e292d527402023-02-07 15:13:13.347root 11241100x8000000000000000700484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc822dfdece4c9932023-02-07 15:13:13.347root 11241100x8000000000000000700483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58b6bd5f13847de2023-02-07 15:13:13.347root 11241100x8000000000000000700482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f42eee24cd9a24b2023-02-07 15:13:13.347root 11241100x8000000000000000700481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e3e0edcab5e10c2023-02-07 15:13:13.347root 11241100x8000000000000000700480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c703d6724bb9d952023-02-07 15:13:13.347root 11241100x8000000000000000700479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f5bc8134cda6b2023-02-07 15:13:13.347root 11241100x8000000000000000700478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9b39007f68f07c2023-02-07 15:13:13.347root 11241100x8000000000000000700495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb2d70c694d8e02023-02-07 15:13:13.348root 11241100x8000000000000000700494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d889c7f90315dec62023-02-07 15:13:13.348root 11241100x8000000000000000700493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c789a871fad360f52023-02-07 15:13:13.348root 11241100x8000000000000000700492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209e09cec1fac1432023-02-07 15:13:13.348root 11241100x8000000000000000700491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5466536d750b50192023-02-07 15:13:13.348root 11241100x8000000000000000700490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14fb0410e84db682023-02-07 15:13:13.348root 11241100x8000000000000000700489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e900a142e4aade2023-02-07 15:13:13.348root 11241100x8000000000000000700488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2386db648d7237782023-02-07 15:13:13.348root 11241100x8000000000000000700487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b3266cb1c41f732023-02-07 15:13:13.348root 11241100x8000000000000000700486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b1604394779af82023-02-07 15:13:13.348root 11241100x8000000000000000700502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9779ac482f2461062023-02-07 15:13:13.349root 11241100x8000000000000000700501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f356cd854e48e94b2023-02-07 15:13:13.349root 11241100x8000000000000000700500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c35e17eb4bdffe2023-02-07 15:13:13.349root 11241100x8000000000000000700499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da286037dcab4962023-02-07 15:13:13.349root 11241100x8000000000000000700498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15acd675aede20c2023-02-07 15:13:13.349root 11241100x8000000000000000700497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d09077d4c3494d02023-02-07 15:13:13.349root 11241100x8000000000000000700496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83aa3d8c3a8573202023-02-07 15:13:13.349root 11241100x8000000000000000700504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e60f5c8c7170e72023-02-07 15:13:13.846root 11241100x8000000000000000700503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e8a36d6b294d562023-02-07 15:13:13.846root 11241100x8000000000000000700509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287f829313e002a32023-02-07 15:13:13.847root 11241100x8000000000000000700508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6335ea158920ee2023-02-07 15:13:13.847root 11241100x8000000000000000700507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d983390680f5b862023-02-07 15:13:13.847root 11241100x8000000000000000700506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299103935b77ac062023-02-07 15:13:13.847root 11241100x8000000000000000700505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9719d6922cdf737b2023-02-07 15:13:13.847root 11241100x8000000000000000700512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7872001b99c74f2023-02-07 15:13:13.848root 11241100x8000000000000000700511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943dfda0bc83cdb82023-02-07 15:13:13.848root 11241100x8000000000000000700510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce33b2c680a319602023-02-07 15:13:13.848root 11241100x8000000000000000700518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e813bc6f1406d45b2023-02-07 15:13:13.851root 11241100x8000000000000000700517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c6cc9e49a2077c2023-02-07 15:13:13.851root 11241100x8000000000000000700516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6992aa8d7fe7ce602023-02-07 15:13:13.851root 11241100x8000000000000000700515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dde8adef1a492402023-02-07 15:13:13.851root 11241100x8000000000000000700514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bffe3b912faefcd2023-02-07 15:13:13.851root 11241100x8000000000000000700513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe76e80abd4797382023-02-07 15:13:13.851root 11241100x8000000000000000700530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52b53c7e46e9f1b2023-02-07 15:13:13.852root 11241100x8000000000000000700529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a600570436fc53b82023-02-07 15:13:13.852root 11241100x8000000000000000700528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b837204a38674cf2023-02-07 15:13:13.852root 11241100x8000000000000000700527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b4edd456fe91e32023-02-07 15:13:13.852root 11241100x8000000000000000700526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa00461ec49f6c5b2023-02-07 15:13:13.852root 11241100x8000000000000000700525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56788b393938d412023-02-07 15:13:13.852root 11241100x8000000000000000700524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eee4b2bf21ca0422023-02-07 15:13:13.852root 11241100x8000000000000000700523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe391d7fc383042023-02-07 15:13:13.852root 11241100x8000000000000000700522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bd82bb29206db72023-02-07 15:13:13.852root 11241100x8000000000000000700521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04cc764929f92bf2023-02-07 15:13:13.852root 11241100x8000000000000000700520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d4cd8d5c04f9742023-02-07 15:13:13.852root 11241100x8000000000000000700519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:13.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a734714f81341ba2023-02-07 15:13:13.852root 354300x8000000000000000700531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.228{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43086-false10.0.1.12-8000- 11241100x8000000000000000700537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.229{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0152c69fb6cc88b2023-02-07 15:13:14.229root 11241100x8000000000000000700536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.229{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ccfc5ee511c04c2023-02-07 15:13:14.229root 11241100x8000000000000000700535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.229{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c41852a43f44972023-02-07 15:13:14.229root 11241100x8000000000000000700534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.229{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3962e52c67c4c6772023-02-07 15:13:14.229root 11241100x8000000000000000700533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.229{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffe33b5ef98eb792023-02-07 15:13:14.229root 11241100x8000000000000000700532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.229{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa341311407fbdd52023-02-07 15:13:14.229root 11241100x8000000000000000700547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241394b9192ca8e02023-02-07 15:13:14.230root 11241100x8000000000000000700546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777a793a642460082023-02-07 15:13:14.230root 11241100x8000000000000000700545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd93c863a1615ef2023-02-07 15:13:14.230root 11241100x8000000000000000700544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc727395474d48332023-02-07 15:13:14.230root 11241100x8000000000000000700543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024013869e9dbef2023-02-07 15:13:14.230root 11241100x8000000000000000700542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419b03aaa77b79372023-02-07 15:13:14.230root 11241100x8000000000000000700541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5f59e06397c2322023-02-07 15:13:14.230root 11241100x8000000000000000700540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca762201252f951b2023-02-07 15:13:14.230root 11241100x8000000000000000700539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e40432531ff1bc2023-02-07 15:13:14.230root 11241100x8000000000000000700538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.230{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5e20f9d855a87b2023-02-07 15:13:14.230root 11241100x8000000000000000700560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba02900c05169a02023-02-07 15:13:14.231root 11241100x8000000000000000700559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b16af96cc78fe72023-02-07 15:13:14.231root 11241100x8000000000000000700558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c1b6c45abe8fd02023-02-07 15:13:14.231root 11241100x8000000000000000700557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196d695b0c2b9d822023-02-07 15:13:14.231root 11241100x8000000000000000700556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86148a15641b56de2023-02-07 15:13:14.231root 11241100x8000000000000000700555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bae79bb5865dd72023-02-07 15:13:14.231root 11241100x8000000000000000700554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878b8e184855d93c2023-02-07 15:13:14.231root 11241100x8000000000000000700553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d969e932d7c3a32023-02-07 15:13:14.231root 11241100x8000000000000000700552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b3493b433591e12023-02-07 15:13:14.231root 11241100x8000000000000000700551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501970cacdcb7aea2023-02-07 15:13:14.231root 11241100x8000000000000000700550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170fb75ce015d8232023-02-07 15:13:14.231root 11241100x8000000000000000700549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c976d3414c1ff512023-02-07 15:13:14.231root 11241100x8000000000000000700548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.231{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80857ca30f053f6a2023-02-07 15:13:14.231root 11241100x8000000000000000700566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.232{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c43bd55551887af2023-02-07 15:13:14.232root 11241100x8000000000000000700565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.232{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6a814a1807a6292023-02-07 15:13:14.232root 11241100x8000000000000000700564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.232{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a670cd14875c87942023-02-07 15:13:14.232root 11241100x8000000000000000700563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.232{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4c59b7f40bf5172023-02-07 15:13:14.232root 11241100x8000000000000000700562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.232{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6edc99834b92f22023-02-07 15:13:14.232root 11241100x8000000000000000700561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.232{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716f7b0345366c202023-02-07 15:13:14.232root 11241100x8000000000000000700568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.545{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492ae33e064d93ab2023-02-07 15:13:14.545root 354300x8000000000000000700567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.545{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-54964-false10.0.1.12-8089- 11241100x8000000000000000700576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f1dfdb79803762023-02-07 15:13:14.546root 11241100x8000000000000000700575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e7449314b57f82023-02-07 15:13:14.546root 11241100x8000000000000000700574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02597f800bea1142023-02-07 15:13:14.546root 11241100x8000000000000000700573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a583dd5c80d6fb82023-02-07 15:13:14.546root 11241100x8000000000000000700572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72f1f7d05edd1382023-02-07 15:13:14.546root 11241100x8000000000000000700571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4166ae1c48db4c522023-02-07 15:13:14.546root 11241100x8000000000000000700570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90044d1d5fb9a3b32023-02-07 15:13:14.546root 11241100x8000000000000000700569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.546{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e997915ff8967b042023-02-07 15:13:14.546root 11241100x8000000000000000700583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.547{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaef68c41eb12a42023-02-07 15:13:14.547root 11241100x8000000000000000700582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.547{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acccca3f842e72b2023-02-07 15:13:14.547root 11241100x8000000000000000700581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.547{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb271f405bcf01d2023-02-07 15:13:14.547root 11241100x8000000000000000700580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.547{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e676ddbc2d83c8a2023-02-07 15:13:14.547root 11241100x8000000000000000700579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.547{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf7eaaaeea0512c2023-02-07 15:13:14.547root 11241100x8000000000000000700578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.547{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17626045b83720d02023-02-07 15:13:14.547root 11241100x8000000000000000700577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.547{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd4d4296188e9ac2023-02-07 15:13:14.547root 11241100x8000000000000000700592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c66cdb4b8d5c7bc2023-02-07 15:13:14.548root 11241100x8000000000000000700591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3128b1ee7b26d24e2023-02-07 15:13:14.548root 11241100x8000000000000000700590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b63806e1ab349b42023-02-07 15:13:14.548root 11241100x8000000000000000700589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d65e7f33abcdeb2023-02-07 15:13:14.548root 11241100x8000000000000000700588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba802a38bfdaf4222023-02-07 15:13:14.548root 11241100x8000000000000000700587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd7f6c78620dc7d2023-02-07 15:13:14.548root 11241100x8000000000000000700586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13401ce8f323125e2023-02-07 15:13:14.548root 11241100x8000000000000000700585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e66221d9070566f2023-02-07 15:13:14.548root 11241100x8000000000000000700584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.548{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbe62173e4a50362023-02-07 15:13:14.548root 11241100x8000000000000000700597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.549{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f88ae89252b342023-02-07 15:13:14.549root 11241100x8000000000000000700596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.549{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917e9634f3cb80cc2023-02-07 15:13:14.549root 11241100x8000000000000000700595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.549{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e343d74da989752023-02-07 15:13:14.549root 11241100x8000000000000000700594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.549{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f4a687c60db9992023-02-07 15:13:14.549root 11241100x8000000000000000700593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.549{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95226c05be24485e2023-02-07 15:13:14.549root 11241100x8000000000000000700604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6607ed98a2de7e22023-02-07 15:13:14.846root 11241100x8000000000000000700603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5626f448fa714c7d2023-02-07 15:13:14.846root 11241100x8000000000000000700602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8ee50823bf07672023-02-07 15:13:14.846root 11241100x8000000000000000700601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906391a2589bf9aa2023-02-07 15:13:14.846root 11241100x8000000000000000700600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f752c3a386cf4362023-02-07 15:13:14.846root 11241100x8000000000000000700599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0310427b5cf60a12023-02-07 15:13:14.846root 11241100x8000000000000000700598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d7a73588bf6b942023-02-07 15:13:14.846root 11241100x8000000000000000700619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7beefb06cfc2c8e2023-02-07 15:13:14.847root 11241100x8000000000000000700618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea955a8e83c105722023-02-07 15:13:14.847root 11241100x8000000000000000700617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77be63435ab4e8352023-02-07 15:13:14.847root 11241100x8000000000000000700616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f59eb004610c452023-02-07 15:13:14.847root 11241100x8000000000000000700615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e3a66f124959922023-02-07 15:13:14.847root 11241100x8000000000000000700614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89d841669a8b61a2023-02-07 15:13:14.847root 11241100x8000000000000000700613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64308840aca17462023-02-07 15:13:14.847root 11241100x8000000000000000700612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f3f6fe45cc04942023-02-07 15:13:14.847root 11241100x8000000000000000700611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa6d7597c1fdf602023-02-07 15:13:14.847root 11241100x8000000000000000700610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a564151a03c5022023-02-07 15:13:14.847root 11241100x8000000000000000700609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92485564d1539e6b2023-02-07 15:13:14.847root 11241100x8000000000000000700608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fad6a4749d7a4142023-02-07 15:13:14.847root 11241100x8000000000000000700607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3087cc18c0628b2023-02-07 15:13:14.847root 11241100x8000000000000000700606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b6e5bad7a622b2023-02-07 15:13:14.847root 11241100x8000000000000000700605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f17feffde515082023-02-07 15:13:14.847root 11241100x8000000000000000700627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6278c6996b41728c2023-02-07 15:13:14.848root 11241100x8000000000000000700626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b799e7f89304a7f72023-02-07 15:13:14.848root 11241100x8000000000000000700625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8160a411e4dff22023-02-07 15:13:14.848root 11241100x8000000000000000700624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11089cf5d2dbed642023-02-07 15:13:14.848root 11241100x8000000000000000700623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f1a2fbda6b8fb82023-02-07 15:13:14.848root 11241100x8000000000000000700622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4825226e2ca0042023-02-07 15:13:14.848root 11241100x8000000000000000700621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bf46e8187898a72023-02-07 15:13:14.848root 11241100x8000000000000000700620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e92d88ff62e70c2023-02-07 15:13:14.848root 11241100x8000000000000000700628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828836daafd97cf82023-02-07 15:13:15.346root 11241100x8000000000000000700634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48feceb1570d54f02023-02-07 15:13:15.347root 11241100x8000000000000000700633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cecada4970bfea72023-02-07 15:13:15.347root 11241100x8000000000000000700632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f7134d79c907072023-02-07 15:13:15.347root 11241100x8000000000000000700631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdce103e60bdc3202023-02-07 15:13:15.347root 11241100x8000000000000000700630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf449cee507b6f52023-02-07 15:13:15.347root 11241100x8000000000000000700629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c31fde73b25bad2023-02-07 15:13:15.347root 11241100x8000000000000000700643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961d91a02cf9bf172023-02-07 15:13:15.348root 11241100x8000000000000000700642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76274cb1c5d5f1d32023-02-07 15:13:15.348root 11241100x8000000000000000700641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748efb541d4733482023-02-07 15:13:15.348root 11241100x8000000000000000700640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625c3311da6ab5ee2023-02-07 15:13:15.348root 11241100x8000000000000000700639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef0a67a77a41c282023-02-07 15:13:15.348root 11241100x8000000000000000700638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fc9155846327842023-02-07 15:13:15.348root 11241100x8000000000000000700637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1239b97a793a2c2023-02-07 15:13:15.348root 11241100x8000000000000000700636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4067dd2125cd88022023-02-07 15:13:15.348root 11241100x8000000000000000700635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e3a153371c41012023-02-07 15:13:15.348root 11241100x8000000000000000700655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1f5aeba709e8a92023-02-07 15:13:15.349root 11241100x8000000000000000700654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055631354c3919f22023-02-07 15:13:15.349root 11241100x8000000000000000700653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dc3b34d768f7de2023-02-07 15:13:15.349root 11241100x8000000000000000700652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332b53b16e90b9352023-02-07 15:13:15.349root 11241100x8000000000000000700651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799aa5cdd575a2a82023-02-07 15:13:15.349root 11241100x8000000000000000700650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee362ebdbe2b96e2023-02-07 15:13:15.349root 11241100x8000000000000000700649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaef1e6922c35202023-02-07 15:13:15.349root 11241100x8000000000000000700648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be8c8a8c95289522023-02-07 15:13:15.349root 11241100x8000000000000000700647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267853056766bcf82023-02-07 15:13:15.349root 11241100x8000000000000000700646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962bc912cd3f78dd2023-02-07 15:13:15.349root 11241100x8000000000000000700645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f754ca3108264c292023-02-07 15:13:15.349root 11241100x8000000000000000700644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f15d603474dfe2023-02-07 15:13:15.349root 11241100x8000000000000000700665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073081c594118d282023-02-07 15:13:15.350root 11241100x8000000000000000700664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d514dd9278da04a2023-02-07 15:13:15.350root 11241100x8000000000000000700663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401ad080916882612023-02-07 15:13:15.350root 11241100x8000000000000000700662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e9e2820f307bd62023-02-07 15:13:15.350root 11241100x8000000000000000700661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c747701f47f63c2023-02-07 15:13:15.350root 11241100x8000000000000000700660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12c972b80d744da2023-02-07 15:13:15.350root 11241100x8000000000000000700659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45b4fb0e9c97ce12023-02-07 15:13:15.350root 11241100x8000000000000000700658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa91729528a617762023-02-07 15:13:15.350root 11241100x8000000000000000700657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b7f5db7cf17672023-02-07 15:13:15.350root 11241100x8000000000000000700656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32ec1b40131366c2023-02-07 15:13:15.350root 11241100x8000000000000000700672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febeb37262a6f0002023-02-07 15:13:15.351root 11241100x8000000000000000700671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbe8c9d3aacd1422023-02-07 15:13:15.351root 11241100x8000000000000000700670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e71e9b577a478a2023-02-07 15:13:15.351root 11241100x8000000000000000700669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e230992d7fa799f32023-02-07 15:13:15.351root 11241100x8000000000000000700668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855f0ed11a6b71942023-02-07 15:13:15.351root 11241100x8000000000000000700667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83eb1d53bb2a251b2023-02-07 15:13:15.351root 11241100x8000000000000000700666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e1f826369aca4e2023-02-07 15:13:15.351root 11241100x8000000000000000700678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b821070dc74be552023-02-07 15:13:15.846root 11241100x8000000000000000700677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a674e796e0235aa2023-02-07 15:13:15.846root 11241100x8000000000000000700676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ffcfbb1bc5436a2023-02-07 15:13:15.846root 11241100x8000000000000000700675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a521f45c56d349ef2023-02-07 15:13:15.846root 11241100x8000000000000000700674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206c1e6511a2e2462023-02-07 15:13:15.846root 11241100x8000000000000000700673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b6df40f4fbdbb12023-02-07 15:13:15.846root 11241100x8000000000000000700684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c507af3e0236652023-02-07 15:13:15.847root 11241100x8000000000000000700683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a2c213eb8c6332023-02-07 15:13:15.847root 11241100x8000000000000000700682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a06b8428daa1d42023-02-07 15:13:15.847root 11241100x8000000000000000700681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae80d243e5cb6e02023-02-07 15:13:15.847root 11241100x8000000000000000700680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0705ba2a4752fb22023-02-07 15:13:15.847root 11241100x8000000000000000700679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0c3bbb2d6ee7172023-02-07 15:13:15.847root 11241100x8000000000000000700691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8148acf4f72d022023-02-07 15:13:15.848root 11241100x8000000000000000700690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6766472646caea7f2023-02-07 15:13:15.848root 11241100x8000000000000000700689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb88526ec36c232023-02-07 15:13:15.848root 11241100x8000000000000000700688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4481fcb828c51a02023-02-07 15:13:15.848root 11241100x8000000000000000700687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e34ec32f8f7ff3f2023-02-07 15:13:15.848root 11241100x8000000000000000700686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a742f21dad7bd7d2023-02-07 15:13:15.848root 11241100x8000000000000000700685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a42d938d0a74e542023-02-07 15:13:15.848root 11241100x8000000000000000700702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a565f33361a0d5182023-02-07 15:13:15.849root 11241100x8000000000000000700701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2738fed37afa3332023-02-07 15:13:15.849root 11241100x8000000000000000700700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbebb7859f4abbb2023-02-07 15:13:15.849root 11241100x8000000000000000700699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adf732040978e762023-02-07 15:13:15.849root 11241100x8000000000000000700698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f54da5caaff0952023-02-07 15:13:15.849root 11241100x8000000000000000700697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cc645f20190fd02023-02-07 15:13:15.849root 11241100x8000000000000000700696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4a6cc237677b372023-02-07 15:13:15.849root 11241100x8000000000000000700695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea10ee4bc82236502023-02-07 15:13:15.849root 11241100x8000000000000000700694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18699de6a73eee302023-02-07 15:13:15.849root 11241100x8000000000000000700693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54dd1add91a8d7e2023-02-07 15:13:15.849root 11241100x8000000000000000700692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:15.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a25f9fdc60b4882023-02-07 15:13:15.849root 11241100x8000000000000000700713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8472fde1bb9f1fa12023-02-07 15:13:16.346root 11241100x8000000000000000700712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb82f574be8c18c52023-02-07 15:13:16.346root 11241100x8000000000000000700711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0375f83f740872023-02-07 15:13:16.346root 11241100x8000000000000000700710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50414693bce436fb2023-02-07 15:13:16.346root 11241100x8000000000000000700709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b1abfa2fa1ef082023-02-07 15:13:16.346root 11241100x8000000000000000700708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92502a0d135f1b182023-02-07 15:13:16.346root 11241100x8000000000000000700707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f697dd0271eb52023-02-07 15:13:16.346root 11241100x8000000000000000700706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952cc703b4d756d92023-02-07 15:13:16.346root 11241100x8000000000000000700705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef4f0e9562704a92023-02-07 15:13:16.346root 11241100x8000000000000000700704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff06016121b1b3f62023-02-07 15:13:16.346root 11241100x8000000000000000700703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8773b3d94972812023-02-07 15:13:16.346root 11241100x8000000000000000700728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59a2dc11d045eb2023-02-07 15:13:16.347root 11241100x8000000000000000700727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b5106a6280c2212023-02-07 15:13:16.347root 11241100x8000000000000000700726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5329c227238270792023-02-07 15:13:16.347root 11241100x8000000000000000700725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9457392ac6473a2023-02-07 15:13:16.347root 11241100x8000000000000000700724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951ef9589b92ec1f2023-02-07 15:13:16.347root 11241100x8000000000000000700723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3b0b060c00f1fd2023-02-07 15:13:16.347root 11241100x8000000000000000700722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849ac2af59edfc82023-02-07 15:13:16.347root 11241100x8000000000000000700721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e97b0b783c695c2023-02-07 15:13:16.347root 11241100x8000000000000000700720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94422278722bddf2023-02-07 15:13:16.347root 11241100x8000000000000000700719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2d943526be584e2023-02-07 15:13:16.347root 11241100x8000000000000000700718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae821ad73947bc972023-02-07 15:13:16.347root 11241100x8000000000000000700717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb73c0488f4bcf632023-02-07 15:13:16.347root 11241100x8000000000000000700716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085a5f84987543582023-02-07 15:13:16.347root 11241100x8000000000000000700715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344181ce9055faf42023-02-07 15:13:16.347root 11241100x8000000000000000700714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c607e8b5b171735a2023-02-07 15:13:16.347root 11241100x8000000000000000700732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d878c54aacafc782023-02-07 15:13:16.348root 11241100x8000000000000000700731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eac22657d454e22023-02-07 15:13:16.348root 11241100x8000000000000000700730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887bd627d38796172023-02-07 15:13:16.348root 11241100x8000000000000000700729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6766f162924262f82023-02-07 15:13:16.348root 11241100x8000000000000000700737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e886be5978c003e02023-02-07 15:13:16.846root 11241100x8000000000000000700736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff994cfac064e582023-02-07 15:13:16.846root 11241100x8000000000000000700735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242e479b2945cd372023-02-07 15:13:16.846root 11241100x8000000000000000700734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3747868158229f0a2023-02-07 15:13:16.846root 11241100x8000000000000000700733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31734be56cab984f2023-02-07 15:13:16.846root 11241100x8000000000000000700748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c579ab5eeb09a0e2023-02-07 15:13:16.847root 11241100x8000000000000000700747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487409eccb043b9e2023-02-07 15:13:16.847root 11241100x8000000000000000700746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7efe1252edb6cee2023-02-07 15:13:16.847root 11241100x8000000000000000700745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881b9c72c0d95f042023-02-07 15:13:16.847root 11241100x8000000000000000700744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4273c812355592462023-02-07 15:13:16.847root 11241100x8000000000000000700743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e770051d54475b9c2023-02-07 15:13:16.847root 11241100x8000000000000000700742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a04559d591f2232023-02-07 15:13:16.847root 11241100x8000000000000000700741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ae1b8f9d1d88fe2023-02-07 15:13:16.847root 11241100x8000000000000000700740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6d1ca22979aee02023-02-07 15:13:16.847root 11241100x8000000000000000700739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e8ec3b5517642e2023-02-07 15:13:16.847root 11241100x8000000000000000700738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a7015a579a50462023-02-07 15:13:16.847root 11241100x8000000000000000700760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8fd8fbdd92b6962023-02-07 15:13:16.848root 11241100x8000000000000000700759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785151b5377919be2023-02-07 15:13:16.848root 11241100x8000000000000000700758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389e644595ce37612023-02-07 15:13:16.848root 11241100x8000000000000000700757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca923d2cc24dce82023-02-07 15:13:16.848root 11241100x8000000000000000700756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ec04dbfc900152023-02-07 15:13:16.848root 11241100x8000000000000000700755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dec7eb9404784b2023-02-07 15:13:16.848root 11241100x8000000000000000700754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0e57874108069f2023-02-07 15:13:16.848root 11241100x8000000000000000700753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4589e5f120f36b932023-02-07 15:13:16.848root 11241100x8000000000000000700752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66fb7ad141649c52023-02-07 15:13:16.848root 11241100x8000000000000000700751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25b8f8c95c134d92023-02-07 15:13:16.848root 11241100x8000000000000000700750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791ed7f32f6eb81f2023-02-07 15:13:16.848root 11241100x8000000000000000700749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c91124ddacbfdb2023-02-07 15:13:16.848root 11241100x8000000000000000700762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809f85d64734aaa22023-02-07 15:13:16.849root 11241100x8000000000000000700761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:16.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270a097be753d39e2023-02-07 15:13:16.849root 11241100x8000000000000000700763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9c96a6f056287d2023-02-07 15:13:17.345root 11241100x8000000000000000700774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d91bedbf8548b212023-02-07 15:13:17.346root 11241100x8000000000000000700773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e25ecb6791ed9c2023-02-07 15:13:17.346root 11241100x8000000000000000700772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882ecdfad4dddbf32023-02-07 15:13:17.346root 11241100x8000000000000000700771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c216ee57d86065852023-02-07 15:13:17.346root 11241100x8000000000000000700770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f14a3209192ec62023-02-07 15:13:17.346root 11241100x8000000000000000700769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85b9fec4c927e9d2023-02-07 15:13:17.346root 11241100x8000000000000000700768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717657640caf77e32023-02-07 15:13:17.346root 11241100x8000000000000000700767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea3b787f7f070502023-02-07 15:13:17.346root 11241100x8000000000000000700766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33915f613b616e902023-02-07 15:13:17.346root 11241100x8000000000000000700765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd3fb0c65aacef02023-02-07 15:13:17.346root 11241100x8000000000000000700764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da05622194656bf2023-02-07 15:13:17.346root 11241100x8000000000000000700786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce10fae35a29aae2023-02-07 15:13:17.347root 11241100x8000000000000000700785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7056468823d8cf652023-02-07 15:13:17.347root 11241100x8000000000000000700784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dee1f111bf06322023-02-07 15:13:17.347root 11241100x8000000000000000700783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea1196a6aa325f72023-02-07 15:13:17.347root 11241100x8000000000000000700782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c5049c841bcc1a2023-02-07 15:13:17.347root 11241100x8000000000000000700781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30711ef1c0245cb2023-02-07 15:13:17.347root 11241100x8000000000000000700780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365402d450a4616a2023-02-07 15:13:17.347root 11241100x8000000000000000700779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac2428225799c952023-02-07 15:13:17.347root 11241100x8000000000000000700778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdee513f536c64d2023-02-07 15:13:17.347root 11241100x8000000000000000700777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e68cc8959ea3112023-02-07 15:13:17.347root 11241100x8000000000000000700776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9cfa4ef694b77e2023-02-07 15:13:17.347root 11241100x8000000000000000700775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d6cd3d4e19dfcd2023-02-07 15:13:17.347root 11241100x8000000000000000700793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9b9e3aadc6833e2023-02-07 15:13:17.348root 11241100x8000000000000000700792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abffc1f1cf215e72023-02-07 15:13:17.348root 11241100x8000000000000000700791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a682f68baa2a00e2023-02-07 15:13:17.348root 11241100x8000000000000000700790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a28a8c897970662023-02-07 15:13:17.348root 11241100x8000000000000000700789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe23d2773a53db62023-02-07 15:13:17.348root 11241100x8000000000000000700788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59593ba909c1c15f2023-02-07 15:13:17.348root 11241100x8000000000000000700787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f861ed0ac11b772023-02-07 15:13:17.348root 11241100x8000000000000000700798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbff6369390d2a02023-02-07 15:13:17.846root 11241100x8000000000000000700797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe63a56bab7b76802023-02-07 15:13:17.846root 11241100x8000000000000000700796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eb8183417f4fc82023-02-07 15:13:17.846root 11241100x8000000000000000700795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae3befbbd4358572023-02-07 15:13:17.846root 11241100x8000000000000000700794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe9afb9c2399b372023-02-07 15:13:17.846root 11241100x8000000000000000700808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e788d3d5321d00d42023-02-07 15:13:17.847root 11241100x8000000000000000700807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff1d3ffcd3228b22023-02-07 15:13:17.847root 11241100x8000000000000000700806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871dd3a7f9aef1fd2023-02-07 15:13:17.847root 11241100x8000000000000000700805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b211e489ac817e972023-02-07 15:13:17.847root 11241100x8000000000000000700804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb55cbf87be56cbd2023-02-07 15:13:17.847root 11241100x8000000000000000700803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951b129fff9aa8a72023-02-07 15:13:17.847root 11241100x8000000000000000700802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605b2526e3beed972023-02-07 15:13:17.847root 11241100x8000000000000000700801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331192d8417e092e2023-02-07 15:13:17.847root 11241100x8000000000000000700800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5fb485753b50392023-02-07 15:13:17.847root 11241100x8000000000000000700799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2428d0a97b761a962023-02-07 15:13:17.847root 11241100x8000000000000000700809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6dcaa565422d622023-02-07 15:13:17.848root 11241100x8000000000000000700811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a174b29a4173dcc2023-02-07 15:13:17.850root 11241100x8000000000000000700810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18ebfad4286c4252023-02-07 15:13:17.850root 11241100x8000000000000000700817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08e64317eda64382023-02-07 15:13:17.851root 11241100x8000000000000000700816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea7538af7998dac2023-02-07 15:13:17.851root 11241100x8000000000000000700815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0dad25eef520342023-02-07 15:13:17.851root 11241100x8000000000000000700814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529e1d7db6dcdcbf2023-02-07 15:13:17.851root 11241100x8000000000000000700813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c785e31e8547f442023-02-07 15:13:17.851root 11241100x8000000000000000700812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340e305c00eaf4032023-02-07 15:13:17.851root 11241100x8000000000000000700823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e0a7b0787018e72023-02-07 15:13:17.852root 11241100x8000000000000000700822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d1aabf2ca5828d2023-02-07 15:13:17.852root 11241100x8000000000000000700821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f28f47e474515272023-02-07 15:13:17.852root 11241100x8000000000000000700820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c5322422d83932023-02-07 15:13:17.852root 11241100x8000000000000000700819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb648508b9d3ffd2023-02-07 15:13:17.852root 11241100x8000000000000000700818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:17.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049e8b68043e86c12023-02-07 15:13:17.852root 11241100x8000000000000000700824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b073eaba0a1bbb62023-02-07 15:13:18.345root 11241100x8000000000000000700836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07277e696c6c3f3a2023-02-07 15:13:18.346root 11241100x8000000000000000700835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c170cbdda3bb062023-02-07 15:13:18.346root 11241100x8000000000000000700834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a47274750a87a2023-02-07 15:13:18.346root 11241100x8000000000000000700833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2e8b602a54858e2023-02-07 15:13:18.346root 11241100x8000000000000000700832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd4bc33703a74d52023-02-07 15:13:18.346root 11241100x8000000000000000700831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c057218791366d2023-02-07 15:13:18.346root 11241100x8000000000000000700830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5409bb4b3f9e2d2023-02-07 15:13:18.346root 11241100x8000000000000000700829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e670115bd621eb2023-02-07 15:13:18.346root 11241100x8000000000000000700828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55f4aeac1a9c1ec2023-02-07 15:13:18.346root 11241100x8000000000000000700827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badf35d2ad9d62e62023-02-07 15:13:18.346root 11241100x8000000000000000700826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443d403eae623b4f2023-02-07 15:13:18.346root 11241100x8000000000000000700825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993378d38925cb212023-02-07 15:13:18.346root 11241100x8000000000000000700848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412f795357335b222023-02-07 15:13:18.347root 11241100x8000000000000000700847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4470efea484e05ea2023-02-07 15:13:18.347root 11241100x8000000000000000700846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d7615091f106ae2023-02-07 15:13:18.347root 11241100x8000000000000000700845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62197584449b42002023-02-07 15:13:18.347root 11241100x8000000000000000700844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47918854492e92222023-02-07 15:13:18.347root 11241100x8000000000000000700843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a23c074472c1482023-02-07 15:13:18.347root 11241100x8000000000000000700842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e27ed3630496ea2023-02-07 15:13:18.347root 11241100x8000000000000000700841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a93e8ed41bae112023-02-07 15:13:18.347root 11241100x8000000000000000700840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47010309212972e2023-02-07 15:13:18.347root 11241100x8000000000000000700839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a020db3dadc66ff52023-02-07 15:13:18.347root 11241100x8000000000000000700838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d09fa0a7d8c68c92023-02-07 15:13:18.347root 11241100x8000000000000000700837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459bbc44c5a007c92023-02-07 15:13:18.347root 11241100x8000000000000000700855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ea471609e1fba82023-02-07 15:13:18.348root 11241100x8000000000000000700854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5376331c83966c7a2023-02-07 15:13:18.348root 11241100x8000000000000000700853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8057c46b6ce06c2023-02-07 15:13:18.348root 11241100x8000000000000000700852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f8ea9ed3c5cb7c2023-02-07 15:13:18.348root 11241100x8000000000000000700851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ddb7f9bb1274e82023-02-07 15:13:18.348root 11241100x8000000000000000700850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0331361b3f30adb92023-02-07 15:13:18.348root 11241100x8000000000000000700849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03c6c4c4af2b6ba2023-02-07 15:13:18.348root 11241100x8000000000000000700858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dc17d51cc084762023-02-07 15:13:18.845root 11241100x8000000000000000700857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191c3b7b78ffdab02023-02-07 15:13:18.845root 11241100x8000000000000000700856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e90ffd24d22e6c72023-02-07 15:13:18.845root 11241100x8000000000000000700873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eae0d9d7df548f2023-02-07 15:13:18.846root 11241100x8000000000000000700872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cd7c1205dd83762023-02-07 15:13:18.846root 11241100x8000000000000000700871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7591d036a34f352023-02-07 15:13:18.846root 11241100x8000000000000000700870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e0e1f1159e1c2e2023-02-07 15:13:18.846root 11241100x8000000000000000700869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c07f403db76c5e2023-02-07 15:13:18.846root 11241100x8000000000000000700868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a944de5d8def7d2023-02-07 15:13:18.846root 11241100x8000000000000000700867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd64f1f905eee912023-02-07 15:13:18.846root 11241100x8000000000000000700866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e37d4f3622839c2023-02-07 15:13:18.846root 11241100x8000000000000000700865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966f144282d548632023-02-07 15:13:18.846root 11241100x8000000000000000700864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30286bad64aab15f2023-02-07 15:13:18.846root 11241100x8000000000000000700863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e7e6045791eff2023-02-07 15:13:18.846root 11241100x8000000000000000700862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0c389b3b41b6ff2023-02-07 15:13:18.846root 11241100x8000000000000000700861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e6444b46ff6b62023-02-07 15:13:18.846root 11241100x8000000000000000700860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1fc31a123a869b2023-02-07 15:13:18.846root 11241100x8000000000000000700859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4214691106e256222023-02-07 15:13:18.846root 11241100x8000000000000000700889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ffcf52390f6e462023-02-07 15:13:18.847root 11241100x8000000000000000700888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f944d1245c29df612023-02-07 15:13:18.847root 11241100x8000000000000000700887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a31ee46f98307b2023-02-07 15:13:18.847root 11241100x8000000000000000700886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77a0350582e9cf82023-02-07 15:13:18.847root 11241100x8000000000000000700885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fb63bccb2188302023-02-07 15:13:18.847root 11241100x8000000000000000700884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b521c34b7e730c82023-02-07 15:13:18.847root 11241100x8000000000000000700883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3140d69839391e2023-02-07 15:13:18.847root 11241100x8000000000000000700882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203683de8cc66b5c2023-02-07 15:13:18.847root 11241100x8000000000000000700881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0f00bb8ef48fcc2023-02-07 15:13:18.847root 11241100x8000000000000000700880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3380e1eab39d77012023-02-07 15:13:18.847root 11241100x8000000000000000700879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf584585876c80d62023-02-07 15:13:18.847root 11241100x8000000000000000700878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31e127bdf2be28b2023-02-07 15:13:18.847root 11241100x8000000000000000700877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a43513ff392cc492023-02-07 15:13:18.847root 11241100x8000000000000000700876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b7cf1017e45b72023-02-07 15:13:18.847root 11241100x8000000000000000700875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3175cc6fcd69b6022023-02-07 15:13:18.847root 11241100x8000000000000000700874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a9efac18ae6962023-02-07 15:13:18.847root 11241100x8000000000000000700900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60c34dad136ff42023-02-07 15:13:18.848root 11241100x8000000000000000700899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953170f471fb7aca2023-02-07 15:13:18.848root 11241100x8000000000000000700898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3752a8431ea00e42023-02-07 15:13:18.848root 11241100x8000000000000000700897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c69e09387981562023-02-07 15:13:18.848root 11241100x8000000000000000700896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303cc5bd0f7b4f192023-02-07 15:13:18.848root 11241100x8000000000000000700895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30ba734452e482f2023-02-07 15:13:18.848root 11241100x8000000000000000700894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdd06d0b4ab76952023-02-07 15:13:18.848root 11241100x8000000000000000700893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40b49444018f6392023-02-07 15:13:18.848root 11241100x8000000000000000700892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aea3fd50886e382023-02-07 15:13:18.848root 11241100x8000000000000000700891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11a4c6b0a41c80b2023-02-07 15:13:18.848root 11241100x8000000000000000700890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b67ba63a827752023-02-07 15:13:18.848root 11241100x8000000000000000700902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34987bd016d5190a2023-02-07 15:13:19.251root 354300x8000000000000000700901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.251{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-58888-false10.0.1.12-8000- 11241100x8000000000000000700906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff36b65738b8b1ec2023-02-07 15:13:19.252root 11241100x8000000000000000700905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60534d7456739e02023-02-07 15:13:19.252root 11241100x8000000000000000700904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08902d06ec1598a72023-02-07 15:13:19.252root 11241100x8000000000000000700903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deb2b95007e27f32023-02-07 15:13:19.252root 11241100x8000000000000000700909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457d9228e39147052023-02-07 15:13:19.253root 11241100x8000000000000000700908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c634e5ca04d38b2b2023-02-07 15:13:19.253root 11241100x8000000000000000700907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a6e25b1a12530f2023-02-07 15:13:19.253root 11241100x8000000000000000700913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22bd70565819df22023-02-07 15:13:19.254root 11241100x8000000000000000700912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb3a7e6000efc6b2023-02-07 15:13:19.254root 11241100x8000000000000000700911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe13a8e2b14a48e2023-02-07 15:13:19.254root 11241100x8000000000000000700910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e79fd02ec819872023-02-07 15:13:19.254root 11241100x8000000000000000700916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.255{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54bd2c1b76f3e252023-02-07 15:13:19.255root 11241100x8000000000000000700915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.255{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5730bb77a7412b2023-02-07 15:13:19.255root 11241100x8000000000000000700914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.255{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dbf76a87e9ebd62023-02-07 15:13:19.255root 11241100x8000000000000000700925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06974272e6c005092023-02-07 15:13:19.256root 11241100x8000000000000000700924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5db3480a84daca2023-02-07 15:13:19.256root 11241100x8000000000000000700923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d89d9accc5dd472023-02-07 15:13:19.256root 11241100x8000000000000000700922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca0ee414e7326e42023-02-07 15:13:19.256root 11241100x8000000000000000700921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541df2b047a02cca2023-02-07 15:13:19.256root 11241100x8000000000000000700920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc8af9136c69a82023-02-07 15:13:19.256root 11241100x8000000000000000700919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5e59a21bbc008c2023-02-07 15:13:19.256root 11241100x8000000000000000700918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff2588a18f537092023-02-07 15:13:19.256root 11241100x8000000000000000700917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25b5151429e3b62023-02-07 15:13:19.256root 11241100x8000000000000000700932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581924e521b908ea2023-02-07 15:13:19.257root 11241100x8000000000000000700931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23cc3ccbcdb23e62023-02-07 15:13:19.257root 11241100x8000000000000000700930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a57f0d75a61fc62023-02-07 15:13:19.257root 11241100x8000000000000000700929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc1281aea7b4a832023-02-07 15:13:19.257root 11241100x8000000000000000700928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5be84ae07c3ab02023-02-07 15:13:19.257root 11241100x8000000000000000700927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbb758c4ca613cf2023-02-07 15:13:19.257root 11241100x8000000000000000700926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680806374f8a997e2023-02-07 15:13:19.257root 11241100x8000000000000000700938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46375a2643ce0ec2023-02-07 15:13:19.258root 11241100x8000000000000000700937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13d067c591e1b852023-02-07 15:13:19.258root 11241100x8000000000000000700936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34357f1d77335212023-02-07 15:13:19.258root 11241100x8000000000000000700935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270c62df7fb763e32023-02-07 15:13:19.258root 11241100x8000000000000000700934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c95114b8ce934192023-02-07 15:13:19.258root 11241100x8000000000000000700933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07015d7c5b96e5c22023-02-07 15:13:19.258root 11241100x8000000000000000700944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8773f6688ee998cc2023-02-07 15:13:19.595root 11241100x8000000000000000700943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e4087a2f46387a2023-02-07 15:13:19.595root 11241100x8000000000000000700942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454b5e922d548ef2023-02-07 15:13:19.595root 11241100x8000000000000000700941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5a5046f7e878c62023-02-07 15:13:19.595root 11241100x8000000000000000700940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62aeaa1ef93a94d2023-02-07 15:13:19.595root 11241100x8000000000000000700939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fd60ccceda0eb52023-02-07 15:13:19.595root 11241100x8000000000000000700949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038c6417143475e62023-02-07 15:13:19.596root 11241100x8000000000000000700948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afed7b0d5b6e7a5f2023-02-07 15:13:19.596root 11241100x8000000000000000700947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d3f50c444497a2023-02-07 15:13:19.596root 11241100x8000000000000000700946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002733dea9c30f3b2023-02-07 15:13:19.596root 11241100x8000000000000000700945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb3086002502e322023-02-07 15:13:19.596root 11241100x8000000000000000700957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad77b5846f13816e2023-02-07 15:13:19.597root 11241100x8000000000000000700956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5523e236a5e96272023-02-07 15:13:19.597root 11241100x8000000000000000700955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f6fad17bf3f402023-02-07 15:13:19.597root 11241100x8000000000000000700954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627d589bf60cfe672023-02-07 15:13:19.597root 11241100x8000000000000000700953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f842ae9de205052023-02-07 15:13:19.597root 11241100x8000000000000000700952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affb1efe4055abae2023-02-07 15:13:19.597root 11241100x8000000000000000700951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0b54f7062fc7ea2023-02-07 15:13:19.597root 11241100x8000000000000000700950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881a785dea77fcd92023-02-07 15:13:19.597root 11241100x8000000000000000700964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10690c268a95e5a2023-02-07 15:13:19.598root 11241100x8000000000000000700963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717316e718e6c4922023-02-07 15:13:19.598root 11241100x8000000000000000700962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b44078736a77232023-02-07 15:13:19.598root 11241100x8000000000000000700961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50356c69a4428be02023-02-07 15:13:19.598root 11241100x8000000000000000700960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a641ffdb55d4fd12023-02-07 15:13:19.598root 11241100x8000000000000000700959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea8997c2f3391b92023-02-07 15:13:19.598root 11241100x8000000000000000700958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81666f71158f2f9e2023-02-07 15:13:19.598root 11241100x8000000000000000700970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b932021ab853b02023-02-07 15:13:19.599root 11241100x8000000000000000700969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d007300211766f2023-02-07 15:13:19.599root 11241100x8000000000000000700968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f5118838ee13052023-02-07 15:13:19.599root 11241100x8000000000000000700967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b9d7e24218f5472023-02-07 15:13:19.599root 11241100x8000000000000000700966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bb192554ce1be52023-02-07 15:13:19.599root 11241100x8000000000000000700965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5659e84f0500dd052023-02-07 15:13:19.599root 11241100x8000000000000000700972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14448c0a734cab152023-02-07 15:13:19.600root 11241100x8000000000000000700971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:19.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77719af943c3fa92023-02-07 15:13:19.600root 11241100x8000000000000000700974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4124501c939d2d2023-02-07 15:13:20.095root 11241100x8000000000000000700973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e5073956e9c9e92023-02-07 15:13:20.095root 11241100x8000000000000000700979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5628d701b5dd47a2023-02-07 15:13:20.096root 11241100x8000000000000000700978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ad96d1906192ad2023-02-07 15:13:20.096root 11241100x8000000000000000700977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ad0e21250f5cc2023-02-07 15:13:20.096root 11241100x8000000000000000700976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f423ec27fa1ecb2023-02-07 15:13:20.096root 11241100x8000000000000000700975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdb665a988c2a5c2023-02-07 15:13:20.096root 11241100x8000000000000000700983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6bf0ff860869602023-02-07 15:13:20.097root 11241100x8000000000000000700982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982316f633e195222023-02-07 15:13:20.097root 11241100x8000000000000000700981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c16ac40bd02f0cd2023-02-07 15:13:20.097root 11241100x8000000000000000700980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4995d150c201672023-02-07 15:13:20.097root 11241100x8000000000000000700988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae61ce8d7358c702023-02-07 15:13:20.098root 11241100x8000000000000000700987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa75628902fc2cb2023-02-07 15:13:20.098root 11241100x8000000000000000700986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703221d131f76c0b2023-02-07 15:13:20.098root 11241100x8000000000000000700985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770e8fe17690da782023-02-07 15:13:20.098root 11241100x8000000000000000700984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a511fda5f214252023-02-07 15:13:20.098root 11241100x8000000000000000700999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902cbf1cd5bd32a02023-02-07 15:13:20.099root 11241100x8000000000000000700998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9903f861230fd3202023-02-07 15:13:20.099root 11241100x8000000000000000700997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed769070193767472023-02-07 15:13:20.099root 11241100x8000000000000000700996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d7c3e16e4d4d12023-02-07 15:13:20.099root 11241100x8000000000000000700995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1d3692653cdba52023-02-07 15:13:20.099root 11241100x8000000000000000700994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567742eccd86146c2023-02-07 15:13:20.099root 11241100x8000000000000000700993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa36335092d27262023-02-07 15:13:20.099root 11241100x8000000000000000700992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fae61f0e72875e2023-02-07 15:13:20.099root 11241100x8000000000000000700991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5ab4d10e8400562023-02-07 15:13:20.099root 11241100x8000000000000000700990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99594412e65d77042023-02-07 15:13:20.099root 11241100x8000000000000000700989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61d41b65a611692023-02-07 15:13:20.099root 11241100x8000000000000000701007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0223968c910f23902023-02-07 15:13:20.100root 11241100x8000000000000000701006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ad5e5c35c26f52023-02-07 15:13:20.100root 11241100x8000000000000000701005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fec1c95476cd492023-02-07 15:13:20.100root 11241100x8000000000000000701004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6f4366b0887c742023-02-07 15:13:20.100root 11241100x8000000000000000701003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0645d6ae053a9aa72023-02-07 15:13:20.100root 11241100x8000000000000000701002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e53c0e48056f622023-02-07 15:13:20.100root 11241100x8000000000000000701001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf71771f04ed80d2023-02-07 15:13:20.100root 11241100x8000000000000000701000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d88825d4478082023-02-07 15:13:20.100root 11241100x8000000000000000701009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79034515984c1b022023-02-07 15:13:20.595root 11241100x8000000000000000701008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7571b88de86797412023-02-07 15:13:20.595root 11241100x8000000000000000701024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c590d189ba3ac672023-02-07 15:13:20.596root 11241100x8000000000000000701023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e973e582bbdba9b82023-02-07 15:13:20.596root 11241100x8000000000000000701022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff4b907ae9a94f02023-02-07 15:13:20.596root 11241100x8000000000000000701021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390184c3801617ec2023-02-07 15:13:20.596root 11241100x8000000000000000701020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca5505d95666bb72023-02-07 15:13:20.596root 11241100x8000000000000000701019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a19b1d08ed36142023-02-07 15:13:20.596root 11241100x8000000000000000701018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1314f64658f15bc2023-02-07 15:13:20.596root 11241100x8000000000000000701017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0782e0626a7354be2023-02-07 15:13:20.596root 11241100x8000000000000000701016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d382542fc5c4972023-02-07 15:13:20.596root 11241100x8000000000000000701015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a537d8daabc95bc02023-02-07 15:13:20.596root 11241100x8000000000000000701014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e718c02509977122023-02-07 15:13:20.596root 11241100x8000000000000000701013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3155ac937f97e1012023-02-07 15:13:20.596root 11241100x8000000000000000701012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15b352ade7603e92023-02-07 15:13:20.596root 11241100x8000000000000000701011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5f579b42f402192023-02-07 15:13:20.596root 11241100x8000000000000000701010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96091454c85eecc72023-02-07 15:13:20.596root 11241100x8000000000000000701038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec54fbad7393ddab2023-02-07 15:13:20.597root 11241100x8000000000000000701037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d101874e5d6e732023-02-07 15:13:20.597root 11241100x8000000000000000701036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebca451a423d57032023-02-07 15:13:20.597root 11241100x8000000000000000701035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b070cee56d80ec2023-02-07 15:13:20.597root 11241100x8000000000000000701034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58fc21e51502ac2023-02-07 15:13:20.597root 11241100x8000000000000000701033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8fd1e6058abcd62023-02-07 15:13:20.597root 11241100x8000000000000000701032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1cbfab9805fa232023-02-07 15:13:20.597root 11241100x8000000000000000701031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7263df981f7c32023-02-07 15:13:20.597root 11241100x8000000000000000701030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcf5132fdc587942023-02-07 15:13:20.597root 11241100x8000000000000000701029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d80e85b5b348af62023-02-07 15:13:20.597root 11241100x8000000000000000701028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8387129f1a559cf2023-02-07 15:13:20.597root 11241100x8000000000000000701027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5c3ac05fb1dfe2023-02-07 15:13:20.597root 11241100x8000000000000000701026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1f187ed778eaee2023-02-07 15:13:20.597root 11241100x8000000000000000701025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df53eb17caf62fc82023-02-07 15:13:20.597root 11241100x8000000000000000701040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dee3089539f2022023-02-07 15:13:21.095root 11241100x8000000000000000701039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab68a220dd51c322023-02-07 15:13:21.095root 11241100x8000000000000000701045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86d41d2ee389ebb2023-02-07 15:13:21.096root 11241100x8000000000000000701044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0628d37358649fe2023-02-07 15:13:21.096root 11241100x8000000000000000701043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df415d08fe541c12023-02-07 15:13:21.096root 11241100x8000000000000000701042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9970cb9eef9ec5602023-02-07 15:13:21.096root 11241100x8000000000000000701041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dbd7945c1277ab2023-02-07 15:13:21.096root 11241100x8000000000000000701054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50e63687b31a5cc2023-02-07 15:13:21.097root 11241100x8000000000000000701053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d58cacfd7b7332023-02-07 15:13:21.097root 11241100x8000000000000000701052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b2490bc34c4482023-02-07 15:13:21.097root 11241100x8000000000000000701051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069eac6f33e341472023-02-07 15:13:21.097root 11241100x8000000000000000701050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132c602eb0db0412023-02-07 15:13:21.097root 11241100x8000000000000000701049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2dc4f97caa68162023-02-07 15:13:21.097root 11241100x8000000000000000701048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1902f95e1e5ca92023-02-07 15:13:21.097root 11241100x8000000000000000701047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e391aad2184992d22023-02-07 15:13:21.097root 11241100x8000000000000000701046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acab6a2058df1aef2023-02-07 15:13:21.097root 11241100x8000000000000000701060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be46a072b4d61e92023-02-07 15:13:21.098root 11241100x8000000000000000701059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a25669bc3e425f2023-02-07 15:13:21.098root 11241100x8000000000000000701058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0f65facab48b5d2023-02-07 15:13:21.098root 11241100x8000000000000000701057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dd84c5f9009fb02023-02-07 15:13:21.098root 11241100x8000000000000000701056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2374207db7af36d2023-02-07 15:13:21.098root 11241100x8000000000000000701055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c70511b0a103332023-02-07 15:13:21.098root 11241100x8000000000000000701063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298276f2bfe184f22023-02-07 15:13:21.099root 11241100x8000000000000000701062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feec9e9819a07462023-02-07 15:13:21.099root 11241100x8000000000000000701061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854bac0bc3be2c042023-02-07 15:13:21.099root 11241100x8000000000000000701074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d698e4e50071b0f62023-02-07 15:13:21.100root 11241100x8000000000000000701073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52365b15194b03422023-02-07 15:13:21.100root 11241100x8000000000000000701072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e589d75a9cf4b62023-02-07 15:13:21.100root 11241100x8000000000000000701071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db598bdf3cd92e5a2023-02-07 15:13:21.100root 11241100x8000000000000000701070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42a89cd45c994dc2023-02-07 15:13:21.100root 11241100x8000000000000000701069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96316fa9acedda152023-02-07 15:13:21.100root 11241100x8000000000000000701068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee1167d7412c4312023-02-07 15:13:21.100root 11241100x8000000000000000701067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836dd28325ac899b2023-02-07 15:13:21.100root 11241100x8000000000000000701066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad2805ff70f14622023-02-07 15:13:21.100root 11241100x8000000000000000701065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2d522bc9d9ccdc2023-02-07 15:13:21.100root 11241100x8000000000000000701064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b24712cc56dbd82023-02-07 15:13:21.100root 11241100x8000000000000000701081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c2ca3458b6ae1b2023-02-07 15:13:21.595root 11241100x8000000000000000701080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce53af3cb1f020f2023-02-07 15:13:21.595root 11241100x8000000000000000701079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71cc5d8f77d3cd62023-02-07 15:13:21.595root 11241100x8000000000000000701078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbcf94d3a4e43c12023-02-07 15:13:21.595root 11241100x8000000000000000701077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a959a2e02e7ffcf2023-02-07 15:13:21.595root 11241100x8000000000000000701076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2cfa09ab9c19ad2023-02-07 15:13:21.595root 11241100x8000000000000000701075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46965a0cd35253dd2023-02-07 15:13:21.595root 11241100x8000000000000000701088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533d7998f29d059c2023-02-07 15:13:21.596root 11241100x8000000000000000701087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2490e9062763d32023-02-07 15:13:21.596root 11241100x8000000000000000701086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377c91da962a1df82023-02-07 15:13:21.596root 11241100x8000000000000000701085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331dfc3eeb939e482023-02-07 15:13:21.596root 11241100x8000000000000000701084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb16859c2cfbddf82023-02-07 15:13:21.596root 11241100x8000000000000000701083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d003b9cc694294e2023-02-07 15:13:21.596root 11241100x8000000000000000701082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2bf77be3b223f12023-02-07 15:13:21.596root 11241100x8000000000000000701100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fd65db4f5c020b2023-02-07 15:13:21.597root 11241100x8000000000000000701099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a23087fdc8e2e2023-02-07 15:13:21.597root 11241100x8000000000000000701098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e59d6b8a524409d2023-02-07 15:13:21.597root 11241100x8000000000000000701097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec90c3c53767cad2023-02-07 15:13:21.597root 11241100x8000000000000000701096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72efcdbf7f0f2122023-02-07 15:13:21.597root 11241100x8000000000000000701095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f01a41c83044c32023-02-07 15:13:21.597root 11241100x8000000000000000701094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28328b3992c0ab292023-02-07 15:13:21.597root 11241100x8000000000000000701093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6a20d189ea5afb2023-02-07 15:13:21.597root 11241100x8000000000000000701092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cbab669c864cdd2023-02-07 15:13:21.597root 11241100x8000000000000000701091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b372d49362c018f02023-02-07 15:13:21.597root 11241100x8000000000000000701090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639cc3f88ca821db2023-02-07 15:13:21.597root 11241100x8000000000000000701089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23554c393c8b70052023-02-07 15:13:21.597root 11241100x8000000000000000701107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f65f244b807f7d2023-02-07 15:13:21.598root 11241100x8000000000000000701106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc88f5bec1529542023-02-07 15:13:21.598root 11241100x8000000000000000701105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3295755727cacae2023-02-07 15:13:21.598root 11241100x8000000000000000701104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e1b7d5950047f22023-02-07 15:13:21.598root 11241100x8000000000000000701103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f85610c1735812023-02-07 15:13:21.598root 11241100x8000000000000000701102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3927614d1bed3b102023-02-07 15:13:21.598root 11241100x8000000000000000701101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9756f1e5779d6a322023-02-07 15:13:21.598root 11241100x8000000000000000701109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe71aa87e9a56af2023-02-07 15:13:22.095root 11241100x8000000000000000701108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741df2ae5b75efbe2023-02-07 15:13:22.095root 11241100x8000000000000000701124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d9fbd1e6afe6f2023-02-07 15:13:22.096root 11241100x8000000000000000701123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5997de748544c5692023-02-07 15:13:22.096root 11241100x8000000000000000701122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718de38842ad88932023-02-07 15:13:22.096root 11241100x8000000000000000701121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659588884796dc322023-02-07 15:13:22.096root 11241100x8000000000000000701120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70186170d7a2d6d92023-02-07 15:13:22.096root 11241100x8000000000000000701119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1602218eeb45cd02023-02-07 15:13:22.096root 11241100x8000000000000000701118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3de84d7b2bc7952023-02-07 15:13:22.096root 11241100x8000000000000000701117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af295664e459a1a2023-02-07 15:13:22.096root 11241100x8000000000000000701116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b66322baa387d8c2023-02-07 15:13:22.096root 11241100x8000000000000000701115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57194df024ff842b2023-02-07 15:13:22.096root 11241100x8000000000000000701114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8661e61d57dc3b712023-02-07 15:13:22.096root 11241100x8000000000000000701113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6b57af2fb4f3cc2023-02-07 15:13:22.096root 11241100x8000000000000000701112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a572e726a7fd4f092023-02-07 15:13:22.096root 11241100x8000000000000000701111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d0aa6921d1a1932023-02-07 15:13:22.096root 11241100x8000000000000000701110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebb8d1765782afb2023-02-07 15:13:22.096root 11241100x8000000000000000701127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4776a346380acdba2023-02-07 15:13:22.097root 11241100x8000000000000000701126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d1c6a48afd46ae2023-02-07 15:13:22.097root 11241100x8000000000000000701125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a55163513dccde2023-02-07 15:13:22.097root 11241100x8000000000000000701129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4fb9a58d7bbc272023-02-07 15:13:22.098root 11241100x8000000000000000701128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443c8a69b8b90c532023-02-07 15:13:22.098root 11241100x8000000000000000701132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd6c21a68c7d4202023-02-07 15:13:22.099root 11241100x8000000000000000701131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55654296969e5bf92023-02-07 15:13:22.099root 11241100x8000000000000000701130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ba11169047f98d2023-02-07 15:13:22.099root 11241100x8000000000000000701137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe015e1d698a0062023-02-07 15:13:22.100root 11241100x8000000000000000701136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bf3389c88e73192023-02-07 15:13:22.100root 11241100x8000000000000000701135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01086f2dfc37d862023-02-07 15:13:22.100root 11241100x8000000000000000701134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87bb48a66bab39f2023-02-07 15:13:22.100root 11241100x8000000000000000701133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60d3c42561399912023-02-07 15:13:22.100root 11241100x8000000000000000701138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571289288c08eb2a2023-02-07 15:13:22.101root 11241100x8000000000000000701142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01591676044eb5b32023-02-07 15:13:22.596root 11241100x8000000000000000701141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f1674a21704ed2023-02-07 15:13:22.596root 11241100x8000000000000000701140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83a3ff2ad79fa3a2023-02-07 15:13:22.596root 11241100x8000000000000000701139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9f5c8d86f936ad2023-02-07 15:13:22.596root 11241100x8000000000000000701153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c8e2cb97b8158d2023-02-07 15:13:22.597root 11241100x8000000000000000701152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d6b82be0de81e52023-02-07 15:13:22.597root 11241100x8000000000000000701151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a08543ad1a83512023-02-07 15:13:22.597root 11241100x8000000000000000701150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d58db26ca405e6e2023-02-07 15:13:22.597root 11241100x8000000000000000701149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec25ab03cb23f19c2023-02-07 15:13:22.597root 11241100x8000000000000000701148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2684626cafaa22023-02-07 15:13:22.597root 11241100x8000000000000000701147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243bdec15c3b5d032023-02-07 15:13:22.597root 11241100x8000000000000000701146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f3168c5cfb26a2023-02-07 15:13:22.597root 11241100x8000000000000000701145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22321269e8a2c0942023-02-07 15:13:22.597root 11241100x8000000000000000701144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1832d6d29c506ec2023-02-07 15:13:22.597root 11241100x8000000000000000701143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fe239caf919ca02023-02-07 15:13:22.597root 11241100x8000000000000000701161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9fedd98ab948712023-02-07 15:13:22.598root 11241100x8000000000000000701160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ef734a948d085e2023-02-07 15:13:22.598root 11241100x8000000000000000701159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2facb697d14de72023-02-07 15:13:22.598root 11241100x8000000000000000701158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee41bbffe711c292023-02-07 15:13:22.598root 11241100x8000000000000000701157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203ce1d24081b812023-02-07 15:13:22.598root 11241100x8000000000000000701156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda3f3e08119d1932023-02-07 15:13:22.598root 11241100x8000000000000000701155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0815295d0f4fea02023-02-07 15:13:22.598root 11241100x8000000000000000701154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce83ed5f6e5902cf2023-02-07 15:13:22.598root 11241100x8000000000000000701166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8b30094a4220f42023-02-07 15:13:22.599root 11241100x8000000000000000701165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaeab64d6d450c12023-02-07 15:13:22.599root 11241100x8000000000000000701164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c9b11c56840d912023-02-07 15:13:22.599root 11241100x8000000000000000701163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd934573c6ea52672023-02-07 15:13:22.599root 11241100x8000000000000000701162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcec60a9bed05532023-02-07 15:13:22.599root 11241100x8000000000000000701169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fb141151e4d51e2023-02-07 15:13:22.600root 11241100x8000000000000000701168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b6f51962a782572023-02-07 15:13:22.600root 11241100x8000000000000000701167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:22.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8acac6bf7468c902023-02-07 15:13:22.600root 11241100x8000000000000000701170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dcdb2eeb56aeee2023-02-07 15:13:23.095root 11241100x8000000000000000701173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139bad729fe1bebc2023-02-07 15:13:23.097root 11241100x8000000000000000701172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4f13852a54feba2023-02-07 15:13:23.097root 11241100x8000000000000000701171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4cd3f5f4a048282023-02-07 15:13:23.097root 11241100x8000000000000000701189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381f0d5d460bbeba2023-02-07 15:13:23.098root 11241100x8000000000000000701188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9548714248e4bd2023-02-07 15:13:23.098root 11241100x8000000000000000701187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d15a5f7d566cc12023-02-07 15:13:23.098root 11241100x8000000000000000701186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf338cd823a10aaa2023-02-07 15:13:23.098root 11241100x8000000000000000701185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7c0bcd60fd74a22023-02-07 15:13:23.098root 11241100x8000000000000000701184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9edbdb7f463637a2023-02-07 15:13:23.098root 11241100x8000000000000000701183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47902ee577cb024f2023-02-07 15:13:23.098root 11241100x8000000000000000701182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc857a0da88317922023-02-07 15:13:23.098root 11241100x8000000000000000701181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c7b50842ed83fb2023-02-07 15:13:23.098root 11241100x8000000000000000701180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a417e8450710b9c82023-02-07 15:13:23.098root 11241100x8000000000000000701179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11dc3381cea5a972023-02-07 15:13:23.098root 11241100x8000000000000000701178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf07bb6f5ec5ff6d2023-02-07 15:13:23.098root 11241100x8000000000000000701177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3684e546f5b2aa2023-02-07 15:13:23.098root 11241100x8000000000000000701176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63166c2ff2cafa902023-02-07 15:13:23.098root 11241100x8000000000000000701175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec613029fb1ef5692023-02-07 15:13:23.098root 11241100x8000000000000000701174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d79419ce9fe1742023-02-07 15:13:23.098root 11241100x8000000000000000701200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49d9ed6dda12b5e2023-02-07 15:13:23.099root 11241100x8000000000000000701199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d15a97f09d64b2023-02-07 15:13:23.099root 11241100x8000000000000000701198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4576bc4cbeaaabd92023-02-07 15:13:23.099root 11241100x8000000000000000701197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ba1bc9b1fae1c72023-02-07 15:13:23.099root 11241100x8000000000000000701196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a280d95ce260102023-02-07 15:13:23.099root 11241100x8000000000000000701195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1427f757e92f11002023-02-07 15:13:23.099root 11241100x8000000000000000701194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efee2722882a51b2023-02-07 15:13:23.099root 11241100x8000000000000000701193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2991ceb08b29fd2023-02-07 15:13:23.099root 11241100x8000000000000000701192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c4d5ef017d800e2023-02-07 15:13:23.099root 11241100x8000000000000000701191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c5420ed0821a3b2023-02-07 15:13:23.099root 11241100x8000000000000000701190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5724bdd4f1cb2faa2023-02-07 15:13:23.099root 11241100x8000000000000000701202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673beb25a09a8eed2023-02-07 15:13:23.595root 11241100x8000000000000000701201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ef2a10d211799e2023-02-07 15:13:23.595root 11241100x8000000000000000701205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3bf983d27d83a32023-02-07 15:13:23.596root 11241100x8000000000000000701204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda52aaad6d9b6052023-02-07 15:13:23.596root 11241100x8000000000000000701203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fe237f6f3aa3b42023-02-07 15:13:23.596root 11241100x8000000000000000701211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cf2eea0fba0f3b2023-02-07 15:13:23.597root 11241100x8000000000000000701210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e124a7c23236352023-02-07 15:13:23.597root 11241100x8000000000000000701209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaf75183ab9a3e02023-02-07 15:13:23.597root 11241100x8000000000000000701208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8eb14a570c46ca22023-02-07 15:13:23.597root 11241100x8000000000000000701207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757e54f4782f18df2023-02-07 15:13:23.597root 11241100x8000000000000000701206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fa4b774f5d71182023-02-07 15:13:23.597root 11241100x8000000000000000701212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d25eef470af133f2023-02-07 15:13:23.598root 11241100x8000000000000000701218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db1aa8652092b802023-02-07 15:13:23.599root 11241100x8000000000000000701217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a4ead6c2852d832023-02-07 15:13:23.599root 11241100x8000000000000000701216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549cbefdc78ee0652023-02-07 15:13:23.599root 11241100x8000000000000000701215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ba1191bb4387dc2023-02-07 15:13:23.599root 11241100x8000000000000000701214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea82dc7050bbd9d2023-02-07 15:13:23.599root 11241100x8000000000000000701213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b479a117cf4b752023-02-07 15:13:23.599root 11241100x8000000000000000701228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fc53c3657daad62023-02-07 15:13:23.600root 11241100x8000000000000000701227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1a3978f2cc3cc92023-02-07 15:13:23.600root 11241100x8000000000000000701226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f61e1fca0815ee2023-02-07 15:13:23.600root 11241100x8000000000000000701225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dd4bbe8f1a80fe2023-02-07 15:13:23.600root 11241100x8000000000000000701224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9167713c7b8f9e2023-02-07 15:13:23.600root 11241100x8000000000000000701223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cead937f17bafeac2023-02-07 15:13:23.600root 11241100x8000000000000000701222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a40a7f43ddf0032023-02-07 15:13:23.600root 11241100x8000000000000000701221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c019f079a550ee2023-02-07 15:13:23.600root 11241100x8000000000000000701220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9937e2dfbc2a872023-02-07 15:13:23.600root 11241100x8000000000000000701219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e88bd017f6c4f72023-02-07 15:13:23.600root 11241100x8000000000000000701235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a227b5ff679ccc2023-02-07 15:13:23.601root 11241100x8000000000000000701234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0bd17116a28f122023-02-07 15:13:23.601root 11241100x8000000000000000701233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c6aaef7b8d70192023-02-07 15:13:23.601root 11241100x8000000000000000701232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1c85f0cf78b9772023-02-07 15:13:23.601root 11241100x8000000000000000701231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ab2af68e8bba522023-02-07 15:13:23.601root 11241100x8000000000000000701230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac6e5215ba49f0c2023-02-07 15:13:23.601root 11241100x8000000000000000701229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:23.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaca32ee20e9c8a2023-02-07 15:13:23.601root 11241100x8000000000000000701241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c2cc5c8f64e7ff2023-02-07 15:13:24.095root 11241100x8000000000000000701240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ed520994d68f232023-02-07 15:13:24.095root 11241100x8000000000000000701239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc780938a7a74d52023-02-07 15:13:24.095root 11241100x8000000000000000701238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094bcc98d8f2e7b72023-02-07 15:13:24.095root 11241100x8000000000000000701237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f0fdf3385a30902023-02-07 15:13:24.095root 11241100x8000000000000000701236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7aa61e5ca4ea232023-02-07 15:13:24.095root 11241100x8000000000000000701245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1103ae58f8d55be12023-02-07 15:13:24.096root 11241100x8000000000000000701244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad04fdcb8410be72023-02-07 15:13:24.096root 11241100x8000000000000000701243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2315551160dd9c02023-02-07 15:13:24.096root 11241100x8000000000000000701242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9955e44753883a432023-02-07 15:13:24.096root 11241100x8000000000000000701249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fad8865cdca793d2023-02-07 15:13:24.098root 11241100x8000000000000000701248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641e47ccaf068e422023-02-07 15:13:24.098root 11241100x8000000000000000701247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af24e0cdcad5ec62023-02-07 15:13:24.098root 11241100x8000000000000000701246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fabe15603396662023-02-07 15:13:24.098root 11241100x8000000000000000701259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f097f1d54c22312023-02-07 15:13:24.099root 11241100x8000000000000000701258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221e34713bc207a62023-02-07 15:13:24.099root 11241100x8000000000000000701257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f68e259c5ab580b2023-02-07 15:13:24.099root 11241100x8000000000000000701256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b707a5a6090d4e2023-02-07 15:13:24.099root 11241100x8000000000000000701255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f723178e9a0fb1a92023-02-07 15:13:24.099root 11241100x8000000000000000701254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa7ee55026f8fa72023-02-07 15:13:24.099root 11241100x8000000000000000701253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c843c2cc22ab7bc62023-02-07 15:13:24.099root 11241100x8000000000000000701252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6e5e27e6b82c492023-02-07 15:13:24.099root 11241100x8000000000000000701251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693fd1f201aff8c62023-02-07 15:13:24.099root 11241100x8000000000000000701250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dac3b8474430d0f2023-02-07 15:13:24.099root 11241100x8000000000000000701269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92f4489b19251392023-02-07 15:13:24.100root 11241100x8000000000000000701268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6691a48d56bc8d2023-02-07 15:13:24.100root 11241100x8000000000000000701267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d138970e710edf82023-02-07 15:13:24.100root 11241100x8000000000000000701266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b51fcb895f7be52023-02-07 15:13:24.100root 11241100x8000000000000000701265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe084fcd3d86f3312023-02-07 15:13:24.100root 11241100x8000000000000000701264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6948e71198d9a2d2023-02-07 15:13:24.100root 11241100x8000000000000000701263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dcd6d4a684b4622023-02-07 15:13:24.100root 11241100x8000000000000000701262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385fbf8b54918ac42023-02-07 15:13:24.100root 11241100x8000000000000000701261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98500d4cbf693482023-02-07 15:13:24.100root 11241100x8000000000000000701260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8158819a1ce00a62023-02-07 15:13:24.100root 11241100x8000000000000000701280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd37530f42be69712023-02-07 15:13:24.101root 11241100x8000000000000000701279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0906492e9c9bbde2023-02-07 15:13:24.101root 11241100x8000000000000000701278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8c61f49294cfe52023-02-07 15:13:24.101root 11241100x8000000000000000701277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7775c8a923b528ea2023-02-07 15:13:24.101root 11241100x8000000000000000701276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb9e576428b57542023-02-07 15:13:24.101root 11241100x8000000000000000701275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8c21cb1e3f95be2023-02-07 15:13:24.101root 11241100x8000000000000000701274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea46e8c452fd47a72023-02-07 15:13:24.101root 11241100x8000000000000000701273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0ff9e6b60716322023-02-07 15:13:24.101root 11241100x8000000000000000701272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd282eb1cf20a7232023-02-07 15:13:24.101root 11241100x8000000000000000701271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d797e67a400e1eb72023-02-07 15:13:24.101root 11241100x8000000000000000701270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8896ded198f08ec2023-02-07 15:13:24.101root 11241100x8000000000000000701292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c4f757eed980062023-02-07 15:13:24.102root 11241100x8000000000000000701291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7446e8ccb048242023-02-07 15:13:24.102root 11241100x8000000000000000701290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397000f1db901972023-02-07 15:13:24.102root 11241100x8000000000000000701289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38169a0f410aa2fe2023-02-07 15:13:24.102root 11241100x8000000000000000701288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e440b03b6d521bd2023-02-07 15:13:24.102root 11241100x8000000000000000701287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54088c76364b00142023-02-07 15:13:24.102root 11241100x8000000000000000701286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177acca550bb0f0f2023-02-07 15:13:24.102root 11241100x8000000000000000701285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38e611d654723252023-02-07 15:13:24.102root 11241100x8000000000000000701284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f93c1d50c136a572023-02-07 15:13:24.102root 11241100x8000000000000000701283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1942d888f4351a602023-02-07 15:13:24.102root 11241100x8000000000000000701282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c95d1aa942cd7e82023-02-07 15:13:24.102root 11241100x8000000000000000701281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb961aeb61f8b61f2023-02-07 15:13:24.102root 11241100x8000000000000000701296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df32115a34b36bc2023-02-07 15:13:24.103root 11241100x8000000000000000701295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e077f6117859122023-02-07 15:13:24.103root 11241100x8000000000000000701294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c79b52a05b9fe482023-02-07 15:13:24.103root 11241100x8000000000000000701293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e4c4b7c0cc90612023-02-07 15:13:24.103root 11241100x8000000000000000701303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ee478b07a0b27b2023-02-07 15:13:24.595root 11241100x8000000000000000701302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d641ceec4486f0ff2023-02-07 15:13:24.595root 11241100x8000000000000000701301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759630d1c072c0f12023-02-07 15:13:24.595root 11241100x8000000000000000701300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108bd91cc8508e232023-02-07 15:13:24.595root 11241100x8000000000000000701299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdf5f3241d4c1a82023-02-07 15:13:24.595root 11241100x8000000000000000701298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777b40815eb2d94e2023-02-07 15:13:24.595root 11241100x8000000000000000701297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5102781e0e939492023-02-07 15:13:24.595root 11241100x8000000000000000701318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe66d02b755afa82023-02-07 15:13:24.596root 11241100x8000000000000000701317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cc1fbbf29fcc702023-02-07 15:13:24.596root 11241100x8000000000000000701316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bacac705c028bf12023-02-07 15:13:24.596root 11241100x8000000000000000701315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d6719719b26152023-02-07 15:13:24.596root 11241100x8000000000000000701314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e6434258ac04bc2023-02-07 15:13:24.596root 11241100x8000000000000000701313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a73889fa8c9ad92023-02-07 15:13:24.596root 11241100x8000000000000000701312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4071cd933d7c8e3e2023-02-07 15:13:24.596root 11241100x8000000000000000701311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0cd525fc846f12023-02-07 15:13:24.596root 11241100x8000000000000000701310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00117e840447fad2023-02-07 15:13:24.596root 11241100x8000000000000000701309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e19fc082fb65d2a2023-02-07 15:13:24.596root 11241100x8000000000000000701308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519fcbf3e36494f72023-02-07 15:13:24.596root 11241100x8000000000000000701307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64b593abe5ce0462023-02-07 15:13:24.596root 11241100x8000000000000000701306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71104b701c9f56cf2023-02-07 15:13:24.596root 11241100x8000000000000000701305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72178cd73b07331b2023-02-07 15:13:24.596root 11241100x8000000000000000701304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340a7a866dc5a8d62023-02-07 15:13:24.596root 11241100x8000000000000000701327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebace6ccae282b042023-02-07 15:13:24.597root 11241100x8000000000000000701326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26013a200fc131042023-02-07 15:13:24.597root 11241100x8000000000000000701325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b9910d3c1370c32023-02-07 15:13:24.597root 11241100x8000000000000000701324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952ff76e4f4340772023-02-07 15:13:24.597root 11241100x8000000000000000701323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6e03d00d5a2f6c2023-02-07 15:13:24.597root 11241100x8000000000000000701322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa32f82bec18c1a2023-02-07 15:13:24.597root 11241100x8000000000000000701321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e23dd7098bc0d7e2023-02-07 15:13:24.597root 11241100x8000000000000000701320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1189181e80d7578a2023-02-07 15:13:24.597root 11241100x8000000000000000701319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a73ad622f80eb42023-02-07 15:13:24.597root 11241100x8000000000000000701328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:24.730{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:13:24.730root 354300x8000000000000000701329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.088{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48524-false10.0.1.12-8000- 11241100x8000000000000000701334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.090{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420f340a0ae24b4a2023-02-07 15:13:25.090root 11241100x8000000000000000701333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.090{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae3853f5a7ce04a2023-02-07 15:13:25.090root 11241100x8000000000000000701332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.090{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e89356246beae92023-02-07 15:13:25.090root 11241100x8000000000000000701331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.090{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973f3093814f74462023-02-07 15:13:25.090root 11241100x8000000000000000701330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.090{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b31537e3804fa92023-02-07 15:13:25.090root 11241100x8000000000000000701344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3644c3e817a50092023-02-07 15:13:25.091root 11241100x8000000000000000701343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afb64500ef3310f2023-02-07 15:13:25.091root 11241100x8000000000000000701342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d9767ecb960cc22023-02-07 15:13:25.091root 11241100x8000000000000000701341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a5cd04757a67562023-02-07 15:13:25.091root 11241100x8000000000000000701340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c8aedcd48556182023-02-07 15:13:25.091root 11241100x8000000000000000701339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143a8b3862474e002023-02-07 15:13:25.091root 11241100x8000000000000000701338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8da7c33fe0e780a2023-02-07 15:13:25.091root 11241100x8000000000000000701337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705a89823fb636ca2023-02-07 15:13:25.091root 11241100x8000000000000000701336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942393fe6ea3af282023-02-07 15:13:25.091root 11241100x8000000000000000701335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.091{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88300cd48dc01e42023-02-07 15:13:25.091root 11241100x8000000000000000701350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.092{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a97ba9d861ea62a2023-02-07 15:13:25.092root 11241100x8000000000000000701349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.092{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c401cf9e2d86921b2023-02-07 15:13:25.092root 11241100x8000000000000000701348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.092{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84b566eda557d352023-02-07 15:13:25.092root 11241100x8000000000000000701347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.092{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc522eda386610f52023-02-07 15:13:25.092root 11241100x8000000000000000701346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.092{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407bd537864c0e9e2023-02-07 15:13:25.092root 11241100x8000000000000000701345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.092{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a43eca9c45a842f2023-02-07 15:13:25.092root 11241100x8000000000000000701358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d06ea48b9a304322023-02-07 15:13:25.093root 11241100x8000000000000000701357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f161a02d4ee197cc2023-02-07 15:13:25.093root 11241100x8000000000000000701356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5da0b90d0f9fec52023-02-07 15:13:25.093root 11241100x8000000000000000701355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d8184e187b9da2023-02-07 15:13:25.093root 11241100x8000000000000000701354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ffb4fe94a18d562023-02-07 15:13:25.093root 11241100x8000000000000000701353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd910a9cb8cd79262023-02-07 15:13:25.093root 11241100x8000000000000000701352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b141ad3feb712d42023-02-07 15:13:25.093root 11241100x8000000000000000701351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.093{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb8fca42e15f5b2023-02-07 15:13:25.093root 11241100x8000000000000000701359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.094{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f04666b6a751922023-02-07 15:13:25.094root 11241100x8000000000000000701363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f685cf46536812172023-02-07 15:13:25.095root 11241100x8000000000000000701362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa3866d63094962023-02-07 15:13:25.095root 11241100x8000000000000000701361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e50e2739a7447f2023-02-07 15:13:25.095root 11241100x8000000000000000701360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4252409e028e82c2023-02-07 15:13:25.095root 11241100x8000000000000000701364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8eb6eae0505502023-02-07 15:13:25.096root 11241100x8000000000000000701365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950fb70270e556ae2023-02-07 15:13:25.346root 11241100x8000000000000000701374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8e709a3a01dc782023-02-07 15:13:25.347root 11241100x8000000000000000701373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb37a14ff8421f42023-02-07 15:13:25.347root 11241100x8000000000000000701372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82068aaa4228da4f2023-02-07 15:13:25.347root 11241100x8000000000000000701371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc1fd5d7653640a2023-02-07 15:13:25.347root 11241100x8000000000000000701370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb020e5b3360a5172023-02-07 15:13:25.347root 11241100x8000000000000000701369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab88263ab2219e42023-02-07 15:13:25.347root 11241100x8000000000000000701368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a6701cec5de4822023-02-07 15:13:25.347root 11241100x8000000000000000701367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c4f3dc53704e72023-02-07 15:13:25.347root 11241100x8000000000000000701366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fbd3858759b7e02023-02-07 15:13:25.347root 11241100x8000000000000000701378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7a8f8e5b274f622023-02-07 15:13:25.348root 11241100x8000000000000000701377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd274ff3a4678f22023-02-07 15:13:25.348root 11241100x8000000000000000701376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3172975c5c70e3762023-02-07 15:13:25.348root 11241100x8000000000000000701375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c151835b64790e2023-02-07 15:13:25.348root 11241100x8000000000000000701389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8cb1136d5f7122023-02-07 15:13:25.349root 11241100x8000000000000000701388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064d8d390410cfa12023-02-07 15:13:25.349root 11241100x8000000000000000701387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddab921aa92d562b2023-02-07 15:13:25.349root 11241100x8000000000000000701386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72085aaa6c2756542023-02-07 15:13:25.349root 11241100x8000000000000000701385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3880228a7eff80d2023-02-07 15:13:25.349root 11241100x8000000000000000701384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959070b13ee62fe2023-02-07 15:13:25.349root 11241100x8000000000000000701383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330ec79db1a1bf962023-02-07 15:13:25.349root 11241100x8000000000000000701382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b3e02cf7bcaeef2023-02-07 15:13:25.349root 11241100x8000000000000000701381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46bf9f73430fa322023-02-07 15:13:25.349root 11241100x8000000000000000701380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9ea33aa31cfa3c2023-02-07 15:13:25.349root 11241100x8000000000000000701379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43f845f8bc4d492023-02-07 15:13:25.349root 11241100x8000000000000000701397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d8a6f6ba9017062023-02-07 15:13:25.350root 11241100x8000000000000000701396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59228a7d3fb2bed52023-02-07 15:13:25.350root 11241100x8000000000000000701395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30805c3fa4c58662023-02-07 15:13:25.350root 11241100x8000000000000000701394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf0d0130c6042362023-02-07 15:13:25.350root 11241100x8000000000000000701393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f126fce616a9b82023-02-07 15:13:25.350root 11241100x8000000000000000701392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b07b3fb21d905d72023-02-07 15:13:25.350root 11241100x8000000000000000701391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cda050d827cdfa2023-02-07 15:13:25.350root 11241100x8000000000000000701390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c480210d25a662023-02-07 15:13:25.350root 11241100x8000000000000000701399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce41c0d6754b5cf42023-02-07 15:13:25.351root 11241100x8000000000000000701398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4e045e3ef34eba2023-02-07 15:13:25.351root 11241100x8000000000000000701403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcbe6356e0d7c862023-02-07 15:13:25.847root 11241100x8000000000000000701402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381ecfaf7aba57062023-02-07 15:13:25.847root 11241100x8000000000000000701401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13834ff3ef0e30e2023-02-07 15:13:25.847root 11241100x8000000000000000701400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5703a3ea3d6574f42023-02-07 15:13:25.847root 11241100x8000000000000000701405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc7f1c45fbc0742023-02-07 15:13:25.848root 11241100x8000000000000000701404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b5ae58431fd0b2023-02-07 15:13:25.848root 11241100x8000000000000000701409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc342177d8c5f2df2023-02-07 15:13:25.849root 11241100x8000000000000000701408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f7d4b0aa70c3892023-02-07 15:13:25.849root 11241100x8000000000000000701407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab08326f09106acd2023-02-07 15:13:25.849root 11241100x8000000000000000701406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b801565363de6a62023-02-07 15:13:25.849root 11241100x8000000000000000701411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40125b9c244acf12023-02-07 15:13:25.850root 11241100x8000000000000000701410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a186ddc1fea598482023-02-07 15:13:25.850root 11241100x8000000000000000701412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70a6dd6db3e92ae2023-02-07 15:13:25.851root 11241100x8000000000000000701414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00911158c843a4f2023-02-07 15:13:25.852root 11241100x8000000000000000701413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694e6891e5c49c302023-02-07 15:13:25.852root 11241100x8000000000000000701416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477185ecc18420762023-02-07 15:13:25.853root 11241100x8000000000000000701415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84881930dd65924d2023-02-07 15:13:25.853root 11241100x8000000000000000701417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddd1d6b9ae13e6b2023-02-07 15:13:25.854root 11241100x8000000000000000701418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127df6c1a02b8a802023-02-07 15:13:25.855root 11241100x8000000000000000701421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65408f556dd982612023-02-07 15:13:25.856root 11241100x8000000000000000701420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2be377bc4fcd5b2023-02-07 15:13:25.856root 11241100x8000000000000000701419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7680e844ce1cafbc2023-02-07 15:13:25.856root 11241100x8000000000000000701422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e82e55f09ab1b2023-02-07 15:13:25.858root 11241100x8000000000000000701426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80929ddcf0320f8c2023-02-07 15:13:25.859root 11241100x8000000000000000701425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015781c146efa92e2023-02-07 15:13:25.859root 11241100x8000000000000000701424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42181cafc02080732023-02-07 15:13:25.859root 11241100x8000000000000000701423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add26ad43b5b4c532023-02-07 15:13:25.859root 11241100x8000000000000000701428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaf416d37e655f72023-02-07 15:13:25.860root 11241100x8000000000000000701427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018d831c23776b332023-02-07 15:13:25.860root 11241100x8000000000000000701430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6a37edd46a09722023-02-07 15:13:25.861root 11241100x8000000000000000701429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e62bbfe05217d3c2023-02-07 15:13:25.861root 11241100x8000000000000000701432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c7b568ce7d84fa2023-02-07 15:13:25.862root 11241100x8000000000000000701431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:25.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c7af479c6e128c2023-02-07 15:13:25.862root 11241100x8000000000000000701433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a1bacf834e2b9e2023-02-07 15:13:26.345root 11241100x8000000000000000701439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cbba4d0593ee2f2023-02-07 15:13:26.346root 11241100x8000000000000000701438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459969660b76f85f2023-02-07 15:13:26.346root 11241100x8000000000000000701437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a17cd31fe9e83eb2023-02-07 15:13:26.346root 11241100x8000000000000000701436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee58fda75930d8f62023-02-07 15:13:26.346root 11241100x8000000000000000701435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bf917a5333d0412023-02-07 15:13:26.346root 11241100x8000000000000000701434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512baf1972210ab32023-02-07 15:13:26.346root 11241100x8000000000000000701448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeea1494ed879b12023-02-07 15:13:26.347root 11241100x8000000000000000701447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743979f355d867f02023-02-07 15:13:26.347root 11241100x8000000000000000701446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0fe5b4d33bbf052023-02-07 15:13:26.347root 11241100x8000000000000000701445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f42e26acc7f0fc22023-02-07 15:13:26.347root 11241100x8000000000000000701444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8af87b56fc815b82023-02-07 15:13:26.347root 11241100x8000000000000000701443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb9306290b88cd42023-02-07 15:13:26.347root 11241100x8000000000000000701442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c38837c13299332023-02-07 15:13:26.347root 11241100x8000000000000000701441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53762c6d77c31db2023-02-07 15:13:26.347root 11241100x8000000000000000701440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c73e75fda7a0d62023-02-07 15:13:26.347root 11241100x8000000000000000701464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a1f34a04a4fdab2023-02-07 15:13:26.348root 11241100x8000000000000000701463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc353c7a10dd5612023-02-07 15:13:26.348root 11241100x8000000000000000701462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409cd9b5017d682b2023-02-07 15:13:26.348root 11241100x8000000000000000701461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabc5d74a03773472023-02-07 15:13:26.348root 11241100x8000000000000000701460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75becdf7070975bc2023-02-07 15:13:26.348root 11241100x8000000000000000701459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1838e85d3384a72023-02-07 15:13:26.348root 11241100x8000000000000000701458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f165f25a3f7a56142023-02-07 15:13:26.348root 11241100x8000000000000000701457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3bae983bb4b4472023-02-07 15:13:26.348root 11241100x8000000000000000701456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5900f5621befa7432023-02-07 15:13:26.348root 11241100x8000000000000000701455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e55e9116213642023-02-07 15:13:26.348root 11241100x8000000000000000701454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e887902129984782023-02-07 15:13:26.348root 11241100x8000000000000000701453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c49877556113f012023-02-07 15:13:26.348root 11241100x8000000000000000701452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1211d1c0667467bd2023-02-07 15:13:26.348root 11241100x8000000000000000701451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539c49439eb663e52023-02-07 15:13:26.348root 11241100x8000000000000000701450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239c4fd1858882272023-02-07 15:13:26.348root 11241100x8000000000000000701449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918cd97b442050352023-02-07 15:13:26.348root 11241100x8000000000000000701468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a7c994386987982023-02-07 15:13:26.349root 11241100x8000000000000000701467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5539ad8d7b03c0ef2023-02-07 15:13:26.349root 11241100x8000000000000000701466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bc5c9b79db68182023-02-07 15:13:26.349root 11241100x8000000000000000701465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca33c47cb753ed22023-02-07 15:13:26.349root 11241100x8000000000000000701477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398cc7bc5dd700372023-02-07 15:13:26.846root 11241100x8000000000000000701476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570ff3422b9b58a62023-02-07 15:13:26.846root 11241100x8000000000000000701475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f884332028a517202023-02-07 15:13:26.846root 11241100x8000000000000000701474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f64fc52559921012023-02-07 15:13:26.846root 11241100x8000000000000000701473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a967b578bf1d6b2023-02-07 15:13:26.846root 11241100x8000000000000000701472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638447c344af940c2023-02-07 15:13:26.846root 11241100x8000000000000000701471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760d627b5d8331c92023-02-07 15:13:26.846root 11241100x8000000000000000701470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56356fff218ffeec2023-02-07 15:13:26.846root 11241100x8000000000000000701469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4b3c824b4985c42023-02-07 15:13:26.846root 11241100x8000000000000000701491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7a4cc1aca5acf22023-02-07 15:13:26.847root 11241100x8000000000000000701490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3c1a87946a69662023-02-07 15:13:26.847root 11241100x8000000000000000701489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8807cbb4b5a56d2023-02-07 15:13:26.847root 11241100x8000000000000000701488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b092776c16abcd4c2023-02-07 15:13:26.847root 11241100x8000000000000000701487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8469bde0a365f4a2023-02-07 15:13:26.847root 11241100x8000000000000000701486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76715a141cd7d6ce2023-02-07 15:13:26.847root 11241100x8000000000000000701485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e943d5ba83de8e632023-02-07 15:13:26.847root 11241100x8000000000000000701484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dcaee7a55043662023-02-07 15:13:26.847root 11241100x8000000000000000701483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66ebadfb4aee2c32023-02-07 15:13:26.847root 11241100x8000000000000000701482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d43724128a613a2023-02-07 15:13:26.847root 11241100x8000000000000000701481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f49143f5e32202c2023-02-07 15:13:26.847root 11241100x8000000000000000701480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e86bde73e1bed502023-02-07 15:13:26.847root 11241100x8000000000000000701479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf84ec2dfabac7e2023-02-07 15:13:26.847root 11241100x8000000000000000701478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4ffc27110d1b192023-02-07 15:13:26.847root 11241100x8000000000000000701501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aad68a080c456a2023-02-07 15:13:26.848root 11241100x8000000000000000701500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf02a701184dee12023-02-07 15:13:26.848root 11241100x8000000000000000701499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92cd4b38e0df0b92023-02-07 15:13:26.848root 11241100x8000000000000000701498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73322631a539be352023-02-07 15:13:26.848root 11241100x8000000000000000701497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479a496e1a379a982023-02-07 15:13:26.848root 11241100x8000000000000000701496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5106cfa969feb5892023-02-07 15:13:26.848root 11241100x8000000000000000701495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f20177926d29a912023-02-07 15:13:26.848root 11241100x8000000000000000701494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97855b7dc15c06862023-02-07 15:13:26.848root 11241100x8000000000000000701493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2c85736f5124442023-02-07 15:13:26.848root 11241100x8000000000000000701492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3785f30d6f7006302023-02-07 15:13:26.848root 11241100x8000000000000000701502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ce3b8f991793162023-02-07 15:13:27.345root 11241100x8000000000000000701514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276fe8fb95992ed92023-02-07 15:13:27.346root 11241100x8000000000000000701513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f66e71ddaaca81e2023-02-07 15:13:27.346root 11241100x8000000000000000701512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547005492a3bf47b2023-02-07 15:13:27.346root 11241100x8000000000000000701511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a7d5240ef975a52023-02-07 15:13:27.346root 11241100x8000000000000000701510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4639fc8b96feca5b2023-02-07 15:13:27.346root 11241100x8000000000000000701509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfafa5b36a78a6e2023-02-07 15:13:27.346root 11241100x8000000000000000701508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763547b4e045c32f2023-02-07 15:13:27.346root 11241100x8000000000000000701507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fe39ff4cc59cb62023-02-07 15:13:27.346root 11241100x8000000000000000701506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4144f806441a8032023-02-07 15:13:27.346root 11241100x8000000000000000701505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee51fe7ac1380412023-02-07 15:13:27.346root 11241100x8000000000000000701504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8b10c3a50069472023-02-07 15:13:27.346root 11241100x8000000000000000701503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38719788b5f8d0ac2023-02-07 15:13:27.346root 11241100x8000000000000000701527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735d4da0c37582072023-02-07 15:13:27.347root 11241100x8000000000000000701526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f459606722e86b2023-02-07 15:13:27.347root 11241100x8000000000000000701525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b28873b0bddce62023-02-07 15:13:27.347root 11241100x8000000000000000701524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb20fd31aa1b2ec2023-02-07 15:13:27.347root 11241100x8000000000000000701523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48700f4b232a566a2023-02-07 15:13:27.347root 11241100x8000000000000000701522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d711b477892c382023-02-07 15:13:27.347root 11241100x8000000000000000701521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d78ace4259b714f2023-02-07 15:13:27.347root 11241100x8000000000000000701520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57e2ee37726ed9a2023-02-07 15:13:27.347root 11241100x8000000000000000701519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0376217e3deacad2023-02-07 15:13:27.347root 11241100x8000000000000000701518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0be8eeb9ac9813f2023-02-07 15:13:27.347root 11241100x8000000000000000701517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdcaa2f6d8b74c42023-02-07 15:13:27.347root 11241100x8000000000000000701516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c428216fe2082df02023-02-07 15:13:27.347root 11241100x8000000000000000701515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981f59263f2f0f7e2023-02-07 15:13:27.347root 11241100x8000000000000000701537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c9f539096541112023-02-07 15:13:27.348root 11241100x8000000000000000701536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e54d4e9c89375752023-02-07 15:13:27.348root 11241100x8000000000000000701535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09393287bbbb0ba2023-02-07 15:13:27.348root 11241100x8000000000000000701534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce87d01750c04a62023-02-07 15:13:27.348root 11241100x8000000000000000701533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4255c4be1896c77d2023-02-07 15:13:27.348root 11241100x8000000000000000701532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09559b99fd5df8232023-02-07 15:13:27.348root 11241100x8000000000000000701531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d2162fc7a12fd22023-02-07 15:13:27.348root 11241100x8000000000000000701530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28bd1924b6e17af2023-02-07 15:13:27.348root 11241100x8000000000000000701529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dad012e41eefc32023-02-07 15:13:27.348root 11241100x8000000000000000701528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefe69317a8aa0d02023-02-07 15:13:27.348root 23542300x8000000000000000701538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.731{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000701550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a3e60a7d4488a32023-02-07 15:13:27.733root 11241100x8000000000000000701549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e028c2f604c63282023-02-07 15:13:27.733root 11241100x8000000000000000701548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb7c963239e65582023-02-07 15:13:27.733root 11241100x8000000000000000701547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f751c3cd6185ca2023-02-07 15:13:27.733root 11241100x8000000000000000701546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1423b9e7bc73292023-02-07 15:13:27.733root 11241100x8000000000000000701545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0557c58f2650f72023-02-07 15:13:27.733root 11241100x8000000000000000701544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25837afe76a78c6d2023-02-07 15:13:27.733root 11241100x8000000000000000701543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc887e9a0b764702023-02-07 15:13:27.733root 11241100x8000000000000000701542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bca2ae75a941db2023-02-07 15:13:27.733root 11241100x8000000000000000701541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecfcb62ab8f47be2023-02-07 15:13:27.733root 11241100x8000000000000000701540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbe1913c8c44ed62023-02-07 15:13:27.733root 11241100x8000000000000000701539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18480935fa9f22d2023-02-07 15:13:27.733root 11241100x8000000000000000701565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8b4d41244d6c482023-02-07 15:13:27.734root 11241100x8000000000000000701564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825da60c10e153062023-02-07 15:13:27.734root 11241100x8000000000000000701563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333dd94b3f76217e2023-02-07 15:13:27.734root 11241100x8000000000000000701562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d39795ffc99052023-02-07 15:13:27.734root 11241100x8000000000000000701561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245d06c42f43a66a2023-02-07 15:13:27.734root 11241100x8000000000000000701560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d88ea253d8fbe12023-02-07 15:13:27.734root 11241100x8000000000000000701559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfec4aaf74eb1562023-02-07 15:13:27.734root 11241100x8000000000000000701558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e26aa5a1527da22023-02-07 15:13:27.734root 11241100x8000000000000000701557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61cab1bc9b8b8ce2023-02-07 15:13:27.734root 11241100x8000000000000000701556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fa6f7e219c4ad22023-02-07 15:13:27.734root 11241100x8000000000000000701555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ea4f9f1b1c4c02023-02-07 15:13:27.734root 11241100x8000000000000000701554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1519d7b4bf103f342023-02-07 15:13:27.734root 11241100x8000000000000000701553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b3076264049afc2023-02-07 15:13:27.734root 11241100x8000000000000000701552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19db3a12daccca5e2023-02-07 15:13:27.734root 11241100x8000000000000000701551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb709073ce91ad42023-02-07 15:13:27.734root 11241100x8000000000000000701572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d13bf6c00cb7b382023-02-07 15:13:27.735root 11241100x8000000000000000701571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3485baf0836639082023-02-07 15:13:27.735root 11241100x8000000000000000701570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550d0fd8024bfc7b2023-02-07 15:13:27.735root 11241100x8000000000000000701569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7643aade4a552c6a2023-02-07 15:13:27.735root 11241100x8000000000000000701568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc2625ca7622122023-02-07 15:13:27.735root 11241100x8000000000000000701567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a60762fe2240f72023-02-07 15:13:27.735root 11241100x8000000000000000701566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584ddc4cb86791c22023-02-07 15:13:27.735root 11241100x8000000000000000701579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a67e2379099f8fc2023-02-07 15:13:28.095root 11241100x8000000000000000701578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a14173b285b4c22023-02-07 15:13:28.095root 11241100x8000000000000000701577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706bcadef18dce42023-02-07 15:13:28.095root 11241100x8000000000000000701576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed50636d44d21de2023-02-07 15:13:28.095root 11241100x8000000000000000701575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e62ba7996368522023-02-07 15:13:28.095root 11241100x8000000000000000701574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da25ae0588b8e8c42023-02-07 15:13:28.095root 11241100x8000000000000000701573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9533d7b14b811272023-02-07 15:13:28.095root 11241100x8000000000000000701590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29a3617b9c1e6c12023-02-07 15:13:28.096root 11241100x8000000000000000701589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f754668643cd59aa2023-02-07 15:13:28.096root 11241100x8000000000000000701588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b910fd5f1f1795e2023-02-07 15:13:28.096root 11241100x8000000000000000701587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8293a9d24b5e51122023-02-07 15:13:28.096root 11241100x8000000000000000701586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a019b87e8330352023-02-07 15:13:28.096root 11241100x8000000000000000701585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee0d04b8e93f4892023-02-07 15:13:28.096root 11241100x8000000000000000701584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63482a7f600cedc42023-02-07 15:13:28.096root 11241100x8000000000000000701583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62dd35dd10822cf2023-02-07 15:13:28.096root 11241100x8000000000000000701582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaee60e3d8c29822023-02-07 15:13:28.096root 11241100x8000000000000000701581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d21bd39c92d99402023-02-07 15:13:28.096root 11241100x8000000000000000701580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165807766877797a2023-02-07 15:13:28.096root 11241100x8000000000000000701596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f91a083d2616442023-02-07 15:13:28.097root 11241100x8000000000000000701595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af856d65679d7cba2023-02-07 15:13:28.097root 11241100x8000000000000000701594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6834386a969c965e2023-02-07 15:13:28.097root 11241100x8000000000000000701593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dddc5d6f03b1d52023-02-07 15:13:28.097root 11241100x8000000000000000701592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60beed4abf941f062023-02-07 15:13:28.097root 11241100x8000000000000000701591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9358e8d6c7a33fe2023-02-07 15:13:28.097root 11241100x8000000000000000701600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc89e5fa983fe482023-02-07 15:13:28.098root 11241100x8000000000000000701599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33cab75099b2f8f2023-02-07 15:13:28.098root 11241100x8000000000000000701598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3011c5ed4a7fe12023-02-07 15:13:28.098root 11241100x8000000000000000701597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86365ba1f774b81b2023-02-07 15:13:28.098root 11241100x8000000000000000701604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759cef7d5eed8ea02023-02-07 15:13:28.099root 11241100x8000000000000000701603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bef558b7d4d6af2023-02-07 15:13:28.099root 11241100x8000000000000000701602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a706e13cb1fc68292023-02-07 15:13:28.099root 11241100x8000000000000000701601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da53a36d0d073832023-02-07 15:13:28.099root 11241100x8000000000000000701613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f4855f431831842023-02-07 15:13:28.100root 11241100x8000000000000000701612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43453c79f4f2fb732023-02-07 15:13:28.100root 11241100x8000000000000000701611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93535ef58aeba5c12023-02-07 15:13:28.100root 11241100x8000000000000000701610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fd31debd9d5af52023-02-07 15:13:28.100root 11241100x8000000000000000701609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e228b814279a322023-02-07 15:13:28.100root 11241100x8000000000000000701608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00feb88f1c56abd52023-02-07 15:13:28.100root 11241100x8000000000000000701607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089a4d618e87a31d2023-02-07 15:13:28.100root 11241100x8000000000000000701606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c56a6de44758ea2023-02-07 15:13:28.100root 11241100x8000000000000000701605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88767fa29e494aa32023-02-07 15:13:28.100root 11241100x8000000000000000701621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eacd3f87e72e3952023-02-07 15:13:28.101root 11241100x8000000000000000701620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfa43051caf88442023-02-07 15:13:28.101root 11241100x8000000000000000701619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2c86a4529027c42023-02-07 15:13:28.101root 11241100x8000000000000000701618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba310188094c1712023-02-07 15:13:28.101root 11241100x8000000000000000701617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eee5e4533e5eba2023-02-07 15:13:28.101root 11241100x8000000000000000701616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f1ec18f7414b12023-02-07 15:13:28.101root 11241100x8000000000000000701615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4729a914aca7f12023-02-07 15:13:28.101root 11241100x8000000000000000701614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180043f593d773822023-02-07 15:13:28.101root 11241100x8000000000000000701622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65d2f4edb68f5202023-02-07 15:13:28.102root 11241100x8000000000000000701628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa0a4735f96ca092023-02-07 15:13:28.103root 11241100x8000000000000000701627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337e46aeef9b1fc12023-02-07 15:13:28.103root 11241100x8000000000000000701626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6b1f6c459488d02023-02-07 15:13:28.103root 11241100x8000000000000000701625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3292e207a16a182023-02-07 15:13:28.103root 11241100x8000000000000000701624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98f1f724dec9ca22023-02-07 15:13:28.103root 11241100x8000000000000000701623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1cb85f9c97f34a2023-02-07 15:13:28.103root 11241100x8000000000000000701631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c62405cdcfa8392023-02-07 15:13:28.105root 11241100x8000000000000000701630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36d7d5aa35ef19e2023-02-07 15:13:28.105root 11241100x8000000000000000701629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f732232f4882ac632023-02-07 15:13:28.105root 11241100x8000000000000000701634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4406c170d39c052023-02-07 15:13:28.595root 11241100x8000000000000000701633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32321ec30bd8770d2023-02-07 15:13:28.595root 11241100x8000000000000000701632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e9916b62c5ab1a2023-02-07 15:13:28.595root 11241100x8000000000000000701638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2541d6464a2d2e2023-02-07 15:13:28.596root 11241100x8000000000000000701637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3ca04599809b3e2023-02-07 15:13:28.596root 11241100x8000000000000000701636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160e7a9a46b3ec9c2023-02-07 15:13:28.596root 11241100x8000000000000000701635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5125f5f74517c62023-02-07 15:13:28.596root 11241100x8000000000000000701642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500ff9a52b7f31d22023-02-07 15:13:28.597root 11241100x8000000000000000701641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bcfe3157cbf8292023-02-07 15:13:28.597root 11241100x8000000000000000701640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375ff6dd5b9dd9bd2023-02-07 15:13:28.597root 11241100x8000000000000000701639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7f4dc3b5023fcc2023-02-07 15:13:28.597root 11241100x8000000000000000701646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29545c6db89213382023-02-07 15:13:28.598root 11241100x8000000000000000701645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3d2e404cb0c1342023-02-07 15:13:28.598root 11241100x8000000000000000701644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a3e872680bfe492023-02-07 15:13:28.598root 11241100x8000000000000000701643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de0ca364b79d6872023-02-07 15:13:28.598root 11241100x8000000000000000701650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ef07157db6301e2023-02-07 15:13:28.599root 11241100x8000000000000000701649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997f9992c3135beb2023-02-07 15:13:28.599root 11241100x8000000000000000701648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5f295705c91b8f2023-02-07 15:13:28.599root 11241100x8000000000000000701647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c762fb9a7748efcb2023-02-07 15:13:28.599root 11241100x8000000000000000701654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cd09f80519fd132023-02-07 15:13:28.600root 11241100x8000000000000000701653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10313ace2235d872023-02-07 15:13:28.600root 11241100x8000000000000000701652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a5271c44744d3d2023-02-07 15:13:28.600root 11241100x8000000000000000701651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5799f0a706ce7e822023-02-07 15:13:28.600root 11241100x8000000000000000701659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fd73cc2e478c592023-02-07 15:13:28.601root 11241100x8000000000000000701658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94ce847552b95b92023-02-07 15:13:28.601root 11241100x8000000000000000701657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1e3cedcb2aac422023-02-07 15:13:28.601root 11241100x8000000000000000701656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1262950a4508aae2023-02-07 15:13:28.601root 11241100x8000000000000000701655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc229fc28a004f822023-02-07 15:13:28.601root 11241100x8000000000000000701664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c555fb09610673912023-02-07 15:13:28.602root 11241100x8000000000000000701663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0217aeeb88d487812023-02-07 15:13:28.602root 11241100x8000000000000000701662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6debb2c48de61c72023-02-07 15:13:28.602root 11241100x8000000000000000701661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0bbfe9722a60112023-02-07 15:13:28.602root 11241100x8000000000000000701660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c72a67f3667d352023-02-07 15:13:28.602root 11241100x8000000000000000701670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd61bcc981b62802023-02-07 15:13:28.603root 11241100x8000000000000000701669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acde97068c0de0752023-02-07 15:13:28.603root 11241100x8000000000000000701668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4015003a4ad8c1652023-02-07 15:13:28.603root 11241100x8000000000000000701667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc05bc805ec20ff42023-02-07 15:13:28.603root 11241100x8000000000000000701666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a73f0a9e824013c2023-02-07 15:13:28.603root 11241100x8000000000000000701665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:28.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fe251efba8fcb62023-02-07 15:13:28.603root 11241100x8000000000000000701675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4e0657353cfe072023-02-07 15:13:29.095root 11241100x8000000000000000701674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402fe9652ad191ea2023-02-07 15:13:29.095root 11241100x8000000000000000701673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b410d13d3126531b2023-02-07 15:13:29.095root 11241100x8000000000000000701672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b494b13f4155da42023-02-07 15:13:29.095root 11241100x8000000000000000701671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cea209b7c82cdf2023-02-07 15:13:29.095root 11241100x8000000000000000701685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609ebe22276f221f2023-02-07 15:13:29.096root 11241100x8000000000000000701684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05341963fd2990262023-02-07 15:13:29.096root 11241100x8000000000000000701683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6944dc01f916b47a2023-02-07 15:13:29.096root 11241100x8000000000000000701682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c58124dd8c1fb352023-02-07 15:13:29.096root 11241100x8000000000000000701681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528a2cfdf87b21e92023-02-07 15:13:29.096root 11241100x8000000000000000701680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52528aaffb7734a2023-02-07 15:13:29.096root 11241100x8000000000000000701679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029a9c4df63b29742023-02-07 15:13:29.096root 11241100x8000000000000000701678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e72173216763932023-02-07 15:13:29.096root 11241100x8000000000000000701677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1ee8fb68be9dd72023-02-07 15:13:29.096root 11241100x8000000000000000701676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57be4c6f4e2967f2023-02-07 15:13:29.096root 11241100x8000000000000000701695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8f4878a09ed0fc2023-02-07 15:13:29.097root 11241100x8000000000000000701694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee393e279597e1662023-02-07 15:13:29.097root 11241100x8000000000000000701693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d315a667861c57b2023-02-07 15:13:29.097root 11241100x8000000000000000701692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3affcfd890ffc1f2023-02-07 15:13:29.097root 11241100x8000000000000000701691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06075c19d37a0fde2023-02-07 15:13:29.097root 11241100x8000000000000000701690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03a7a3e8449c4502023-02-07 15:13:29.097root 11241100x8000000000000000701689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87acedbdcddfdeb82023-02-07 15:13:29.097root 11241100x8000000000000000701688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e9eddbb410094f2023-02-07 15:13:29.097root 11241100x8000000000000000701687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580256fe92dfe132023-02-07 15:13:29.097root 11241100x8000000000000000701686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9198b121c802d15a2023-02-07 15:13:29.097root 11241100x8000000000000000701705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e47488b0b8531cd2023-02-07 15:13:29.098root 11241100x8000000000000000701704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc7ae53f49b5bac2023-02-07 15:13:29.098root 11241100x8000000000000000701703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97997e7024b519802023-02-07 15:13:29.098root 11241100x8000000000000000701702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1c24c1f592872d2023-02-07 15:13:29.098root 11241100x8000000000000000701701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7620594f0420e6342023-02-07 15:13:29.098root 11241100x8000000000000000701700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0756e988109ab52023-02-07 15:13:29.098root 11241100x8000000000000000701699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9bae98bbb4a7412023-02-07 15:13:29.098root 11241100x8000000000000000701698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f54e152b0e82582023-02-07 15:13:29.098root 11241100x8000000000000000701697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1879bc001668c1102023-02-07 15:13:29.098root 11241100x8000000000000000701696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1377e46a40190892023-02-07 15:13:29.098root 11241100x8000000000000000701714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d13a024254c41302023-02-07 15:13:29.099root 11241100x8000000000000000701713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afaf4fe95a3479e2023-02-07 15:13:29.099root 11241100x8000000000000000701712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea45a2b5c6a641a2023-02-07 15:13:29.099root 11241100x8000000000000000701711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e4584eab85d1782023-02-07 15:13:29.099root 11241100x8000000000000000701710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bb19121f6fe5492023-02-07 15:13:29.099root 11241100x8000000000000000701709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c61dbcdb862c1c2023-02-07 15:13:29.099root 11241100x8000000000000000701708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64901df5c48e9efc2023-02-07 15:13:29.099root 11241100x8000000000000000701707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bdb754ba1061862023-02-07 15:13:29.099root 11241100x8000000000000000701706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e63a7d43aefc02023-02-07 15:13:29.099root 11241100x8000000000000000701718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6351666d3d441cd22023-02-07 15:13:29.595root 11241100x8000000000000000701717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814c447f9aec91042023-02-07 15:13:29.595root 11241100x8000000000000000701716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3a39cacf9befb12023-02-07 15:13:29.595root 11241100x8000000000000000701715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3590e21f63f612032023-02-07 15:13:29.595root 11241100x8000000000000000701728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86deae76002af7ad2023-02-07 15:13:29.596root 11241100x8000000000000000701727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f182c8993de55ca2023-02-07 15:13:29.596root 11241100x8000000000000000701726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09548aad69f11842023-02-07 15:13:29.596root 11241100x8000000000000000701725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601ca56fd515b7eb2023-02-07 15:13:29.596root 11241100x8000000000000000701724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d7599546267892023-02-07 15:13:29.596root 11241100x8000000000000000701723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bde1aea94faa6862023-02-07 15:13:29.596root 11241100x8000000000000000701722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89edd0d63b110842023-02-07 15:13:29.596root 11241100x8000000000000000701721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334b2911a824fa372023-02-07 15:13:29.596root 11241100x8000000000000000701720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca57974398454652023-02-07 15:13:29.596root 11241100x8000000000000000701719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c946470b509d382023-02-07 15:13:29.596root 11241100x8000000000000000701737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e658dc74721cdaa2023-02-07 15:13:29.597root 11241100x8000000000000000701736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852399c10b9b3f822023-02-07 15:13:29.597root 11241100x8000000000000000701735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2aa02c47586c2f2023-02-07 15:13:29.597root 11241100x8000000000000000701734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be6478cc2cec5ee2023-02-07 15:13:29.597root 11241100x8000000000000000701733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce14894c8beff9062023-02-07 15:13:29.597root 11241100x8000000000000000701732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e83b8598e046172023-02-07 15:13:29.597root 11241100x8000000000000000701731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eddcc49d5bc2452023-02-07 15:13:29.597root 11241100x8000000000000000701730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e963b465b549462023-02-07 15:13:29.597root 11241100x8000000000000000701729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ba3e8d9844dbe82023-02-07 15:13:29.597root 11241100x8000000000000000701742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b8eda039541d8a2023-02-07 15:13:29.598root 11241100x8000000000000000701741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f45906a4aaa1b2023-02-07 15:13:29.598root 11241100x8000000000000000701740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb36b32c32fa70da2023-02-07 15:13:29.598root 11241100x8000000000000000701739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a947fd2648521cd52023-02-07 15:13:29.598root 11241100x8000000000000000701738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29fd3c972437b402023-02-07 15:13:29.598root 11241100x8000000000000000701746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a29ec90cf56c362023-02-07 15:13:29.599root 11241100x8000000000000000701745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6279e8cacd6a89082023-02-07 15:13:29.599root 11241100x8000000000000000701744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a04eb31e119383b2023-02-07 15:13:29.599root 11241100x8000000000000000701743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46057aa6b999c1952023-02-07 15:13:29.599root 11241100x8000000000000000701747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d520dea7a66f13782023-02-07 15:13:29.601root 11241100x8000000000000000701750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a20f87a29c4f422023-02-07 15:13:29.602root 11241100x8000000000000000701749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523a14dcc2a2221e2023-02-07 15:13:29.602root 11241100x8000000000000000701748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858fc87ead805e752023-02-07 15:13:29.602root 11241100x8000000000000000701751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebc3825dc2e663f2023-02-07 15:13:29.603root 11241100x8000000000000000701760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c434ad9966426992023-02-07 15:13:29.604root 11241100x8000000000000000701759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140a0c8780c2dcc52023-02-07 15:13:29.604root 11241100x8000000000000000701758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b2c1c2db4b01bb2023-02-07 15:13:29.604root 11241100x8000000000000000701757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f720cc76ecd42d2023-02-07 15:13:29.604root 11241100x8000000000000000701756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc9fb403f7ca4e12023-02-07 15:13:29.604root 11241100x8000000000000000701755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0d765e783d39252023-02-07 15:13:29.604root 11241100x8000000000000000701754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d67023f24aa69d82023-02-07 15:13:29.604root 11241100x8000000000000000701753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31faeba5e50231282023-02-07 15:13:29.604root 11241100x8000000000000000701752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b0d75eca640e3e2023-02-07 15:13:29.604root 11241100x8000000000000000701766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632dfc069b40c1232023-02-07 15:13:29.605root 11241100x8000000000000000701765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d87bd50837f7a72023-02-07 15:13:29.605root 11241100x8000000000000000701764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181cb9a3d5f0c062023-02-07 15:13:29.605root 11241100x8000000000000000701763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c021606576fa230f2023-02-07 15:13:29.605root 11241100x8000000000000000701762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2376b98ee8c116fd2023-02-07 15:13:29.605root 11241100x8000000000000000701761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:29.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436ae1d2136b6c882023-02-07 15:13:29.605root 11241100x8000000000000000701767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafbc6ae54581ffb2023-02-07 15:13:30.095root 11241100x8000000000000000701777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9080527bb08405c02023-02-07 15:13:30.096root 11241100x8000000000000000701776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a72b202c67570cf2023-02-07 15:13:30.096root 11241100x8000000000000000701775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c228a0c9d516f0b2023-02-07 15:13:30.096root 11241100x8000000000000000701774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77c62598f0a346d2023-02-07 15:13:30.096root 11241100x8000000000000000701773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0737bc1a491993c2023-02-07 15:13:30.096root 11241100x8000000000000000701772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3bdfd978d074692023-02-07 15:13:30.096root 11241100x8000000000000000701771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b672eec79e1bec2023-02-07 15:13:30.096root 11241100x8000000000000000701770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266c770e10f8abfb2023-02-07 15:13:30.096root 11241100x8000000000000000701769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0403b2302991bfa2023-02-07 15:13:30.096root 11241100x8000000000000000701768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bdd3f647bb150a2023-02-07 15:13:30.096root 11241100x8000000000000000701793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e5cad158ac97592023-02-07 15:13:30.097root 11241100x8000000000000000701792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bdc16bcf92fa012023-02-07 15:13:30.097root 11241100x8000000000000000701791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cfa1743d09d36c2023-02-07 15:13:30.097root 11241100x8000000000000000701790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4974d520224ab6402023-02-07 15:13:30.097root 11241100x8000000000000000701789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9553a7eade0387af2023-02-07 15:13:30.097root 11241100x8000000000000000701788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9cb59bf8862bcd2023-02-07 15:13:30.097root 11241100x8000000000000000701787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf493d920f39de42023-02-07 15:13:30.097root 11241100x8000000000000000701786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd0e3e8b864472e2023-02-07 15:13:30.097root 11241100x8000000000000000701785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3956d074204273c32023-02-07 15:13:30.097root 11241100x8000000000000000701784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb123fb590a287b2023-02-07 15:13:30.097root 11241100x8000000000000000701783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3167578d999c259d2023-02-07 15:13:30.097root 11241100x8000000000000000701782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2723cd4016dfb92023-02-07 15:13:30.097root 11241100x8000000000000000701781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e0687cc26ec64e2023-02-07 15:13:30.097root 11241100x8000000000000000701780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d6ef4937cd99072023-02-07 15:13:30.097root 11241100x8000000000000000701779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c913d98825c4c5982023-02-07 15:13:30.097root 11241100x8000000000000000701778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1addd0c70fe058672023-02-07 15:13:30.097root 11241100x8000000000000000701805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e999b3654e517402023-02-07 15:13:30.098root 11241100x8000000000000000701804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70fa267c44f50c32023-02-07 15:13:30.098root 11241100x8000000000000000701803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b3c580d92664da2023-02-07 15:13:30.098root 11241100x8000000000000000701802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e30113b7c89bb92023-02-07 15:13:30.098root 11241100x8000000000000000701801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a97a64f983f5a42023-02-07 15:13:30.098root 11241100x8000000000000000701800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4adf92c821c6ca2023-02-07 15:13:30.098root 11241100x8000000000000000701799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05c061d06b8339c2023-02-07 15:13:30.098root 11241100x8000000000000000701798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c939080e1bd263d32023-02-07 15:13:30.098root 11241100x8000000000000000701797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7befef085b9ab51b2023-02-07 15:13:30.098root 11241100x8000000000000000701796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba176e031af8dd202023-02-07 15:13:30.098root 11241100x8000000000000000701795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5dc10473b2e5b12023-02-07 15:13:30.098root 11241100x8000000000000000701794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7e66446f91f91a2023-02-07 15:13:30.098root 11241100x8000000000000000701810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46001d2f2bb683972023-02-07 15:13:30.099root 11241100x8000000000000000701809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9be372b77173fb62023-02-07 15:13:30.099root 11241100x8000000000000000701808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fbefc5f48b9f932023-02-07 15:13:30.099root 11241100x8000000000000000701807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ce46c69acf2b72023-02-07 15:13:30.099root 11241100x8000000000000000701806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddad41c3601b53a2023-02-07 15:13:30.099root 11241100x8000000000000000701812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b45f6beb7663092023-02-07 15:13:30.100root 11241100x8000000000000000701811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e27bb84e5705f92023-02-07 15:13:30.100root 11241100x8000000000000000701819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586ffd864fe3330d2023-02-07 15:13:30.102root 11241100x8000000000000000701818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c236815e23013bb2023-02-07 15:13:30.102root 11241100x8000000000000000701817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765bf30c9123d8a62023-02-07 15:13:30.102root 11241100x8000000000000000701816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07513d391fefd272023-02-07 15:13:30.102root 11241100x8000000000000000701815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284a15b7fb48e89f2023-02-07 15:13:30.102root 11241100x8000000000000000701814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd393afd92371a4d2023-02-07 15:13:30.102root 11241100x8000000000000000701813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb829e04e32f0e42023-02-07 15:13:30.102root 11241100x8000000000000000701823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c9248ec01a409c2023-02-07 15:13:30.103root 11241100x8000000000000000701822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8ebf1fe3753a812023-02-07 15:13:30.103root 11241100x8000000000000000701821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df98e03ff1e16cef2023-02-07 15:13:30.103root 11241100x8000000000000000701820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62b85b9e44e959a2023-02-07 15:13:30.103root 11241100x8000000000000000701836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6826a2e5314ec8f32023-02-07 15:13:30.596root 11241100x8000000000000000701835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f1fe7bc9a9fbd02023-02-07 15:13:30.596root 11241100x8000000000000000701834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f4661b92e4c5762023-02-07 15:13:30.596root 11241100x8000000000000000701833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6870b38f6c279e032023-02-07 15:13:30.596root 11241100x8000000000000000701832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8767ffeb372d4d22023-02-07 15:13:30.596root 11241100x8000000000000000701831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6d773ab50f25782023-02-07 15:13:30.596root 11241100x8000000000000000701830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d456e0ce8c825d92023-02-07 15:13:30.596root 11241100x8000000000000000701829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c09e2324e0df02023-02-07 15:13:30.596root 11241100x8000000000000000701828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec171886593af0cc2023-02-07 15:13:30.596root 11241100x8000000000000000701827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4800837f4346f02023-02-07 15:13:30.596root 11241100x8000000000000000701826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8aba0aa7280aec2023-02-07 15:13:30.596root 11241100x8000000000000000701825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94bfc5f6e491b7e2023-02-07 15:13:30.596root 11241100x8000000000000000701824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f57158277cdfd502023-02-07 15:13:30.596root 11241100x8000000000000000701850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1454bc5482d2732a2023-02-07 15:13:30.597root 11241100x8000000000000000701849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340d33eb0110ae562023-02-07 15:13:30.597root 11241100x8000000000000000701848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecaf36f67c3954b2023-02-07 15:13:30.597root 11241100x8000000000000000701847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d39894c8e864cc92023-02-07 15:13:30.597root 11241100x8000000000000000701846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617f9a7c8e8bb72a2023-02-07 15:13:30.597root 11241100x8000000000000000701845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3106cb8d3771572023-02-07 15:13:30.597root 11241100x8000000000000000701844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184cda2fef35fd452023-02-07 15:13:30.597root 11241100x8000000000000000701843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfe6a561e60919f2023-02-07 15:13:30.597root 11241100x8000000000000000701842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f96018fa600da5c2023-02-07 15:13:30.597root 11241100x8000000000000000701841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda00b6b99d523312023-02-07 15:13:30.597root 11241100x8000000000000000701840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c3ae5be4ed946a2023-02-07 15:13:30.597root 11241100x8000000000000000701839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a058a9fbfb87292023-02-07 15:13:30.597root 11241100x8000000000000000701838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d154175ba19723b22023-02-07 15:13:30.597root 11241100x8000000000000000701837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd10167e497d8c882023-02-07 15:13:30.597root 11241100x8000000000000000701862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f8c7cdcde0cc832023-02-07 15:13:30.598root 11241100x8000000000000000701861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261c0be59b83dc022023-02-07 15:13:30.598root 11241100x8000000000000000701860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b495d00ef580f9d2023-02-07 15:13:30.598root 11241100x8000000000000000701859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bdaed8cb45158d2023-02-07 15:13:30.598root 11241100x8000000000000000701858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a0e175d5bac67f2023-02-07 15:13:30.598root 11241100x8000000000000000701857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bcbe83db1320322023-02-07 15:13:30.598root 11241100x8000000000000000701856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7185bd3e178ca312023-02-07 15:13:30.598root 11241100x8000000000000000701855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c732ce3e78669a82023-02-07 15:13:30.598root 11241100x8000000000000000701854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b7e57a1a9d71832023-02-07 15:13:30.598root 11241100x8000000000000000701853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bd0da20d5362f52023-02-07 15:13:30.598root 11241100x8000000000000000701852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7e9829a3c3a3e92023-02-07 15:13:30.598root 11241100x8000000000000000701851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dc86467f34864b2023-02-07 15:13:30.598root 11241100x8000000000000000701871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e068549be32e6bc72023-02-07 15:13:30.599root 11241100x8000000000000000701870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a46d8a6dbbeb7152023-02-07 15:13:30.599root 11241100x8000000000000000701869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b343b2c7f7a159c2023-02-07 15:13:30.599root 11241100x8000000000000000701868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ad626beae9c2732023-02-07 15:13:30.599root 11241100x8000000000000000701867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3571830307738a2023-02-07 15:13:30.599root 11241100x8000000000000000701866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb2a2c3b3a302ee2023-02-07 15:13:30.599root 11241100x8000000000000000701865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e95540bce4be012023-02-07 15:13:30.599root 11241100x8000000000000000701864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b144275b557b02742023-02-07 15:13:30.599root 11241100x8000000000000000701863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c8a9cfca81c9502023-02-07 15:13:30.599root 11241100x8000000000000000701882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea552ea214846e2023-02-07 15:13:30.601root 11241100x8000000000000000701881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5b2271d8acf4b52023-02-07 15:13:30.601root 11241100x8000000000000000701880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e10685e2004752023-02-07 15:13:30.601root 11241100x8000000000000000701879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c591942b7b18922023-02-07 15:13:30.601root 11241100x8000000000000000701878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96933a71b0efd62c2023-02-07 15:13:30.601root 11241100x8000000000000000701877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2751a84609f882023-02-07 15:13:30.601root 11241100x8000000000000000701876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bb90f2edf501102023-02-07 15:13:30.601root 11241100x8000000000000000701875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82455a48874a74922023-02-07 15:13:30.601root 11241100x8000000000000000701874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf0445e4aef3db42023-02-07 15:13:30.601root 11241100x8000000000000000701873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ec09bb49686dc62023-02-07 15:13:30.601root 11241100x8000000000000000701872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55577c0395401ad2023-02-07 15:13:30.601root 11241100x8000000000000000701884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc301671a641fdf2023-02-07 15:13:30.602root 11241100x8000000000000000701883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287263b237efaa3e2023-02-07 15:13:30.602root 11241100x8000000000000000701889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d476e6b6a11b582023-02-07 15:13:30.603root 11241100x8000000000000000701888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1328801a90a154982023-02-07 15:13:30.603root 11241100x8000000000000000701887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d9c9ca2a2d97232023-02-07 15:13:30.603root 11241100x8000000000000000701886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e33d710244dbab12023-02-07 15:13:30.603root 11241100x8000000000000000701885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6297f231e1676f122023-02-07 15:13:30.603root 11241100x8000000000000000701896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f3e458728be3172023-02-07 15:13:30.604root 11241100x8000000000000000701895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18fb5cce3dc48302023-02-07 15:13:30.604root 11241100x8000000000000000701894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff346e8cfbed25a2023-02-07 15:13:30.604root 11241100x8000000000000000701893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e31aef84dd6a9422023-02-07 15:13:30.604root 11241100x8000000000000000701892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaafd6006169ccdf2023-02-07 15:13:30.604root 11241100x8000000000000000701891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90b5b40a050836c2023-02-07 15:13:30.604root 11241100x8000000000000000701890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e88bbc9ef84e8a2023-02-07 15:13:30.604root 11241100x8000000000000000701900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7874fe817ab6b752023-02-07 15:13:30.605root 11241100x8000000000000000701899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d9c84069a91b562023-02-07 15:13:30.605root 11241100x8000000000000000701898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6e40b3c07aa2102023-02-07 15:13:30.605root 11241100x8000000000000000701897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.605{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a9403613c789452023-02-07 15:13:30.605root 11241100x8000000000000000701907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9dfee76d5a96302023-02-07 15:13:30.607root 11241100x8000000000000000701906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c7b8abe76b420a2023-02-07 15:13:30.607root 11241100x8000000000000000701905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d281634256b3402023-02-07 15:13:30.607root 11241100x8000000000000000701904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8f0fa966be89802023-02-07 15:13:30.607root 11241100x8000000000000000701903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e46a934b3f9be02023-02-07 15:13:30.607root 11241100x8000000000000000701902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea92a152e31dae522023-02-07 15:13:30.607root 11241100x8000000000000000701901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.607{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd3afa0abfd12252023-02-07 15:13:30.607root 11241100x8000000000000000701909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.608{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d655629b8585532023-02-07 15:13:30.608root 11241100x8000000000000000701908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.608{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa46ba466d738e22023-02-07 15:13:30.608root 11241100x8000000000000000701911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.609{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b5d792a466ae802023-02-07 15:13:30.609root 11241100x8000000000000000701910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.609{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3950772ec16dea472023-02-07 15:13:30.609root 11241100x8000000000000000701915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.610{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbc473ef02b86bd2023-02-07 15:13:30.610root 11241100x8000000000000000701914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.610{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069b417d8a9649372023-02-07 15:13:30.610root 11241100x8000000000000000701913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.610{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f1f0a90ad8b0452023-02-07 15:13:30.610root 11241100x8000000000000000701912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.610{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db65effee83cfd02023-02-07 15:13:30.610root 11241100x8000000000000000701919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.611{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfacb1c4dc911a52023-02-07 15:13:30.611root 11241100x8000000000000000701918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.611{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc6a79575e070de2023-02-07 15:13:30.611root 11241100x8000000000000000701917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.611{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69108c93fe93bbb42023-02-07 15:13:30.611root 11241100x8000000000000000701916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.611{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1e79abfc54e5222023-02-07 15:13:30.611root 11241100x8000000000000000701922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.612{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0eb3ff855a70b02023-02-07 15:13:30.612root 11241100x8000000000000000701921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.612{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226fc7a5c34c37632023-02-07 15:13:30.612root 11241100x8000000000000000701920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.612{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258b053829a2a4dc2023-02-07 15:13:30.612root 11241100x8000000000000000701925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e772db48e99c8bfa2023-02-07 15:13:30.613root 11241100x8000000000000000701924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba17107818f73e72023-02-07 15:13:30.613root 11241100x8000000000000000701923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c04c24ea3c84c442023-02-07 15:13:30.613root 11241100x8000000000000000701928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.614{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7a27caca008eec2023-02-07 15:13:30.614root 11241100x8000000000000000701927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.614{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421dac7d19aec6072023-02-07 15:13:30.614root 11241100x8000000000000000701926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.614{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7a74077f81bba92023-02-07 15:13:30.614root 11241100x8000000000000000701930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.615{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9579ecaf8618702023-02-07 15:13:30.615root 11241100x8000000000000000701929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.615{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d16f31ea2787392023-02-07 15:13:30.615root 11241100x8000000000000000701933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.616{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e2d59ac4243832023-02-07 15:13:30.616root 11241100x8000000000000000701932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.616{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d03500a12a9f39f2023-02-07 15:13:30.616root 11241100x8000000000000000701931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.616{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d24a844f78805152023-02-07 15:13:30.616root 11241100x8000000000000000701938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.617{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898ad54ca5ba3b492023-02-07 15:13:30.617root 11241100x8000000000000000701937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.617{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceca48d65c7191b02023-02-07 15:13:30.617root 11241100x8000000000000000701936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.617{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4c9d6a001926d82023-02-07 15:13:30.617root 11241100x8000000000000000701935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.617{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2173564d71fafb542023-02-07 15:13:30.617root 11241100x8000000000000000701934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.617{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eda80527249d3e2023-02-07 15:13:30.617root 11241100x8000000000000000701941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.618{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a074624d3fc832c2023-02-07 15:13:30.618root 11241100x8000000000000000701940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.618{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa1af71e0e3d782023-02-07 15:13:30.618root 11241100x8000000000000000701939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:30.618{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f38f48db9b7697a2023-02-07 15:13:30.618root 354300x8000000000000000701942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.047{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48526-false10.0.1.12-8000- 11241100x8000000000000000701945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e893c9aba665ca6a2023-02-07 15:13:31.048root 11241100x8000000000000000701944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944e790fa67325792023-02-07 15:13:31.048root 11241100x8000000000000000701943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1e3c849e1d4b6c2023-02-07 15:13:31.048root 11241100x8000000000000000701961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fe106bec3169012023-02-07 15:13:31.049root 11241100x8000000000000000701960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2292a1026068ba2023-02-07 15:13:31.049root 11241100x8000000000000000701959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e89750eccc7f7392023-02-07 15:13:31.049root 11241100x8000000000000000701958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5832918a524e2ae62023-02-07 15:13:31.049root 11241100x8000000000000000701957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c240d44b6b27e52023-02-07 15:13:31.049root 11241100x8000000000000000701956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dcaa7ecb8ec9312023-02-07 15:13:31.049root 11241100x8000000000000000701955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a3f01f4223555e2023-02-07 15:13:31.049root 11241100x8000000000000000701954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e4afac955e7c4f2023-02-07 15:13:31.049root 11241100x8000000000000000701953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c9b704030a1ab92023-02-07 15:13:31.049root 11241100x8000000000000000701952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee969485d5639912023-02-07 15:13:31.049root 11241100x8000000000000000701951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737318b2ffa8000b2023-02-07 15:13:31.049root 11241100x8000000000000000701950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c61eaa95b30942023-02-07 15:13:31.049root 11241100x8000000000000000701949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8853c4ba2b6de12023-02-07 15:13:31.049root 11241100x8000000000000000701948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b9ef13d32d07822023-02-07 15:13:31.049root 11241100x8000000000000000701947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b4c3ba7d0390522023-02-07 15:13:31.049root 11241100x8000000000000000701946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977084331b1554be2023-02-07 15:13:31.049root 11241100x8000000000000000701978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b13cd1542107292023-02-07 15:13:31.050root 11241100x8000000000000000701977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1addcbe5c6d391472023-02-07 15:13:31.050root 11241100x8000000000000000701976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab1bdfb80f1b22f2023-02-07 15:13:31.050root 11241100x8000000000000000701975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3857ab23fe7a982023-02-07 15:13:31.050root 11241100x8000000000000000701974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a799d6803990c6b2023-02-07 15:13:31.050root 11241100x8000000000000000701973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a7313532ccfcf2023-02-07 15:13:31.050root 11241100x8000000000000000701972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0977d30862dce42023-02-07 15:13:31.050root 11241100x8000000000000000701971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613b9cbd46afe5f62023-02-07 15:13:31.050root 11241100x8000000000000000701970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bf02ed836303b12023-02-07 15:13:31.050root 11241100x8000000000000000701969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b729ab0acbbb6d602023-02-07 15:13:31.050root 11241100x8000000000000000701968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95df86d97429bea2023-02-07 15:13:31.050root 11241100x8000000000000000701967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7219022a426f44662023-02-07 15:13:31.050root 11241100x8000000000000000701966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f097f0fd49d2de52023-02-07 15:13:31.050root 11241100x8000000000000000701965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1963b299cadbba232023-02-07 15:13:31.050root 11241100x8000000000000000701964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1539092d7bfe473a2023-02-07 15:13:31.050root 11241100x8000000000000000701963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0635ee1013b21b2023-02-07 15:13:31.050root 11241100x8000000000000000701962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3debe824c29584ed2023-02-07 15:13:31.050root 11241100x8000000000000000701985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad9b77902e56212023-02-07 15:13:31.051root 11241100x8000000000000000701984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e03ad86d7f4ea2023-02-07 15:13:31.051root 11241100x8000000000000000701983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d27cc073bb15f2023-02-07 15:13:31.051root 11241100x8000000000000000701982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fabfe2f710585d2023-02-07 15:13:31.051root 11241100x8000000000000000701981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7281b1780cc9b2582023-02-07 15:13:31.051root 11241100x8000000000000000701980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5697891dcec9582023-02-07 15:13:31.051root 11241100x8000000000000000701979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958f69a648060b062023-02-07 15:13:31.051root 11241100x8000000000000000701993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b769e012f8c2478a2023-02-07 15:13:31.052root 11241100x8000000000000000701992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b37c44c6dc6d7d2023-02-07 15:13:31.052root 11241100x8000000000000000701991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06b04090088bb782023-02-07 15:13:31.052root 11241100x8000000000000000701990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee36ff3ceb743d112023-02-07 15:13:31.052root 11241100x8000000000000000701989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7a6994d723e9a52023-02-07 15:13:31.052root 11241100x8000000000000000701988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7152ccb5d2c6942023-02-07 15:13:31.052root 11241100x8000000000000000701987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7bfab9138062d72023-02-07 15:13:31.052root 11241100x8000000000000000701986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880ea6e65bd4c2a72023-02-07 15:13:31.052root 11241100x8000000000000000701996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88a4eb506e2c0122023-02-07 15:13:31.345root 11241100x8000000000000000701995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1377aae4747ff52023-02-07 15:13:31.345root 11241100x8000000000000000701994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da213db99c1916632023-02-07 15:13:31.345root 11241100x8000000000000000702011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22a9473590c34982023-02-07 15:13:31.346root 11241100x8000000000000000702010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a2612f4b4d788c2023-02-07 15:13:31.346root 11241100x8000000000000000702009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3dceb0e0a497ea2023-02-07 15:13:31.346root 11241100x8000000000000000702008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077128fcbea173b32023-02-07 15:13:31.346root 11241100x8000000000000000702007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2616588358ec5fb32023-02-07 15:13:31.346root 11241100x8000000000000000702006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f9029fbb0c3d72023-02-07 15:13:31.346root 11241100x8000000000000000702005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dcbf915e1027de2023-02-07 15:13:31.346root 11241100x8000000000000000702004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3159d6a5e1fed52023-02-07 15:13:31.346root 11241100x8000000000000000702003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184b023cb2d0d922023-02-07 15:13:31.346root 11241100x8000000000000000702002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6a63f14198b2e02023-02-07 15:13:31.346root 11241100x8000000000000000702001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adba62e912afbf0d2023-02-07 15:13:31.346root 11241100x8000000000000000702000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8b9f58136090862023-02-07 15:13:31.346root 11241100x8000000000000000701999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd523f00ccd073c2023-02-07 15:13:31.346root 11241100x8000000000000000701998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c6a5309220502e2023-02-07 15:13:31.346root 11241100x8000000000000000701997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bc09e8d59929882023-02-07 15:13:31.346root 11241100x8000000000000000702022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e473a0f07c6d0b2023-02-07 15:13:31.347root 11241100x8000000000000000702021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c87cc7d77836222023-02-07 15:13:31.347root 11241100x8000000000000000702020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82286c579d7213502023-02-07 15:13:31.347root 11241100x8000000000000000702019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd640afd98deb952023-02-07 15:13:31.347root 11241100x8000000000000000702018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cfb842c4e29f072023-02-07 15:13:31.347root 11241100x8000000000000000702017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a1c40b016787902023-02-07 15:13:31.347root 11241100x8000000000000000702016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd2505feb8c2cde2023-02-07 15:13:31.347root 11241100x8000000000000000702015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668322d19178fda82023-02-07 15:13:31.347root 11241100x8000000000000000702014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab20f77ae3bd420f2023-02-07 15:13:31.347root 11241100x8000000000000000702013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3481bb9c4a400262023-02-07 15:13:31.347root 11241100x8000000000000000702012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36886ac325ed4d632023-02-07 15:13:31.347root 11241100x8000000000000000702033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea8a04bb22476e92023-02-07 15:13:31.348root 11241100x8000000000000000702032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce9550f4914948d2023-02-07 15:13:31.348root 11241100x8000000000000000702031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b391eb633ff423c52023-02-07 15:13:31.348root 11241100x8000000000000000702030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899a3b24db214c142023-02-07 15:13:31.348root 11241100x8000000000000000702029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403c050d03a26cfa2023-02-07 15:13:31.348root 11241100x8000000000000000702028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72155b70f07ce9ed2023-02-07 15:13:31.348root 11241100x8000000000000000702027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7097a10f10490d702023-02-07 15:13:31.348root 11241100x8000000000000000702026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031914448fdd0f692023-02-07 15:13:31.348root 11241100x8000000000000000702025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ce120a0b1f2e0d2023-02-07 15:13:31.348root 11241100x8000000000000000702024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e1aa613b253ae62023-02-07 15:13:31.348root 11241100x8000000000000000702023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a6db7a12f69672023-02-07 15:13:31.348root 11241100x8000000000000000702040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29684526df781a0d2023-02-07 15:13:31.845root 11241100x8000000000000000702039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9576d310ddeb5b1e2023-02-07 15:13:31.845root 11241100x8000000000000000702038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fe25486f7fbd562023-02-07 15:13:31.845root 11241100x8000000000000000702037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721440400ab74efa2023-02-07 15:13:31.845root 11241100x8000000000000000702036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487610b02b853ed62023-02-07 15:13:31.845root 11241100x8000000000000000702035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a2664b2bbe22742023-02-07 15:13:31.845root 11241100x8000000000000000702034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adcbeef4c8103622023-02-07 15:13:31.845root 11241100x8000000000000000702054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd8fd672fc2cdae2023-02-07 15:13:31.846root 11241100x8000000000000000702053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90f2b2b6ea23e62023-02-07 15:13:31.846root 11241100x8000000000000000702052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7356156feaf1c452023-02-07 15:13:31.846root 11241100x8000000000000000702051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dbd9c0269618112023-02-07 15:13:31.846root 11241100x8000000000000000702050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3866e81d1026d21d2023-02-07 15:13:31.846root 11241100x8000000000000000702049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c94950d8160fd52023-02-07 15:13:31.846root 11241100x8000000000000000702048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a888c0f966dca82023-02-07 15:13:31.846root 11241100x8000000000000000702047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad75bdcf8b1d53b2023-02-07 15:13:31.846root 11241100x8000000000000000702046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc14be9d4968202023-02-07 15:13:31.846root 11241100x8000000000000000702045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0081c8dcd9c834aa2023-02-07 15:13:31.846root 11241100x8000000000000000702044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3610daacdd950702023-02-07 15:13:31.846root 11241100x8000000000000000702043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91bf6feb623465d2023-02-07 15:13:31.846root 11241100x8000000000000000702042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed8c995a09f4b172023-02-07 15:13:31.846root 11241100x8000000000000000702041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecd16e57ba4db5f2023-02-07 15:13:31.846root 11241100x8000000000000000702060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a571e7069ca2b1b62023-02-07 15:13:31.847root 11241100x8000000000000000702059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628fd6907453254e2023-02-07 15:13:31.847root 11241100x8000000000000000702058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac22b16fd1ede96b2023-02-07 15:13:31.847root 11241100x8000000000000000702057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fa5023a2b5cd4a2023-02-07 15:13:31.847root 11241100x8000000000000000702056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b32838aeead3ca62023-02-07 15:13:31.847root 11241100x8000000000000000702055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c24281c43cfde2023-02-07 15:13:31.847root 11241100x8000000000000000702066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f869b23a367046f42023-02-07 15:13:31.848root 11241100x8000000000000000702065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a71803ea24c12252023-02-07 15:13:31.848root 11241100x8000000000000000702064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ae581f820605de2023-02-07 15:13:31.848root 11241100x8000000000000000702063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bef2bd395776d32023-02-07 15:13:31.848root 11241100x8000000000000000702062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31253a06c89f0caa2023-02-07 15:13:31.848root 11241100x8000000000000000702061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37075702887532bf2023-02-07 15:13:31.848root 11241100x8000000000000000702075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529895965ed618de2023-02-07 15:13:31.849root 11241100x8000000000000000702074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a5aa291c4d29c22023-02-07 15:13:31.849root 11241100x8000000000000000702073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd7f4b2d4daab052023-02-07 15:13:31.849root 11241100x8000000000000000702072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6822b0b69655fbf02023-02-07 15:13:31.849root 11241100x8000000000000000702071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2133e3767a25059a2023-02-07 15:13:31.849root 11241100x8000000000000000702070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1aa454621b13712023-02-07 15:13:31.849root 11241100x8000000000000000702069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c51ff928805db12023-02-07 15:13:31.849root 11241100x8000000000000000702068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926de834135322df2023-02-07 15:13:31.849root 11241100x8000000000000000702067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bbe4cc1ce815292023-02-07 15:13:31.849root 11241100x8000000000000000702080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a38ac0a9cb74e42023-02-07 15:13:31.850root 11241100x8000000000000000702079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d5a5ed75a3a7ad2023-02-07 15:13:31.850root 11241100x8000000000000000702078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b510f2724e11ae2023-02-07 15:13:31.850root 11241100x8000000000000000702077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c228a0ffdac69582023-02-07 15:13:31.850root 11241100x8000000000000000702076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881fdcf2fe7cc3be2023-02-07 15:13:31.850root 11241100x8000000000000000702089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f830607035cc9e5a2023-02-07 15:13:31.851root 11241100x8000000000000000702088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044c89d07974383a2023-02-07 15:13:31.851root 11241100x8000000000000000702087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaa902546cd213c2023-02-07 15:13:31.851root 11241100x8000000000000000702086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed285416e8f4afd42023-02-07 15:13:31.851root 11241100x8000000000000000702085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deed50a7ef00f02b2023-02-07 15:13:31.851root 11241100x8000000000000000702084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89029b0942ead38e2023-02-07 15:13:31.851root 11241100x8000000000000000702083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819b3485e958e4652023-02-07 15:13:31.851root 11241100x8000000000000000702082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978ba818efb577f42023-02-07 15:13:31.851root 11241100x8000000000000000702081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d7e83cd4f25682023-02-07 15:13:31.851root 11241100x8000000000000000702094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e247355dc6e2df152023-02-07 15:13:31.852root 11241100x8000000000000000702093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22b003ec6eaaf5f2023-02-07 15:13:31.852root 11241100x8000000000000000702092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b5a2820bc8a302023-02-07 15:13:31.852root 11241100x8000000000000000702091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3befb83d54fb3f92023-02-07 15:13:31.852root 11241100x8000000000000000702090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:31.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865a0d17b88ee9d82023-02-07 15:13:31.852root 11241100x8000000000000000702099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0ef812de3cb1e92023-02-07 15:13:32.345root 11241100x8000000000000000702098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de2d58af138aaa2023-02-07 15:13:32.345root 11241100x8000000000000000702097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c405b88f5c24c5cd2023-02-07 15:13:32.345root 11241100x8000000000000000702096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbf3250ae14c7f62023-02-07 15:13:32.345root 11241100x8000000000000000702095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea85c91e6c29be992023-02-07 15:13:32.345root 11241100x8000000000000000702106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d726a4d9f6ce4c542023-02-07 15:13:32.346root 11241100x8000000000000000702105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a704fcf884e3e52023-02-07 15:13:32.346root 11241100x8000000000000000702104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c936da8f97ecfcd82023-02-07 15:13:32.346root 11241100x8000000000000000702103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90381a5fd9f461672023-02-07 15:13:32.346root 11241100x8000000000000000702102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c668a38c4a00252023-02-07 15:13:32.346root 11241100x8000000000000000702101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1507f8494e07df2023-02-07 15:13:32.346root 11241100x8000000000000000702100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af07d9db5d51ba12023-02-07 15:13:32.346root 11241100x8000000000000000702112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c9fa8fa55e2302023-02-07 15:13:32.347root 11241100x8000000000000000702111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dfbcca10e680062023-02-07 15:13:32.347root 11241100x8000000000000000702110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ec8a414edebccc2023-02-07 15:13:32.347root 11241100x8000000000000000702109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901f2cfa656454dc2023-02-07 15:13:32.347root 11241100x8000000000000000702108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94938aa078e4cfe2023-02-07 15:13:32.347root 11241100x8000000000000000702107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8095cea0d841b9d92023-02-07 15:13:32.347root 11241100x8000000000000000702127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c3e7305c18b5512023-02-07 15:13:32.348root 11241100x8000000000000000702126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b0945f3a935f22023-02-07 15:13:32.348root 11241100x8000000000000000702125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745f7dfe51aa21a32023-02-07 15:13:32.348root 11241100x8000000000000000702124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dae35003d7aa8e2023-02-07 15:13:32.348root 11241100x8000000000000000702123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f74e8e63ffb07332023-02-07 15:13:32.348root 11241100x8000000000000000702122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa0e488765c93062023-02-07 15:13:32.348root 11241100x8000000000000000702121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e9e74529a953132023-02-07 15:13:32.348root 11241100x8000000000000000702120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22f380758efe0092023-02-07 15:13:32.348root 11241100x8000000000000000702119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbfb827a192b8702023-02-07 15:13:32.348root 11241100x8000000000000000702118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ee22310ec2af182023-02-07 15:13:32.348root 11241100x8000000000000000702117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0abe0e75e92ec612023-02-07 15:13:32.348root 11241100x8000000000000000702116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd6fd2ae9acb1f2023-02-07 15:13:32.348root 11241100x8000000000000000702115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f7c1c6ae912ffc2023-02-07 15:13:32.348root 11241100x8000000000000000702114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09217b48d6e6a1692023-02-07 15:13:32.348root 11241100x8000000000000000702113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489af9e60871680c2023-02-07 15:13:32.348root 11241100x8000000000000000702134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420f95dfe3ea7ad52023-02-07 15:13:32.349root 11241100x8000000000000000702133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355902e3ef98f1e42023-02-07 15:13:32.349root 11241100x8000000000000000702132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0532d605d1d18ce82023-02-07 15:13:32.349root 11241100x8000000000000000702131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381af7140f71a1432023-02-07 15:13:32.349root 11241100x8000000000000000702130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7906e76d3a8e302a2023-02-07 15:13:32.349root 11241100x8000000000000000702129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e062087cdd410c2023-02-07 15:13:32.349root 11241100x8000000000000000702128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22d1fde94d8451c2023-02-07 15:13:32.349root 11241100x8000000000000000702140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52269f9923a5fc2023-02-07 15:13:32.350root 11241100x8000000000000000702139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab7f78edcf2d6892023-02-07 15:13:32.350root 11241100x8000000000000000702138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddad6522677e31e2023-02-07 15:13:32.350root 11241100x8000000000000000702137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d78a0056c9518812023-02-07 15:13:32.350root 11241100x8000000000000000702136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5678cdeddd08d76c2023-02-07 15:13:32.350root 11241100x8000000000000000702135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce03e765f0e4312023-02-07 15:13:32.350root 11241100x8000000000000000702146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e56a5e358ddb332023-02-07 15:13:32.351root 11241100x8000000000000000702145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7379d21af6a6d19c2023-02-07 15:13:32.351root 11241100x8000000000000000702144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d8310cf52ea0d2023-02-07 15:13:32.351root 11241100x8000000000000000702143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a3263689e77cbc2023-02-07 15:13:32.351root 11241100x8000000000000000702142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e02eda2e670cd2023-02-07 15:13:32.351root 11241100x8000000000000000702141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c0a904d35d036a2023-02-07 15:13:32.351root 11241100x8000000000000000702154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39685b24cda4edc52023-02-07 15:13:32.846root 11241100x8000000000000000702153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c32e07044be79982023-02-07 15:13:32.846root 11241100x8000000000000000702152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbf43719370b7c32023-02-07 15:13:32.846root 11241100x8000000000000000702151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2711b8822503b62023-02-07 15:13:32.846root 11241100x8000000000000000702150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffa19cfae6a646b2023-02-07 15:13:32.846root 11241100x8000000000000000702149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf21c2ae51ff6a22023-02-07 15:13:32.846root 11241100x8000000000000000702148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06603c2f447b35b2023-02-07 15:13:32.846root 11241100x8000000000000000702147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641b9ce4c0216d212023-02-07 15:13:32.846root 11241100x8000000000000000702162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fa2906c1258ff52023-02-07 15:13:32.847root 11241100x8000000000000000702161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae550a7bb9524b62023-02-07 15:13:32.847root 11241100x8000000000000000702160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27af9115314ec92a2023-02-07 15:13:32.847root 11241100x8000000000000000702159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aa4f47b8456cdf2023-02-07 15:13:32.847root 11241100x8000000000000000702158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508117c8adfa0a92023-02-07 15:13:32.847root 11241100x8000000000000000702157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe6731f67c0dd92023-02-07 15:13:32.847root 11241100x8000000000000000702156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a97a7c8c54b86492023-02-07 15:13:32.847root 11241100x8000000000000000702155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199bab9369d08ba32023-02-07 15:13:32.847root 11241100x8000000000000000702177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc14bcd65f042d92023-02-07 15:13:32.848root 11241100x8000000000000000702176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649bf5a9e13573942023-02-07 15:13:32.848root 11241100x8000000000000000702175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d828c6a8f30db02023-02-07 15:13:32.848root 11241100x8000000000000000702174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e916081e5a7f5082023-02-07 15:13:32.848root 11241100x8000000000000000702173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266b64790e94f1e62023-02-07 15:13:32.848root 11241100x8000000000000000702172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa83f556604a8d82023-02-07 15:13:32.848root 11241100x8000000000000000702171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ed2c9f49d764002023-02-07 15:13:32.848root 11241100x8000000000000000702170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89a1cb67852dd252023-02-07 15:13:32.848root 11241100x8000000000000000702169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3eb2b05a78266a2023-02-07 15:13:32.848root 11241100x8000000000000000702168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aa9b448c287af72023-02-07 15:13:32.848root 11241100x8000000000000000702167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df9fc5c27dfcc242023-02-07 15:13:32.848root 11241100x8000000000000000702166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304c9ee1137053d42023-02-07 15:13:32.848root 11241100x8000000000000000702165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16763a4f908f1e562023-02-07 15:13:32.848root 11241100x8000000000000000702164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec902b4c92f00002023-02-07 15:13:32.848root 11241100x8000000000000000702163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4139128dbcf0a62023-02-07 15:13:32.848root 11241100x8000000000000000702183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc842afeb50e56e2023-02-07 15:13:32.849root 11241100x8000000000000000702182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6edee5ea2f38d102023-02-07 15:13:32.849root 11241100x8000000000000000702181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be21446d90bee3922023-02-07 15:13:32.849root 11241100x8000000000000000702180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a7c9b481e2c4122023-02-07 15:13:32.849root 11241100x8000000000000000702179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d779b518be1f6dd2023-02-07 15:13:32.849root 11241100x8000000000000000702178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:32.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a833e4b06675a582023-02-07 15:13:32.849root 11241100x8000000000000000702192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aadabf65a35dc32023-02-07 15:13:33.346root 11241100x8000000000000000702191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3a32b4abefdc362023-02-07 15:13:33.346root 11241100x8000000000000000702190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8417bf60442da1eb2023-02-07 15:13:33.346root 11241100x8000000000000000702189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1ba0dad2170c52023-02-07 15:13:33.346root 11241100x8000000000000000702188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031898d5aef650112023-02-07 15:13:33.346root 11241100x8000000000000000702187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbaabb4248986cd2023-02-07 15:13:33.346root 11241100x8000000000000000702186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d58cb6c860fba9e2023-02-07 15:13:33.346root 11241100x8000000000000000702185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7aad1f948ea3ea2023-02-07 15:13:33.346root 11241100x8000000000000000702184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77170a9ab253fac42023-02-07 15:13:33.346root 11241100x8000000000000000702206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7200493046117632023-02-07 15:13:33.347root 11241100x8000000000000000702205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e55f6632eaaafb2023-02-07 15:13:33.347root 11241100x8000000000000000702204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b111e0d7eadad72023-02-07 15:13:33.347root 11241100x8000000000000000702203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f75e2053e94b17e2023-02-07 15:13:33.347root 11241100x8000000000000000702202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24770f22294014002023-02-07 15:13:33.347root 11241100x8000000000000000702201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652a77171aee88e52023-02-07 15:13:33.347root 11241100x8000000000000000702200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbb902c70f0c5142023-02-07 15:13:33.347root 11241100x8000000000000000702199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03675018f349a1e2023-02-07 15:13:33.347root 11241100x8000000000000000702198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aacaf71cdda3f92023-02-07 15:13:33.347root 11241100x8000000000000000702197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b1a61d9a5477c42023-02-07 15:13:33.347root 11241100x8000000000000000702196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5dc9132969aed52023-02-07 15:13:33.347root 11241100x8000000000000000702195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5a36f500667fc52023-02-07 15:13:33.347root 11241100x8000000000000000702194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463477020da9d8082023-02-07 15:13:33.347root 11241100x8000000000000000702193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee7a23328d85e062023-02-07 15:13:33.347root 11241100x8000000000000000702222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a39650cf25a8d162023-02-07 15:13:33.348root 11241100x8000000000000000702221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253c28b21e57280a2023-02-07 15:13:33.348root 11241100x8000000000000000702220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d2e9b03817481b2023-02-07 15:13:33.348root 11241100x8000000000000000702219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdc7aa90030f5f12023-02-07 15:13:33.348root 11241100x8000000000000000702218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485c3214ba4a4b9c2023-02-07 15:13:33.348root 11241100x8000000000000000702217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6ac6049ebfbdab2023-02-07 15:13:33.348root 11241100x8000000000000000702216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c208868e123907852023-02-07 15:13:33.348root 11241100x8000000000000000702215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480f5b8fbcc231df2023-02-07 15:13:33.348root 11241100x8000000000000000702214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2d6cec19ba66592023-02-07 15:13:33.348root 11241100x8000000000000000702213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b582502a37e757e12023-02-07 15:13:33.348root 11241100x8000000000000000702212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9337b39666a8d82023-02-07 15:13:33.348root 11241100x8000000000000000702211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb28921ea3e56dbd2023-02-07 15:13:33.348root 11241100x8000000000000000702210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02a69c8e949c6562023-02-07 15:13:33.348root 11241100x8000000000000000702209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a229622261e2a3a2023-02-07 15:13:33.348root 11241100x8000000000000000702208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13991897a403c62d2023-02-07 15:13:33.348root 11241100x8000000000000000702207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b00ee1215a27d9b2023-02-07 15:13:33.348root 11241100x8000000000000000702226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd1e12ad4d489e2023-02-07 15:13:33.349root 11241100x8000000000000000702225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed536538e12a4e212023-02-07 15:13:33.349root 11241100x8000000000000000702224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dc08bfa07325432023-02-07 15:13:33.349root 11241100x8000000000000000702223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5a9d4a08ea82b82023-02-07 15:13:33.349root 11241100x8000000000000000702228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766f343b379598f12023-02-07 15:13:33.845root 11241100x8000000000000000702227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c430501ee0ba30022023-02-07 15:13:33.845root 11241100x8000000000000000702244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae9181b4207ca52023-02-07 15:13:33.846root 11241100x8000000000000000702243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5699d1d55efb6de12023-02-07 15:13:33.846root 11241100x8000000000000000702242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c66e1a14e507a0f2023-02-07 15:13:33.846root 11241100x8000000000000000702241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505d01719c9a79a2023-02-07 15:13:33.846root 11241100x8000000000000000702240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511bdbf85902ebd52023-02-07 15:13:33.846root 11241100x8000000000000000702239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51378bb6eb02c9c32023-02-07 15:13:33.846root 11241100x8000000000000000702238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f380a7198877592023-02-07 15:13:33.846root 11241100x8000000000000000702237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af30b9898658bac2023-02-07 15:13:33.846root 11241100x8000000000000000702236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8662bec7e3dc3d32023-02-07 15:13:33.846root 11241100x8000000000000000702235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0173557f041674aa2023-02-07 15:13:33.846root 11241100x8000000000000000702234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e060a0d39b4a63452023-02-07 15:13:33.846root 11241100x8000000000000000702233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044abf22abaf8f402023-02-07 15:13:33.846root 11241100x8000000000000000702232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddc4288c66e3fb52023-02-07 15:13:33.846root 11241100x8000000000000000702231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dce559a29d611e2023-02-07 15:13:33.846root 11241100x8000000000000000702230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e6837942090c302023-02-07 15:13:33.846root 11241100x8000000000000000702229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3489860cfb4e8d2023-02-07 15:13:33.846root 11241100x8000000000000000702259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661d8cb486b49be12023-02-07 15:13:33.847root 11241100x8000000000000000702258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910afc9c721c80a72023-02-07 15:13:33.847root 11241100x8000000000000000702257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f087acca691730632023-02-07 15:13:33.847root 11241100x8000000000000000702256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db30eaf2df049c082023-02-07 15:13:33.847root 11241100x8000000000000000702255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5fc0fdc163f5282023-02-07 15:13:33.847root 11241100x8000000000000000702254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c3d97a2d3dedf02023-02-07 15:13:33.847root 11241100x8000000000000000702253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ac70e17bff64772023-02-07 15:13:33.847root 11241100x8000000000000000702252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ef7194a6c9bf9e2023-02-07 15:13:33.847root 11241100x8000000000000000702251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd7eb42828c721b2023-02-07 15:13:33.847root 11241100x8000000000000000702250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f0e8ae931da77c2023-02-07 15:13:33.847root 11241100x8000000000000000702249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939d6670d75b43f92023-02-07 15:13:33.847root 11241100x8000000000000000702248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffa92d83e3daae52023-02-07 15:13:33.847root 11241100x8000000000000000702247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2af4f175fde2f02023-02-07 15:13:33.847root 11241100x8000000000000000702246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485b61dbef5375d2023-02-07 15:13:33.847root 11241100x8000000000000000702245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655d96ea4214fbc32023-02-07 15:13:33.847root 11241100x8000000000000000702262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c5fa31e67932332023-02-07 15:13:33.848root 11241100x8000000000000000702261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353577d66115e4242023-02-07 15:13:33.848root 11241100x8000000000000000702260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d240bd1f0294f9a2023-02-07 15:13:33.848root 11241100x8000000000000000702278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8658ccd0ef9d3f2023-02-07 15:13:33.849root 11241100x8000000000000000702277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af15868dc90b44812023-02-07 15:13:33.849root 11241100x8000000000000000702276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91854785d71a35782023-02-07 15:13:33.849root 11241100x8000000000000000702275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c077121b9c2d1d62023-02-07 15:13:33.849root 11241100x8000000000000000702274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0912cae03d9a38af2023-02-07 15:13:33.849root 11241100x8000000000000000702273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe24ddc1ca9e4b012023-02-07 15:13:33.849root 11241100x8000000000000000702272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb5511297969d932023-02-07 15:13:33.849root 11241100x8000000000000000702271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96e48472fe2e4aa2023-02-07 15:13:33.849root 11241100x8000000000000000702270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b933b88cbdbd5ee2023-02-07 15:13:33.849root 11241100x8000000000000000702269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af50b6a310537362023-02-07 15:13:33.849root 11241100x8000000000000000702268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eff8d22765d241b2023-02-07 15:13:33.849root 11241100x8000000000000000702267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfdc8a6e9177c972023-02-07 15:13:33.849root 11241100x8000000000000000702266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97a3a223cab36662023-02-07 15:13:33.849root 11241100x8000000000000000702265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a620a87094b0012023-02-07 15:13:33.849root 11241100x8000000000000000702264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb601a5f0fa5f0822023-02-07 15:13:33.849root 11241100x8000000000000000702263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ba463bca04ea662023-02-07 15:13:33.849root 11241100x8000000000000000702282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433aefaa85131c1c2023-02-07 15:13:33.850root 11241100x8000000000000000702281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d32d4b2d3b70682023-02-07 15:13:33.850root 11241100x8000000000000000702280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b00e49f44e2081b2023-02-07 15:13:33.850root 11241100x8000000000000000702279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fad38886487791c2023-02-07 15:13:33.850root 11241100x8000000000000000702296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5378e209ea5c1e2023-02-07 15:13:33.851root 11241100x8000000000000000702295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9ebad73540dcda2023-02-07 15:13:33.851root 11241100x8000000000000000702294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f7c801747d0ee52023-02-07 15:13:33.851root 11241100x8000000000000000702293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6719d9d4eb5ead602023-02-07 15:13:33.851root 11241100x8000000000000000702292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4a1a97102cf7732023-02-07 15:13:33.851root 11241100x8000000000000000702291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25a86c3522a7dba2023-02-07 15:13:33.851root 11241100x8000000000000000702290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ca5dffd2b596ce2023-02-07 15:13:33.851root 11241100x8000000000000000702289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db8b1ee964c1e132023-02-07 15:13:33.851root 11241100x8000000000000000702288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dbb111ddd697db2023-02-07 15:13:33.851root 11241100x8000000000000000702287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c161fb961854fa12023-02-07 15:13:33.851root 11241100x8000000000000000702286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a640fad9e6df1f4c2023-02-07 15:13:33.851root 11241100x8000000000000000702285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef0ab0a2777d57a2023-02-07 15:13:33.851root 11241100x8000000000000000702284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa3293719437d82023-02-07 15:13:33.851root 11241100x8000000000000000702283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da7221e56943f042023-02-07 15:13:33.851root 11241100x8000000000000000702299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7c53bf200d54e42023-02-07 15:13:33.852root 11241100x8000000000000000702298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87732015db18a6f2023-02-07 15:13:33.852root 11241100x8000000000000000702297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:33.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43acbd5b7cc0082023-02-07 15:13:33.852root 11241100x8000000000000000702303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4d28d726b4abcc2023-02-07 15:13:34.345root 11241100x8000000000000000702302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059a0671133598522023-02-07 15:13:34.345root 11241100x8000000000000000702301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c02996a63716a772023-02-07 15:13:34.345root 11241100x8000000000000000702300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603a0262442020b72023-02-07 15:13:34.345root 11241100x8000000000000000702317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcf76a7e682ca272023-02-07 15:13:34.346root 11241100x8000000000000000702316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c0ce04f91589262023-02-07 15:13:34.346root 11241100x8000000000000000702315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c44b66f66013f12023-02-07 15:13:34.346root 11241100x8000000000000000702314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ea2a26fef3ca372023-02-07 15:13:34.346root 11241100x8000000000000000702313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6608f4301373b65d2023-02-07 15:13:34.346root 11241100x8000000000000000702312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beaf55bd16b722dc2023-02-07 15:13:34.346root 11241100x8000000000000000702311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2803c8b76fe2dafe2023-02-07 15:13:34.346root 11241100x8000000000000000702310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35df8b6400a74312023-02-07 15:13:34.346root 11241100x8000000000000000702309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6191e3d0aa065542023-02-07 15:13:34.346root 11241100x8000000000000000702308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71aeb6543f09e8f2023-02-07 15:13:34.346root 11241100x8000000000000000702307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6397f347e549ae9a2023-02-07 15:13:34.346root 11241100x8000000000000000702306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c6a5f0a356725c2023-02-07 15:13:34.346root 11241100x8000000000000000702305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b84ae94b7bb998c2023-02-07 15:13:34.346root 11241100x8000000000000000702304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539db2524f181faa2023-02-07 15:13:34.346root 11241100x8000000000000000702330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24ec5231665ac5c2023-02-07 15:13:34.347root 11241100x8000000000000000702329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26253794cf5acfe2023-02-07 15:13:34.347root 11241100x8000000000000000702328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb5080c334d5f412023-02-07 15:13:34.347root 11241100x8000000000000000702327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001468721a9e07d02023-02-07 15:13:34.347root 11241100x8000000000000000702326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48989b582ebcbd32023-02-07 15:13:34.347root 11241100x8000000000000000702325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261c80f2a0dbb6052023-02-07 15:13:34.347root 11241100x8000000000000000702324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe8ce1348c74e8e2023-02-07 15:13:34.347root 11241100x8000000000000000702323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90cff735a4c09902023-02-07 15:13:34.347root 11241100x8000000000000000702322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba66746ff2104fe2023-02-07 15:13:34.347root 11241100x8000000000000000702321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92aca543bd3f3bc2023-02-07 15:13:34.347root 11241100x8000000000000000702320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9bb97844aa45102023-02-07 15:13:34.347root 11241100x8000000000000000702319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b54f02da3191d52023-02-07 15:13:34.347root 11241100x8000000000000000702318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4ca4cca2bcf8102023-02-07 15:13:34.347root 11241100x8000000000000000702345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8601ccbd7f30a0f2023-02-07 15:13:34.348root 11241100x8000000000000000702344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71874d073c401e42023-02-07 15:13:34.348root 11241100x8000000000000000702343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748a2cabd55a743c2023-02-07 15:13:34.348root 11241100x8000000000000000702342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba20781ff1378a632023-02-07 15:13:34.348root 11241100x8000000000000000702341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b8301ad453f7b92023-02-07 15:13:34.348root 11241100x8000000000000000702340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb3d64ee98decdc2023-02-07 15:13:34.348root 11241100x8000000000000000702339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7249b65f4fb9262023-02-07 15:13:34.348root 11241100x8000000000000000702338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd08514f7d1980142023-02-07 15:13:34.348root 11241100x8000000000000000702337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30729dd8cff505802023-02-07 15:13:34.348root 11241100x8000000000000000702336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2589660148b76ec42023-02-07 15:13:34.348root 11241100x8000000000000000702335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fa08028330e7dd2023-02-07 15:13:34.348root 11241100x8000000000000000702334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073e4ee0b99e310d2023-02-07 15:13:34.348root 11241100x8000000000000000702333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f3a917e727424a2023-02-07 15:13:34.348root 11241100x8000000000000000702332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9c02c7189bd9b02023-02-07 15:13:34.348root 11241100x8000000000000000702331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7675f41be89bc8d2023-02-07 15:13:34.348root 11241100x8000000000000000702351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf148bc1546aa8d2023-02-07 15:13:34.845root 11241100x8000000000000000702350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b60f7f7d5f796ba2023-02-07 15:13:34.845root 11241100x8000000000000000702349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5763ca0916b81972023-02-07 15:13:34.845root 11241100x8000000000000000702348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8c3ba4b1eeec9e2023-02-07 15:13:34.845root 11241100x8000000000000000702347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ea36563d5fba502023-02-07 15:13:34.845root 11241100x8000000000000000702346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c1ad8aba9dfac22023-02-07 15:13:34.845root 11241100x8000000000000000702363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec96771302cd7a42023-02-07 15:13:34.846root 11241100x8000000000000000702362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07d6d2929a65542023-02-07 15:13:34.846root 11241100x8000000000000000702361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db5f5cf946fc1ee2023-02-07 15:13:34.846root 11241100x8000000000000000702360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a49a07e712d8e12023-02-07 15:13:34.846root 11241100x8000000000000000702359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c1e9d01c9303f2023-02-07 15:13:34.846root 11241100x8000000000000000702358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60342ec78b38e02c2023-02-07 15:13:34.846root 11241100x8000000000000000702357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99df12637517f7122023-02-07 15:13:34.846root 11241100x8000000000000000702356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03d7fcddb2d092a2023-02-07 15:13:34.846root 11241100x8000000000000000702355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553e99ced3b35f752023-02-07 15:13:34.846root 11241100x8000000000000000702354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcb2d0ff0535ff12023-02-07 15:13:34.846root 11241100x8000000000000000702353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a886369bdb3b62023-02-07 15:13:34.846root 11241100x8000000000000000702352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf966b66325760c2023-02-07 15:13:34.846root 11241100x8000000000000000702371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb52726b53e0ee9a2023-02-07 15:13:34.847root 11241100x8000000000000000702370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992f8411529726702023-02-07 15:13:34.847root 11241100x8000000000000000702369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bade0ca9ece97352023-02-07 15:13:34.847root 11241100x8000000000000000702368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88871b586c2c03f2023-02-07 15:13:34.847root 11241100x8000000000000000702367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3243b41bae355ce92023-02-07 15:13:34.847root 11241100x8000000000000000702366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6b44a27d0d4fb2023-02-07 15:13:34.847root 11241100x8000000000000000702365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad4a26886917272023-02-07 15:13:34.847root 11241100x8000000000000000702364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3710dffb7ebe16a62023-02-07 15:13:34.847root 11241100x8000000000000000702377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbedca9f99427982023-02-07 15:13:34.848root 11241100x8000000000000000702376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf82fbb8c07bdbee2023-02-07 15:13:34.848root 11241100x8000000000000000702375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6479f02d147f792023-02-07 15:13:34.848root 11241100x8000000000000000702374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df55c44eb565acd2023-02-07 15:13:34.848root 11241100x8000000000000000702373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366a38aa05fe9c682023-02-07 15:13:34.848root 11241100x8000000000000000702372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd992749de2b510e2023-02-07 15:13:34.848root 11241100x8000000000000000702385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e76dc27b0c79972023-02-07 15:13:34.849root 11241100x8000000000000000702384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b35085d1e4e1d22023-02-07 15:13:34.849root 11241100x8000000000000000702383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b85f8ed8b82f2b12023-02-07 15:13:34.849root 11241100x8000000000000000702382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c52ac26d7a93932023-02-07 15:13:34.849root 11241100x8000000000000000702381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b7d7cc0e7293b2023-02-07 15:13:34.849root 11241100x8000000000000000702380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6de7966f20b0f42023-02-07 15:13:34.849root 11241100x8000000000000000702379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e23516420d10bd82023-02-07 15:13:34.849root 11241100x8000000000000000702378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1424ccd05e3cfdb32023-02-07 15:13:34.849root 11241100x8000000000000000702401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84403d5a4cdf68822023-02-07 15:13:34.850root 11241100x8000000000000000702400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b2fde807f0c4052023-02-07 15:13:34.850root 11241100x8000000000000000702399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec1adf586848e682023-02-07 15:13:34.850root 11241100x8000000000000000702398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7f19f53f8ffceb2023-02-07 15:13:34.850root 11241100x8000000000000000702397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ac45b3052a16bc2023-02-07 15:13:34.850root 11241100x8000000000000000702396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1903b6c0002e7f2023-02-07 15:13:34.850root 11241100x8000000000000000702395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742332b8a60f2822023-02-07 15:13:34.850root 11241100x8000000000000000702394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4621d84449b509f2023-02-07 15:13:34.850root 11241100x8000000000000000702393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107c4d5a5760202a2023-02-07 15:13:34.850root 11241100x8000000000000000702392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112facb4493f43fb2023-02-07 15:13:34.850root 11241100x8000000000000000702391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec97e18a75512a72023-02-07 15:13:34.850root 11241100x8000000000000000702390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c538eb3b8708a12023-02-07 15:13:34.850root 11241100x8000000000000000702389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a4f616ad8a9762023-02-07 15:13:34.850root 11241100x8000000000000000702388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5705a667c434ed2023-02-07 15:13:34.850root 11241100x8000000000000000702387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f98c4faeaa65d4b2023-02-07 15:13:34.850root 11241100x8000000000000000702386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a74531bd5dbc48f2023-02-07 15:13:34.850root 11241100x8000000000000000702407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cf7516bf1610d72023-02-07 15:13:34.851root 11241100x8000000000000000702406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee7b4a94efccdce2023-02-07 15:13:34.851root 11241100x8000000000000000702405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1541659448e6fb2023-02-07 15:13:34.851root 11241100x8000000000000000702404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12d314e3af1d7cd2023-02-07 15:13:34.851root 11241100x8000000000000000702403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b064f941859b3efd2023-02-07 15:13:34.851root 11241100x8000000000000000702402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cb9f674db74c352023-02-07 15:13:34.851root 11241100x8000000000000000702409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a30c85a971280b82023-02-07 15:13:35.345root 11241100x8000000000000000702408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2e4db69a2f68132023-02-07 15:13:35.345root 11241100x8000000000000000702414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6445e709e47341202023-02-07 15:13:35.346root 11241100x8000000000000000702413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af87947a435fe02023-02-07 15:13:35.346root 11241100x8000000000000000702412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21305393eb306eff2023-02-07 15:13:35.346root 11241100x8000000000000000702411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5524ed3e2a11f0672023-02-07 15:13:35.346root 11241100x8000000000000000702410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2910273fa42c7372023-02-07 15:13:35.346root 11241100x8000000000000000702422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec733e13d2658682023-02-07 15:13:35.347root 11241100x8000000000000000702421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3537fa16d9bdc3012023-02-07 15:13:35.347root 11241100x8000000000000000702420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb21a44c7422249a2023-02-07 15:13:35.347root 11241100x8000000000000000702419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723a1057f76c42772023-02-07 15:13:35.347root 11241100x8000000000000000702418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8c6303d72154d62023-02-07 15:13:35.347root 11241100x8000000000000000702417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e407274f5171cb2023-02-07 15:13:35.347root 11241100x8000000000000000702416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94406e4f2dc52a82023-02-07 15:13:35.347root 11241100x8000000000000000702415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70228b14130769352023-02-07 15:13:35.347root 11241100x8000000000000000702432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509cc5493a8d72ae2023-02-07 15:13:35.348root 11241100x8000000000000000702431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776b9efefd7f89792023-02-07 15:13:35.348root 11241100x8000000000000000702430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c286ac9042a38e2023-02-07 15:13:35.348root 11241100x8000000000000000702429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadaf7b37393d6e32023-02-07 15:13:35.348root 11241100x8000000000000000702428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f14ba5b72a57ca2023-02-07 15:13:35.348root 11241100x8000000000000000702427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f047db501dd9caa2023-02-07 15:13:35.348root 11241100x8000000000000000702426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbbe4120662a8e12023-02-07 15:13:35.348root 11241100x8000000000000000702425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113bd8dff925714d2023-02-07 15:13:35.348root 11241100x8000000000000000702424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370119209febb80b2023-02-07 15:13:35.348root 11241100x8000000000000000702423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69b2c03c81e708d2023-02-07 15:13:35.348root 11241100x8000000000000000702437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f23b5868c470ae2023-02-07 15:13:35.349root 11241100x8000000000000000702436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b4fdeaa3bbcae12023-02-07 15:13:35.349root 11241100x8000000000000000702435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e01b1946cf033c2023-02-07 15:13:35.349root 11241100x8000000000000000702434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067f4db2c596aca82023-02-07 15:13:35.349root 11241100x8000000000000000702433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81df4d0a29aadf12023-02-07 15:13:35.349root 11241100x8000000000000000702445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a25f795ca18230e2023-02-07 15:13:35.350root 11241100x8000000000000000702444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91df83f88af1ed922023-02-07 15:13:35.350root 11241100x8000000000000000702443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c100c5582945372023-02-07 15:13:35.350root 11241100x8000000000000000702442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a12f3222c90bc072023-02-07 15:13:35.350root 11241100x8000000000000000702441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3770c0a31e5af5ff2023-02-07 15:13:35.350root 11241100x8000000000000000702440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9b09f5d373750c2023-02-07 15:13:35.350root 11241100x8000000000000000702439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0242630b8c7f012023-02-07 15:13:35.350root 11241100x8000000000000000702438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2531762b85e3a8382023-02-07 15:13:35.350root 11241100x8000000000000000702448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed9fdf93e49fae82023-02-07 15:13:35.351root 11241100x8000000000000000702447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041f1b4574c2477d2023-02-07 15:13:35.351root 11241100x8000000000000000702446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:35.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39959c9fadd3fd822023-02-07 15:13:35.351root 354300x8000000000000000702486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:46.249{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40900-false10.0.1.12-8000- 11241100x8000000000000000702487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56e61189e3e88312023-02-07 15:13:46.595root 11241100x8000000000000000702488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6e1ae287875fd92023-02-07 15:13:47.095root 11241100x8000000000000000702489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c27300bc792d112023-02-07 15:13:47.595root 11241100x8000000000000000702490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a370f7351f4b5bf22023-02-07 15:13:48.095root 11241100x8000000000000000702491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fa5fd798555db62023-02-07 15:13:48.595root 11241100x8000000000000000702492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c6f646e11870ef2023-02-07 15:13:49.095root 11241100x8000000000000000702493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f45af3bd7e876a2023-02-07 15:13:49.595root 11241100x8000000000000000702494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0a2458ff38fc062023-02-07 15:13:50.095root 11241100x8000000000000000702495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ebc561c87cff712023-02-07 15:13:50.595root 11241100x8000000000000000702496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c36c0d182f9cdf02023-02-07 15:13:51.095root 11241100x8000000000000000702497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782557e48922b0512023-02-07 15:13:51.595root 11241100x8000000000000000702499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.092{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75c6814db3a71952023-02-07 15:13:52.092root 354300x8000000000000000702498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.092{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40912-false10.0.1.12-8000- 154100x8000000000000000702500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.208{ec244aba-6ab0-63e2-6894-c540c0550000}6106/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000702501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.220{ec244aba-6ab0-63e2-6894-c540c0550000}6106/bin/psroot 11241100x8000000000000000702505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8e960bf994823d2023-02-07 15:13:52.345root 11241100x8000000000000000702504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f54041d64192c532023-02-07 15:13:52.345root 11241100x8000000000000000702503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab97d68f47dfc4d2023-02-07 15:13:52.345root 11241100x8000000000000000702502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc53bb1e83cb3092023-02-07 15:13:52.345root 11241100x8000000000000000702509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee488dd1147d7452023-02-07 15:13:52.845root 11241100x8000000000000000702508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd675e03db6acd42023-02-07 15:13:52.845root 11241100x8000000000000000702507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3fb697930ebdd42023-02-07 15:13:52.845root 11241100x8000000000000000702506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f0dd94247872cb2023-02-07 15:13:52.845root 11241100x8000000000000000702513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f537628c03ba162023-02-07 15:13:53.346root 11241100x8000000000000000702512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f1cc6fb2a22fe92023-02-07 15:13:53.346root 11241100x8000000000000000702511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc573a5521c8eb492023-02-07 15:13:53.346root 11241100x8000000000000000702510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326812bf0f7460eb2023-02-07 15:13:53.346root 11241100x8000000000000000702517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9591ace7fb5293aa2023-02-07 15:13:53.845root 11241100x8000000000000000702516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7b2643650257d02023-02-07 15:13:53.845root 11241100x8000000000000000702515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe8be93c77da8fc2023-02-07 15:13:53.845root 11241100x8000000000000000702514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:53.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bf207ba5fed59c2023-02-07 15:13:53.845root 11241100x8000000000000000702521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fd77cc585d3f6b2023-02-07 15:13:54.345root 11241100x8000000000000000702520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ab4faa279930db2023-02-07 15:13:54.345root 11241100x8000000000000000702519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7395fe5b0635292023-02-07 15:13:54.345root 11241100x8000000000000000702518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dfbab6c9de21222023-02-07 15:13:54.345root 11241100x8000000000000000702522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.730{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:13:54.730root 11241100x8000000000000000702526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faeed240739432bd2023-02-07 15:13:54.731root 11241100x8000000000000000702525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13454bbb44ef02a42023-02-07 15:13:54.731root 11241100x8000000000000000702524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a0d21092ac58d02023-02-07 15:13:54.731root 11241100x8000000000000000702523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688d434dccaa55012023-02-07 15:13:54.731root 11241100x8000000000000000702528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f34c1d6334042642023-02-07 15:13:55.095root 11241100x8000000000000000702527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcaab536ac2c78b2023-02-07 15:13:55.095root 11241100x8000000000000000702531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb914ab8fc6b295d2023-02-07 15:13:55.096root 11241100x8000000000000000702530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c261625d3290ad622023-02-07 15:13:55.096root 11241100x8000000000000000702529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a921c0ff2121b7412023-02-07 15:13:55.096root 11241100x8000000000000000702536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848f06704f275caf2023-02-07 15:13:55.595root 11241100x8000000000000000702535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e745dfba3fb49c12023-02-07 15:13:55.595root 11241100x8000000000000000702534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40223800fdb8b8262023-02-07 15:13:55.595root 11241100x8000000000000000702533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc3bb1e85504e842023-02-07 15:13:55.595root 11241100x8000000000000000702532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dc9ae9099fd3c82023-02-07 15:13:55.595root 11241100x8000000000000000702541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e359260dc4673d402023-02-07 15:13:56.095root 11241100x8000000000000000702540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe53674c393eee662023-02-07 15:13:56.095root 11241100x8000000000000000702539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8719353ca722c922023-02-07 15:13:56.095root 11241100x8000000000000000702538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb2aa7821f0c94a2023-02-07 15:13:56.095root 11241100x8000000000000000702537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceff053e8c390192023-02-07 15:13:56.095root 11241100x8000000000000000702545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2408c3259b3afb2023-02-07 15:13:56.595root 11241100x8000000000000000702544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460420e4c10181082023-02-07 15:13:56.595root 11241100x8000000000000000702543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52492d7ef67e24d42023-02-07 15:13:56.595root 11241100x8000000000000000702542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be9d92c438d63012023-02-07 15:13:56.595root 11241100x8000000000000000702546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c73d17b100203082023-02-07 15:13:56.596root 11241100x8000000000000000702549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e4b3d0bcc070302023-02-07 15:13:57.095root 11241100x8000000000000000702548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1997420fbcaa598f2023-02-07 15:13:57.095root 11241100x8000000000000000702547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ca3b1d676d53d82023-02-07 15:13:57.095root 11241100x8000000000000000702551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c66a43d5cdaeb02023-02-07 15:13:57.096root 11241100x8000000000000000702550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd2126e81d3b7d2023-02-07 15:13:57.096root 354300x8000000000000000702552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.229{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44416-false10.0.1.12-8000- 11241100x8000000000000000702557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb858738b7d127a2023-02-07 15:13:57.595root 11241100x8000000000000000702556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a0eae28da00f022023-02-07 15:13:57.595root 11241100x8000000000000000702555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db365bf4eec4b3322023-02-07 15:13:57.595root 11241100x8000000000000000702554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc805585011b14f2023-02-07 15:13:57.595root 11241100x8000000000000000702553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2556dec7c46a5082023-02-07 15:13:57.595root 11241100x8000000000000000702558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6137f1bdaabeb7512023-02-07 15:13:57.596root 23542300x8000000000000000702559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:57.732{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000702562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299efcd2185e6de82023-02-07 15:13:58.095root 11241100x8000000000000000702561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799371e88979da112023-02-07 15:13:58.095root 11241100x8000000000000000702560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64005544651091c42023-02-07 15:13:58.095root 11241100x8000000000000000702566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47691909558cdd562023-02-07 15:13:58.096root 11241100x8000000000000000702565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3ca894482389922023-02-07 15:13:58.096root 11241100x8000000000000000702564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dd1263705997f92023-02-07 15:13:58.096root 11241100x8000000000000000702563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a232dfb134ac2042023-02-07 15:13:58.096root 11241100x8000000000000000702570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aa0c3e4e5374f72023-02-07 15:13:58.595root 11241100x8000000000000000702569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5324f363073fad32023-02-07 15:13:58.595root 11241100x8000000000000000702568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f16eaf6b002c662023-02-07 15:13:58.595root 11241100x8000000000000000702567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6647ca3553b63072023-02-07 15:13:58.595root 11241100x8000000000000000702573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4817c1a0ae94a2752023-02-07 15:13:58.596root 11241100x8000000000000000702572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3491903985e052023-02-07 15:13:58.596root 11241100x8000000000000000702571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7d9fdeeef9dc52023-02-07 15:13:58.596root 11241100x8000000000000000702577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78807cc9e333876f2023-02-07 15:13:59.095root 11241100x8000000000000000702576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6816a806144e9e72023-02-07 15:13:59.095root 11241100x8000000000000000702575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb30537302ed7932023-02-07 15:13:59.095root 11241100x8000000000000000702574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f3ddcc48ad4ed52023-02-07 15:13:59.095root 11241100x8000000000000000702580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d22b934b52b423a2023-02-07 15:13:59.096root 11241100x8000000000000000702579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315958e04de22d3c2023-02-07 15:13:59.096root 11241100x8000000000000000702578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae33b8c8c47b0a32023-02-07 15:13:59.096root 11241100x8000000000000000702582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884b3a5b529d283a2023-02-07 15:13:59.595root 11241100x8000000000000000702581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2932411cbd4d0ab12023-02-07 15:13:59.595root 11241100x8000000000000000702587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b592adc705f98642023-02-07 15:13:59.596root 11241100x8000000000000000702586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750fe33f988e815b2023-02-07 15:13:59.596root 11241100x8000000000000000702585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a5cdc15c809cf22023-02-07 15:13:59.596root 11241100x8000000000000000702584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8323358ddeb4c52023-02-07 15:13:59.596root 11241100x8000000000000000702583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:13:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692c600d03279e3d2023-02-07 15:13:59.596root 11241100x8000000000000000702592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc7b0fffb4e54832023-02-07 15:14:00.095root 11241100x8000000000000000702591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df123dff3e88d002023-02-07 15:14:00.095root 11241100x8000000000000000702590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3496f53653684402023-02-07 15:14:00.095root 11241100x8000000000000000702589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2827a8d4c1c6afdf2023-02-07 15:14:00.095root 11241100x8000000000000000702588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151fb74520361a7c2023-02-07 15:14:00.095root 11241100x8000000000000000702594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b3ecc4f8b8d8392023-02-07 15:14:00.096root 11241100x8000000000000000702593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d272bfe012a77c172023-02-07 15:14:00.096root 11241100x8000000000000000702599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d18428be92b7ab82023-02-07 15:14:00.595root 11241100x8000000000000000702598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074749595426aedf2023-02-07 15:14:00.595root 11241100x8000000000000000702597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39815b55b5a2ebb2023-02-07 15:14:00.595root 11241100x8000000000000000702596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640417f2737585a82023-02-07 15:14:00.595root 11241100x8000000000000000702595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f40415e13f32cca2023-02-07 15:14:00.595root 11241100x8000000000000000702601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a39c7baec35f32023-02-07 15:14:00.596root 11241100x8000000000000000702600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe92e661bf3c82cb2023-02-07 15:14:00.596root 11241100x8000000000000000702605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41fad712470320e2023-02-07 15:14:01.097root 11241100x8000000000000000702604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95115205d1e01f8a2023-02-07 15:14:01.097root 11241100x8000000000000000702603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca1a218e997e6ce2023-02-07 15:14:01.097root 11241100x8000000000000000702602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8252ce91ec2955eb2023-02-07 15:14:01.097root 11241100x8000000000000000702608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2e5bc6499d215d2023-02-07 15:14:01.098root 11241100x8000000000000000702607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dcb995b8f8eac72023-02-07 15:14:01.098root 11241100x8000000000000000702606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc089e2fcd471d5d2023-02-07 15:14:01.098root 11241100x8000000000000000702613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d374a730b151f362023-02-07 15:14:01.595root 11241100x8000000000000000702612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af78ddd96d7de61f2023-02-07 15:14:01.595root 11241100x8000000000000000702611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6145749742c06d2023-02-07 15:14:01.595root 11241100x8000000000000000702610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ab26834b40643f2023-02-07 15:14:01.595root 11241100x8000000000000000702609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bb2964ac8314b22023-02-07 15:14:01.595root 11241100x8000000000000000702615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7724fb0b51ba3e2023-02-07 15:14:01.596root 11241100x8000000000000000702614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a50787d54cb0772023-02-07 15:14:01.596root 11241100x8000000000000000702619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d422515219a6ab2023-02-07 15:14:02.095root 11241100x8000000000000000702618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f184770356f8482023-02-07 15:14:02.095root 11241100x8000000000000000702617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e60451b908c26a82023-02-07 15:14:02.095root 11241100x8000000000000000702616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83182874593f229c2023-02-07 15:14:02.095root 11241100x8000000000000000702622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b916cf97b600b72023-02-07 15:14:02.096root 11241100x8000000000000000702621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3ddd6b0a6cc34c2023-02-07 15:14:02.096root 11241100x8000000000000000702620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66346c0a06042eee2023-02-07 15:14:02.096root 11241100x8000000000000000702624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59c0e24670572552023-02-07 15:14:02.595root 11241100x8000000000000000702623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a859614d6d0f0642023-02-07 15:14:02.595root 11241100x8000000000000000702629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe62e7e415391c2023-02-07 15:14:02.596root 11241100x8000000000000000702628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746b733ce0737c942023-02-07 15:14:02.596root 11241100x8000000000000000702627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d13c40d4fb48b82023-02-07 15:14:02.596root 11241100x8000000000000000702626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59482b36ff67481d2023-02-07 15:14:02.596root 11241100x8000000000000000702625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b310da8406eaaa62023-02-07 15:14:02.596root 354300x8000000000000000702630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.027{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44418-false10.0.1.12-8000- 11241100x8000000000000000702638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787c064d5fb7fb962023-02-07 15:14:03.028root 11241100x8000000000000000702637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ea5a61729df9132023-02-07 15:14:03.028root 11241100x8000000000000000702636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5834fc6e8fe1844a2023-02-07 15:14:03.028root 11241100x8000000000000000702635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242c613f37f0c5882023-02-07 15:14:03.028root 11241100x8000000000000000702634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328834bc8d3bb3052023-02-07 15:14:03.028root 11241100x8000000000000000702633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac5d981ac3da0852023-02-07 15:14:03.028root 11241100x8000000000000000702632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4bf4c0b64fbe1f2023-02-07 15:14:03.028root 11241100x8000000000000000702631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da52f269979e4c622023-02-07 15:14:03.028root 11241100x8000000000000000702642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fa9434b1bd5ff02023-02-07 15:14:03.345root 11241100x8000000000000000702641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525657cf7b23d4872023-02-07 15:14:03.345root 11241100x8000000000000000702640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea0b00d616f7a9b2023-02-07 15:14:03.345root 11241100x8000000000000000702639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf780dc52dc4ab002023-02-07 15:14:03.345root 11241100x8000000000000000702646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1f8af6c3c5740c2023-02-07 15:14:03.346root 11241100x8000000000000000702645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfba5125974fcb6b2023-02-07 15:14:03.346root 11241100x8000000000000000702644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941876a835b02d202023-02-07 15:14:03.346root 11241100x8000000000000000702643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2637d786ac8d05172023-02-07 15:14:03.346root 11241100x8000000000000000702650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c5f1198da6713a2023-02-07 15:14:03.845root 11241100x8000000000000000702649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6814d5e502bde2023-02-07 15:14:03.845root 11241100x8000000000000000702648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858264b924ecabf02023-02-07 15:14:03.845root 11241100x8000000000000000702647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3564776a321d23ce2023-02-07 15:14:03.845root 11241100x8000000000000000702654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cabec9161be73932023-02-07 15:14:03.846root 11241100x8000000000000000702653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feb164c2e50dd0c2023-02-07 15:14:03.846root 11241100x8000000000000000702652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b824a54290f681412023-02-07 15:14:03.846root 11241100x8000000000000000702651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431d781a08725f092023-02-07 15:14:03.846root 11241100x8000000000000000702660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b070e129efec9bc02023-02-07 15:14:04.346root 11241100x8000000000000000702659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a94dc48fa05b6972023-02-07 15:14:04.346root 11241100x8000000000000000702658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef454d45e27b4a8c2023-02-07 15:14:04.346root 11241100x8000000000000000702657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839bb2d193e4eb102023-02-07 15:14:04.346root 11241100x8000000000000000702656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5be2515619401e2023-02-07 15:14:04.346root 11241100x8000000000000000702655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0052eba959bd69982023-02-07 15:14:04.346root 11241100x8000000000000000702662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674eb6f9e9e234fa2023-02-07 15:14:04.347root 11241100x8000000000000000702661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc53f76e998639c2023-02-07 15:14:04.347root 11241100x8000000000000000702664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ba2453ed7301a32023-02-07 15:14:04.845root 11241100x8000000000000000702663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a623089fcacc7482023-02-07 15:14:04.845root 11241100x8000000000000000702670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d6037f2998ef472023-02-07 15:14:04.846root 11241100x8000000000000000702669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55abe1b9b28c6b3b2023-02-07 15:14:04.846root 11241100x8000000000000000702668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6e10f0a168a35b2023-02-07 15:14:04.846root 11241100x8000000000000000702667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f9f957a04b1d782023-02-07 15:14:04.846root 11241100x8000000000000000702666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524fe607d7b528a2023-02-07 15:14:04.846root 11241100x8000000000000000702665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799aebd8a2b469f2023-02-07 15:14:04.846root 11241100x8000000000000000702672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fa2e36dc995d812023-02-07 15:14:05.345root 11241100x8000000000000000702671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691906e12981b3632023-02-07 15:14:05.345root 11241100x8000000000000000702678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b9171bfe5bad32023-02-07 15:14:05.346root 11241100x8000000000000000702677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9c1de50ad029782023-02-07 15:14:05.346root 11241100x8000000000000000702676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ece79e42986b82023-02-07 15:14:05.346root 11241100x8000000000000000702675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bbb98368b100522023-02-07 15:14:05.346root 11241100x8000000000000000702674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6fa179e37339a2023-02-07 15:14:05.346root 11241100x8000000000000000702673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ec0bbc9e9f4f942023-02-07 15:14:05.346root 11241100x8000000000000000702683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9502b0aab94c0c5a2023-02-07 15:14:05.845root 11241100x8000000000000000702682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45873df4368aa0a72023-02-07 15:14:05.845root 11241100x8000000000000000702681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dd64101129165f2023-02-07 15:14:05.845root 11241100x8000000000000000702680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91c4772ee643ffb2023-02-07 15:14:05.845root 11241100x8000000000000000702679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bba4722fdc2ae52023-02-07 15:14:05.845root 11241100x8000000000000000702686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bd3bd8dff386212023-02-07 15:14:05.846root 11241100x8000000000000000702685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c131dbc4e2a362e52023-02-07 15:14:05.846root 11241100x8000000000000000702684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e63b5c146b9e592023-02-07 15:14:05.846root 11241100x8000000000000000702691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03e784558faa2ea2023-02-07 15:14:06.345root 11241100x8000000000000000702690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecb69809487fac02023-02-07 15:14:06.345root 11241100x8000000000000000702689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741a7651f1bb5dd12023-02-07 15:14:06.345root 11241100x8000000000000000702688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9825fd8e9778fc2023-02-07 15:14:06.345root 11241100x8000000000000000702687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79676b4695618a8d2023-02-07 15:14:06.345root 11241100x8000000000000000702694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5feb679d1a83dd2b2023-02-07 15:14:06.346root 11241100x8000000000000000702693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038086ae0480de9e2023-02-07 15:14:06.346root 11241100x8000000000000000702692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e87e4d6072e1d52023-02-07 15:14:06.346root 11241100x8000000000000000702695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafc4af0282c8d5e2023-02-07 15:14:06.845root 11241100x8000000000000000702701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619151c8d295a2a22023-02-07 15:14:06.846root 11241100x8000000000000000702700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b7cae93d441af42023-02-07 15:14:06.846root 11241100x8000000000000000702699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99cbf320f1e2b892023-02-07 15:14:06.846root 11241100x8000000000000000702698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152151de235737102023-02-07 15:14:06.846root 11241100x8000000000000000702697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b874e6b975826e1a2023-02-07 15:14:06.846root 11241100x8000000000000000702696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12293deff95ca6822023-02-07 15:14:06.846root 11241100x8000000000000000702702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e087257b4de93b972023-02-07 15:14:06.847root 11241100x8000000000000000702707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e84763f1b560112023-02-07 15:14:07.345root 11241100x8000000000000000702706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0ad1c95daf01452023-02-07 15:14:07.345root 11241100x8000000000000000702705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc09d5c27f9125682023-02-07 15:14:07.345root 11241100x8000000000000000702704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebb371f299110a82023-02-07 15:14:07.345root 11241100x8000000000000000702703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9dcb990dc07d762023-02-07 15:14:07.345root 11241100x8000000000000000702710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab922ea84ee700522023-02-07 15:14:07.346root 11241100x8000000000000000702709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95e0b5fd3cee65c2023-02-07 15:14:07.346root 11241100x8000000000000000702708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f43e47759c618c82023-02-07 15:14:07.346root 11241100x8000000000000000702713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a24394899df33112023-02-07 15:14:07.845root 11241100x8000000000000000702712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33e59648d60d132023-02-07 15:14:07.845root 11241100x8000000000000000702711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f2a9b315c5db402023-02-07 15:14:07.845root 11241100x8000000000000000702718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656a84e9891177fd2023-02-07 15:14:07.846root 11241100x8000000000000000702717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb74fa36ed6fce6d2023-02-07 15:14:07.846root 11241100x8000000000000000702716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518106f855365d282023-02-07 15:14:07.846root 11241100x8000000000000000702715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c28b6a207293b32023-02-07 15:14:07.846root 11241100x8000000000000000702714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a43a3a929344b2023-02-07 15:14:07.846root 354300x8000000000000000702719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.083{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38570-false10.0.1.12-8000- 11241100x8000000000000000702721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d60ba1b3d05032023-02-07 15:14:08.345root 11241100x8000000000000000702720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f366251ad6c9a2023-02-07 15:14:08.345root 11241100x8000000000000000702728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1848f1332faeb9102023-02-07 15:14:08.346root 11241100x8000000000000000702727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e814adc4fc6c202d2023-02-07 15:14:08.346root 11241100x8000000000000000702726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aedba125e728982023-02-07 15:14:08.346root 11241100x8000000000000000702725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea26719e59505d2023-02-07 15:14:08.346root 11241100x8000000000000000702724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b9e49096c58a6a2023-02-07 15:14:08.346root 11241100x8000000000000000702723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0bd8f8b468010f2023-02-07 15:14:08.346root 11241100x8000000000000000702722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae86b5a43771b8b2023-02-07 15:14:08.346root 11241100x8000000000000000702730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f49e23a7e832e02023-02-07 15:14:08.845root 11241100x8000000000000000702729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dad157437fe3942023-02-07 15:14:08.845root 11241100x8000000000000000702737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e695533385a05712023-02-07 15:14:08.846root 11241100x8000000000000000702736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887c624349c4b1142023-02-07 15:14:08.846root 11241100x8000000000000000702735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7d80c99e5d119c2023-02-07 15:14:08.846root 11241100x8000000000000000702734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc619b90b1662c32023-02-07 15:14:08.846root 11241100x8000000000000000702733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b677d8903398757d2023-02-07 15:14:08.846root 11241100x8000000000000000702732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff381a0a87b0df4b2023-02-07 15:14:08.846root 11241100x8000000000000000702731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a195eff157de5dab2023-02-07 15:14:08.846root 11241100x8000000000000000702744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e778b4cceda5b2a22023-02-07 15:14:09.345root 11241100x8000000000000000702743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8133e78eace94672023-02-07 15:14:09.345root 11241100x8000000000000000702742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dff4e2e3b7e9c3e2023-02-07 15:14:09.345root 11241100x8000000000000000702741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fdb118f9580ad22023-02-07 15:14:09.345root 11241100x8000000000000000702740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306974a2f63b8ee2023-02-07 15:14:09.345root 11241100x8000000000000000702739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0104476b07fa26d62023-02-07 15:14:09.345root 11241100x8000000000000000702738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ca68b3e236be8f2023-02-07 15:14:09.345root 11241100x8000000000000000702746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56d1eead035473f2023-02-07 15:14:09.346root 11241100x8000000000000000702745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67db8fb13f7b18962023-02-07 15:14:09.346root 11241100x8000000000000000702750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f125aee41513e2cb2023-02-07 15:14:09.845root 11241100x8000000000000000702749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b98bc50b2d24f832023-02-07 15:14:09.845root 11241100x8000000000000000702748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fef141cbed3ffa2023-02-07 15:14:09.845root 11241100x8000000000000000702747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e62e1f01de0af2023-02-07 15:14:09.845root 11241100x8000000000000000702755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d34111653cc99f92023-02-07 15:14:09.846root 11241100x8000000000000000702754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71b8988455693c72023-02-07 15:14:09.846root 11241100x8000000000000000702753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3e87671277dd6d2023-02-07 15:14:09.846root 11241100x8000000000000000702752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea139f536a5888542023-02-07 15:14:09.846root 11241100x8000000000000000702751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63483e4b8c6462932023-02-07 15:14:09.846root 11241100x8000000000000000702760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9053c12f13fba1bd2023-02-07 15:14:10.345root 11241100x8000000000000000702759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edfe27096cec71c2023-02-07 15:14:10.345root 11241100x8000000000000000702758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958e939edf0fde092023-02-07 15:14:10.345root 11241100x8000000000000000702757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa5396b2121c2d92023-02-07 15:14:10.345root 11241100x8000000000000000702756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afffa454799a5632023-02-07 15:14:10.345root 11241100x8000000000000000702764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dc641bfeca83d32023-02-07 15:14:10.346root 11241100x8000000000000000702763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db5db04393df5fc2023-02-07 15:14:10.346root 11241100x8000000000000000702762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d3f8fc5af510552023-02-07 15:14:10.346root 11241100x8000000000000000702761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab70948a552e72f2023-02-07 15:14:10.346root 11241100x8000000000000000702768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb629e50c028cc0e2023-02-07 15:14:10.845root 11241100x8000000000000000702767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f87b99e41441ba2023-02-07 15:14:10.845root 11241100x8000000000000000702766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf63cf0fda5d3632023-02-07 15:14:10.845root 11241100x8000000000000000702765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a92c7bff74e5352023-02-07 15:14:10.845root 11241100x8000000000000000702773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4e09391eb1d3cc2023-02-07 15:14:10.846root 11241100x8000000000000000702772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235e09321393e8d22023-02-07 15:14:10.846root 11241100x8000000000000000702771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2ccea2c179fd1c2023-02-07 15:14:10.846root 11241100x8000000000000000702770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc876bc38a0c5172023-02-07 15:14:10.846root 11241100x8000000000000000702769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc4984fe0f3a4bf2023-02-07 15:14:10.846root 11241100x8000000000000000702775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5c42c73aabc1102023-02-07 15:14:11.345root 11241100x8000000000000000702774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf59a5dfb708ee22023-02-07 15:14:11.345root 11241100x8000000000000000702782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641b64b5e1278e302023-02-07 15:14:11.346root 11241100x8000000000000000702781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57774408dbcd0dcb2023-02-07 15:14:11.346root 11241100x8000000000000000702780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5799a7fb257075de2023-02-07 15:14:11.346root 11241100x8000000000000000702779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec581b5fa95fb512023-02-07 15:14:11.346root 11241100x8000000000000000702778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7885ae232dfa14d22023-02-07 15:14:11.346root 11241100x8000000000000000702777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ef54f6bf5a13b2023-02-07 15:14:11.346root 11241100x8000000000000000702776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f98b2ba356b90c2023-02-07 15:14:11.346root 11241100x8000000000000000702786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ae2be8dd1d66bd2023-02-07 15:14:11.845root 11241100x8000000000000000702785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c877f5584d3d8f2023-02-07 15:14:11.845root 11241100x8000000000000000702784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23280fbe50e89382023-02-07 15:14:11.845root 11241100x8000000000000000702783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884c275ab21efe4e2023-02-07 15:14:11.845root 11241100x8000000000000000702791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07592d465f833c882023-02-07 15:14:11.846root 11241100x8000000000000000702790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13071c77f5a949972023-02-07 15:14:11.846root 11241100x8000000000000000702789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8655de993422f4032023-02-07 15:14:11.846root 11241100x8000000000000000702788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd7ee65f3f65dab2023-02-07 15:14:11.846root 11241100x8000000000000000702787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadcecd201f1c9952023-02-07 15:14:11.846root 11241100x8000000000000000702795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35104d1feedfc80f2023-02-07 15:14:12.345root 11241100x8000000000000000702794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d442db0dd8c9f42023-02-07 15:14:12.345root 11241100x8000000000000000702793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9676c78f5aedeb5c2023-02-07 15:14:12.345root 11241100x8000000000000000702792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ca4f6a49c4acb52023-02-07 15:14:12.345root 11241100x8000000000000000702800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306e6cc3755b3bef2023-02-07 15:14:12.346root 11241100x8000000000000000702799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23cbdc353dea3b92023-02-07 15:14:12.346root 11241100x8000000000000000702798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d274f6d56bda229f2023-02-07 15:14:12.346root 11241100x8000000000000000702797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f96933b513097f2023-02-07 15:14:12.346root 11241100x8000000000000000702796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f44228f396bd9692023-02-07 15:14:12.346root 11241100x8000000000000000702803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32504469fbc894722023-02-07 15:14:12.845root 11241100x8000000000000000702802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ded6d6360d525032023-02-07 15:14:12.845root 11241100x8000000000000000702801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85db6200260eda22023-02-07 15:14:12.845root 11241100x8000000000000000702809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1da3baf6fc63a3b2023-02-07 15:14:12.846root 11241100x8000000000000000702808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd3260dda5d54642023-02-07 15:14:12.846root 11241100x8000000000000000702807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d471bbce7b79b412023-02-07 15:14:12.846root 11241100x8000000000000000702806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89942ef79c97bf6d2023-02-07 15:14:12.846root 11241100x8000000000000000702805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b147bab21f6ded2023-02-07 15:14:12.846root 11241100x8000000000000000702804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04cb5a04a65307a2023-02-07 15:14:12.846root 11241100x8000000000000000702812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43891a93ace33f872023-02-07 15:14:13.345root 11241100x8000000000000000702811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fb9a718c3040b62023-02-07 15:14:13.345root 11241100x8000000000000000702810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce0ef9d528ae7682023-02-07 15:14:13.345root 11241100x8000000000000000702818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dbc9c4186c62362023-02-07 15:14:13.346root 11241100x8000000000000000702817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52b1bd463e124b22023-02-07 15:14:13.346root 11241100x8000000000000000702816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e2236183cb43472023-02-07 15:14:13.346root 11241100x8000000000000000702815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4432977e564ed3c62023-02-07 15:14:13.346root 11241100x8000000000000000702814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b996fc2ed915bb2023-02-07 15:14:13.346root 11241100x8000000000000000702813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a002d534e438ae2023-02-07 15:14:13.346root 11241100x8000000000000000702822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0fbaac41c71b6d2023-02-07 15:14:13.845root 11241100x8000000000000000702821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60afe67b0afd1d2a2023-02-07 15:14:13.845root 11241100x8000000000000000702820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bad5dee6777a472023-02-07 15:14:13.845root 11241100x8000000000000000702819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba21869099f64d02023-02-07 15:14:13.845root 11241100x8000000000000000702827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdb127bafe1e7022023-02-07 15:14:13.846root 11241100x8000000000000000702826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878881cde00b304a2023-02-07 15:14:13.846root 11241100x8000000000000000702825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda683175ec1ded32023-02-07 15:14:13.846root 11241100x8000000000000000702824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6643d942a4b001332023-02-07 15:14:13.846root 11241100x8000000000000000702823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99480fed42523c52023-02-07 15:14:13.846root 354300x8000000000000000702828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.060{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38582-false10.0.1.12-8000- 11241100x8000000000000000702831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e409939e22ca10fb2023-02-07 15:14:14.345root 11241100x8000000000000000702830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab3599f7f77bfc2023-02-07 15:14:14.345root 11241100x8000000000000000702829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36b2953e13a14572023-02-07 15:14:14.345root 11241100x8000000000000000702838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf381309a43a95e42023-02-07 15:14:14.346root 11241100x8000000000000000702837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ff928023b34d692023-02-07 15:14:14.346root 11241100x8000000000000000702836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efae9db4c4e9f7a2023-02-07 15:14:14.346root 11241100x8000000000000000702835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f950726fac20a2023-02-07 15:14:14.346root 11241100x8000000000000000702834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c7d5ba8d73f5d2023-02-07 15:14:14.346root 11241100x8000000000000000702833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fc669eeadad9de2023-02-07 15:14:14.346root 11241100x8000000000000000702832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fb2e5a409df12c2023-02-07 15:14:14.346root 354300x8000000000000000702839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.549{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-35712-false10.0.1.12-8089- 11241100x8000000000000000702850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693c84eccf3d15e32023-02-07 15:14:14.846root 11241100x8000000000000000702849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c5cc318a5a22ba2023-02-07 15:14:14.846root 11241100x8000000000000000702848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f771af820849232023-02-07 15:14:14.846root 11241100x8000000000000000702847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eff67d1dec2f8e12023-02-07 15:14:14.846root 11241100x8000000000000000702846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7c1dd6e5df9e432023-02-07 15:14:14.846root 11241100x8000000000000000702845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efce577352f64c12023-02-07 15:14:14.846root 11241100x8000000000000000702844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8649c3f542fac62d2023-02-07 15:14:14.846root 11241100x8000000000000000702843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537bc3aa0bbcd2b22023-02-07 15:14:14.846root 11241100x8000000000000000702842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1af64df7ee1f892023-02-07 15:14:14.846root 11241100x8000000000000000702841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d10531b343413212023-02-07 15:14:14.846root 11241100x8000000000000000702840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a13071b9c6a13a82023-02-07 15:14:14.846root 11241100x8000000000000000702851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f131eb4c86b10f2023-02-07 15:14:15.345root 11241100x8000000000000000702861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9a144542b3aeee2023-02-07 15:14:15.346root 11241100x8000000000000000702860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14535deb377b5dc2023-02-07 15:14:15.346root 11241100x8000000000000000702859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf3a8d15a1983902023-02-07 15:14:15.346root 11241100x8000000000000000702858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e728cc67e3802b02023-02-07 15:14:15.346root 11241100x8000000000000000702857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508f8faa776bf3ae2023-02-07 15:14:15.346root 11241100x8000000000000000702856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4afac62e1c54222023-02-07 15:14:15.346root 11241100x8000000000000000702855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc897bde266216b02023-02-07 15:14:15.346root 11241100x8000000000000000702854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5147281b9bbcbcc12023-02-07 15:14:15.346root 11241100x8000000000000000702853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab2bad97563f9942023-02-07 15:14:15.346root 11241100x8000000000000000702852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55d3b51518b5cad2023-02-07 15:14:15.346root 11241100x8000000000000000702864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85456c825abaf742023-02-07 15:14:15.845root 11241100x8000000000000000702863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d88e3011a5d9992023-02-07 15:14:15.845root 11241100x8000000000000000702862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3894a07bec5b9e182023-02-07 15:14:15.845root 11241100x8000000000000000702872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ae2647e4c5f8bd2023-02-07 15:14:15.846root 11241100x8000000000000000702871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2afc9449c42d4262023-02-07 15:14:15.846root 11241100x8000000000000000702870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165c85251d59d1a42023-02-07 15:14:15.846root 11241100x8000000000000000702869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12d962ec160bf022023-02-07 15:14:15.846root 11241100x8000000000000000702868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b4f79f13c523b22023-02-07 15:14:15.846root 11241100x8000000000000000702867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cda61ee2bfc8b9d2023-02-07 15:14:15.846root 11241100x8000000000000000702866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818571e2de770dbd2023-02-07 15:14:15.846root 11241100x8000000000000000702865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cb38f6651b6bf72023-02-07 15:14:15.846root 11241100x8000000000000000702874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800718440e6ee55e2023-02-07 15:14:16.345root 11241100x8000000000000000702873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295c85bea1f2a2ad2023-02-07 15:14:16.345root 11241100x8000000000000000702883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c938c8266495d52023-02-07 15:14:16.346root 11241100x8000000000000000702882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5f59a6b18aec0e2023-02-07 15:14:16.346root 11241100x8000000000000000702881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cb49e7eda625852023-02-07 15:14:16.346root 11241100x8000000000000000702880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bab80ed229dc042023-02-07 15:14:16.346root 11241100x8000000000000000702879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384762cf793de6c2023-02-07 15:14:16.346root 11241100x8000000000000000702878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084eea567d6e38f72023-02-07 15:14:16.346root 11241100x8000000000000000702877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40b1aad357fb5c72023-02-07 15:14:16.346root 11241100x8000000000000000702876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5f2a28e4ca70e52023-02-07 15:14:16.346root 11241100x8000000000000000702875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d6b3fe3a5d16262023-02-07 15:14:16.346root 11241100x8000000000000000702886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5bc64d9f1684f92023-02-07 15:14:16.845root 11241100x8000000000000000702885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3296adad6ae24c2023-02-07 15:14:16.845root 11241100x8000000000000000702884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2426b061fb4b132023-02-07 15:14:16.845root 11241100x8000000000000000702894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22a379f4d1d28a22023-02-07 15:14:16.846root 11241100x8000000000000000702893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e930ebe2d7fd52023-02-07 15:14:16.846root 11241100x8000000000000000702892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1034ef16896499df2023-02-07 15:14:16.846root 11241100x8000000000000000702891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144b249be85ec3d02023-02-07 15:14:16.846root 11241100x8000000000000000702890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066ac1293a045d9c2023-02-07 15:14:16.846root 11241100x8000000000000000702889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0520e71b50a2241f2023-02-07 15:14:16.846root 11241100x8000000000000000702888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984994dcaae6673a2023-02-07 15:14:16.846root 11241100x8000000000000000702887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea37fd88a3ebd1852023-02-07 15:14:16.846root 11241100x8000000000000000702896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33817c2cebfa62212023-02-07 15:14:17.345root 11241100x8000000000000000702895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054b891265139b0b2023-02-07 15:14:17.345root 11241100x8000000000000000702905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321185f782549e12023-02-07 15:14:17.346root 11241100x8000000000000000702904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a209e5d35a769f32023-02-07 15:14:17.346root 11241100x8000000000000000702903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8332532f2d8be1a2023-02-07 15:14:17.346root 11241100x8000000000000000702902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2ea88724d91b552023-02-07 15:14:17.346root 11241100x8000000000000000702901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6915289a4aa689522023-02-07 15:14:17.346root 11241100x8000000000000000702900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f33336451c295da2023-02-07 15:14:17.346root 11241100x8000000000000000702899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974429a68e9835b62023-02-07 15:14:17.346root 11241100x8000000000000000702898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e050438d5098411c2023-02-07 15:14:17.346root 11241100x8000000000000000702897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b31df096fb540c2023-02-07 15:14:17.346root 11241100x8000000000000000702907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a388ef765dd5983e2023-02-07 15:14:17.845root 11241100x8000000000000000702906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd7b90fbf7170b62023-02-07 15:14:17.845root 11241100x8000000000000000702916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191d6fc1023195212023-02-07 15:14:17.846root 11241100x8000000000000000702915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b38bbae961071b2023-02-07 15:14:17.846root 11241100x8000000000000000702914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d769ccf6f99ae52023-02-07 15:14:17.846root 11241100x8000000000000000702913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5fd38ac2a79d82023-02-07 15:14:17.846root 11241100x8000000000000000702912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304eda56b46eee982023-02-07 15:14:17.846root 11241100x8000000000000000702911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147f57e480adb4442023-02-07 15:14:17.846root 11241100x8000000000000000702910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c435be2b4181fbb42023-02-07 15:14:17.846root 11241100x8000000000000000702909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ce5db4223ac57c2023-02-07 15:14:17.846root 11241100x8000000000000000702908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc559bc64a2b0f9b2023-02-07 15:14:17.846root 11241100x8000000000000000702919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f9809d47b4d73b2023-02-07 15:14:18.345root 11241100x8000000000000000702918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d71ce6794bdb1442023-02-07 15:14:18.345root 11241100x8000000000000000702917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836b804af1ba6902023-02-07 15:14:18.345root 11241100x8000000000000000702927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19da3dda9ca29f172023-02-07 15:14:18.346root 11241100x8000000000000000702926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e05362db244c3c2023-02-07 15:14:18.346root 11241100x8000000000000000702925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b97571426309dd22023-02-07 15:14:18.346root 11241100x8000000000000000702924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b904cbf957bfb62023-02-07 15:14:18.346root 11241100x8000000000000000702923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3fe833b34ae50f2023-02-07 15:14:18.346root 11241100x8000000000000000702922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5575e1fa0ab8f472023-02-07 15:14:18.346root 11241100x8000000000000000702921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea56dabd349dee0b2023-02-07 15:14:18.346root 11241100x8000000000000000702920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85902900919b0ad2023-02-07 15:14:18.346root 11241100x8000000000000000702930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4a051028cae9aa2023-02-07 15:14:18.845root 11241100x8000000000000000702929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08cd85d7a528be52023-02-07 15:14:18.845root 11241100x8000000000000000702928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785d20e4c6cf33662023-02-07 15:14:18.845root 11241100x8000000000000000702938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3411a442ab5cd0632023-02-07 15:14:18.846root 11241100x8000000000000000702937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f23ff16fcfa3af2023-02-07 15:14:18.846root 11241100x8000000000000000702936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6d01bfa922dfe52023-02-07 15:14:18.846root 11241100x8000000000000000702935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36da7054441ac7f02023-02-07 15:14:18.846root 11241100x8000000000000000702934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8eea2b8c796bb42023-02-07 15:14:18.846root 11241100x8000000000000000702933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4866962c1b2f6baa2023-02-07 15:14:18.846root 11241100x8000000000000000702932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d0b0613aa053e22023-02-07 15:14:18.846root 11241100x8000000000000000702931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322f413ebf967f732023-02-07 15:14:18.846root 354300x8000000000000000702939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.135{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42238-false10.0.1.12-8000- 11241100x8000000000000000702951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2703287b54ce5e2e2023-02-07 15:14:19.136root 11241100x8000000000000000702950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfac436d1e7420042023-02-07 15:14:19.136root 11241100x8000000000000000702949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda7ca04a67cc75e2023-02-07 15:14:19.136root 11241100x8000000000000000702948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69572ed97b0f64422023-02-07 15:14:19.136root 11241100x8000000000000000702947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34511574dfb55c242023-02-07 15:14:19.136root 11241100x8000000000000000702946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbf46ffda53f5e82023-02-07 15:14:19.136root 11241100x8000000000000000702945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4431b11da4e29d2023-02-07 15:14:19.136root 11241100x8000000000000000702944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da9dce0336fddee2023-02-07 15:14:19.136root 11241100x8000000000000000702943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dbd96bbcfee7272023-02-07 15:14:19.136root 11241100x8000000000000000702942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223ed18f305937dc2023-02-07 15:14:19.136root 11241100x8000000000000000702941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fe2aaacd6b94342023-02-07 15:14:19.136root 11241100x8000000000000000702940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e4bcb862d3bbe32023-02-07 15:14:19.136root 11241100x8000000000000000702958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be0dbef2f4e03582023-02-07 15:14:19.595root 11241100x8000000000000000702957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ec5a5340931f3c2023-02-07 15:14:19.595root 11241100x8000000000000000702956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e151990161be732023-02-07 15:14:19.595root 11241100x8000000000000000702955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2746d769ae7b262023-02-07 15:14:19.595root 11241100x8000000000000000702954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5f365516a59dd92023-02-07 15:14:19.595root 11241100x8000000000000000702953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c82b33142595622023-02-07 15:14:19.595root 11241100x8000000000000000702952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057f82e2a0f91e192023-02-07 15:14:19.595root 11241100x8000000000000000702963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44233d22ae735e22023-02-07 15:14:19.596root 11241100x8000000000000000702962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c278bd2e9b9923e2023-02-07 15:14:19.596root 11241100x8000000000000000702961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa231016a6b37d712023-02-07 15:14:19.596root 11241100x8000000000000000702960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596746956d61d8f52023-02-07 15:14:19.596root 11241100x8000000000000000702959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4d8e47d05c91a42023-02-07 15:14:19.596root 11241100x8000000000000000702967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9333e70da32837142023-02-07 15:14:20.096root 11241100x8000000000000000702966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2762a360d93662023-02-07 15:14:20.096root 11241100x8000000000000000702965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755818d0376ccc4d2023-02-07 15:14:20.096root 11241100x8000000000000000702964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91b09dbadeeb8eb2023-02-07 15:14:20.096root 11241100x8000000000000000702973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632e7e1c5da98a7c2023-02-07 15:14:20.097root 11241100x8000000000000000702972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0a821f5abfaa62023-02-07 15:14:20.097root 11241100x8000000000000000702971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9838790672c0c9a52023-02-07 15:14:20.097root 11241100x8000000000000000702970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7e18b7417bcc3c2023-02-07 15:14:20.097root 11241100x8000000000000000702969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f44ae3526ed03312023-02-07 15:14:20.097root 11241100x8000000000000000702968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6880f4cdafb518f92023-02-07 15:14:20.097root 11241100x8000000000000000702975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f2acdf0bedc2962023-02-07 15:14:20.098root 11241100x8000000000000000702974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b848ee6842ea1ebe2023-02-07 15:14:20.098root 11241100x8000000000000000702980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a22488cf4d0b90b2023-02-07 15:14:20.595root 11241100x8000000000000000702979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bf23d6a1a5bedf2023-02-07 15:14:20.595root 11241100x8000000000000000702978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179106a4ae168e012023-02-07 15:14:20.595root 11241100x8000000000000000702977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6f931d620e15d62023-02-07 15:14:20.595root 11241100x8000000000000000702976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed85533f8c2e1892023-02-07 15:14:20.595root 11241100x8000000000000000702985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dec5e1cfce7a8822023-02-07 15:14:20.596root 11241100x8000000000000000702984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6779b6f394f074e92023-02-07 15:14:20.596root 11241100x8000000000000000702983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e2392e24a405e92023-02-07 15:14:20.596root 11241100x8000000000000000702982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bf13bb9906eafe2023-02-07 15:14:20.596root 11241100x8000000000000000702981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afc841e19bfa6482023-02-07 15:14:20.596root 11241100x8000000000000000702988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28799397e3872042023-02-07 15:14:20.597root 11241100x8000000000000000702987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17594d45a659a062023-02-07 15:14:20.597root 11241100x8000000000000000702986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333cd3a5519cb3172023-02-07 15:14:20.597root 11241100x8000000000000000702995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8a0de5036a589d2023-02-07 15:14:21.095root 11241100x8000000000000000702994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f03665a4703472023-02-07 15:14:21.095root 11241100x8000000000000000702993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76226f0e8e77b6372023-02-07 15:14:21.095root 11241100x8000000000000000702992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf66ee208f3874c2023-02-07 15:14:21.095root 11241100x8000000000000000702991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d451204197efd2ea2023-02-07 15:14:21.095root 11241100x8000000000000000702990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f728345c6862cbdc2023-02-07 15:14:21.095root 11241100x8000000000000000702989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdadfdf562981482023-02-07 15:14:21.095root 11241100x8000000000000000703000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b798f0a04f16fe2023-02-07 15:14:21.096root 11241100x8000000000000000702999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2469e1e9e0ed01682023-02-07 15:14:21.096root 11241100x8000000000000000702998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2856520725582cb2023-02-07 15:14:21.096root 11241100x8000000000000000702997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ed92a5ecdbd9b62023-02-07 15:14:21.096root 11241100x8000000000000000702996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67f535f872ac5862023-02-07 15:14:21.096root 11241100x8000000000000000703007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f761c1f180810e582023-02-07 15:14:21.595root 11241100x8000000000000000703006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cd1d417e7ea1222023-02-07 15:14:21.595root 11241100x8000000000000000703005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ad964e3090d8e92023-02-07 15:14:21.595root 11241100x8000000000000000703004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844d453b6d8c9bde2023-02-07 15:14:21.595root 11241100x8000000000000000703003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c265d9f01e53aee22023-02-07 15:14:21.595root 11241100x8000000000000000703002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fb7421a90afcf42023-02-07 15:14:21.595root 11241100x8000000000000000703001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5426a1ed5d0db4d2023-02-07 15:14:21.595root 11241100x8000000000000000703012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b32ea68a09dbff2023-02-07 15:14:21.596root 11241100x8000000000000000703011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab72f9d72abb5092023-02-07 15:14:21.596root 11241100x8000000000000000703010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8dfc7bd13762f02023-02-07 15:14:21.596root 11241100x8000000000000000703009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be4daf3161976492023-02-07 15:14:21.596root 11241100x8000000000000000703008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b630586004fe834b2023-02-07 15:14:21.596root 11241100x8000000000000000703017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda130e2af9228a2023-02-07 15:14:22.095root 11241100x8000000000000000703016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a194fe9beea5bf3a2023-02-07 15:14:22.095root 11241100x8000000000000000703015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a596709e1f9f94e2023-02-07 15:14:22.095root 11241100x8000000000000000703014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac3c8e934f052c2023-02-07 15:14:22.095root 11241100x8000000000000000703013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434d3de05a5444412023-02-07 15:14:22.095root 11241100x8000000000000000703024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff584a105da439be2023-02-07 15:14:22.096root 11241100x8000000000000000703023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6a382f593e3952023-02-07 15:14:22.096root 11241100x8000000000000000703022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55622c09cded76cd2023-02-07 15:14:22.096root 11241100x8000000000000000703021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c144a84e20262a8d2023-02-07 15:14:22.096root 11241100x8000000000000000703020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80ff674a81ce802023-02-07 15:14:22.096root 11241100x8000000000000000703019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e545e6be406ccd2023-02-07 15:14:22.096root 11241100x8000000000000000703018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8933f32db040d5de2023-02-07 15:14:22.096root 11241100x8000000000000000703032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ecdddc0900f7e42023-02-07 15:14:22.595root 11241100x8000000000000000703031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7969ed06b5155a242023-02-07 15:14:22.595root 11241100x8000000000000000703030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f2345ac4a4275a2023-02-07 15:14:22.595root 11241100x8000000000000000703029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed22fda46f2fcb92023-02-07 15:14:22.595root 11241100x8000000000000000703028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0409102e4bcf5f52023-02-07 15:14:22.595root 11241100x8000000000000000703027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300a1eef02d1477d2023-02-07 15:14:22.595root 11241100x8000000000000000703026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6478afb5882112c22023-02-07 15:14:22.595root 11241100x8000000000000000703025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29767688d038bddf2023-02-07 15:14:22.595root 11241100x8000000000000000703036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568addf56f3a0b3c2023-02-07 15:14:22.596root 11241100x8000000000000000703035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e725c879bafe38152023-02-07 15:14:22.596root 11241100x8000000000000000703034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1af4c89ee40e2f2023-02-07 15:14:22.596root 11241100x8000000000000000703033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf1256ff1d4b7112023-02-07 15:14:22.596root 11241100x8000000000000000703038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4b2dd6190086db2023-02-07 15:14:23.095root 11241100x8000000000000000703037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdd867945664f6a2023-02-07 15:14:23.095root 11241100x8000000000000000703042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e4a898ca7f4c692023-02-07 15:14:23.096root 11241100x8000000000000000703041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b147674b10f150152023-02-07 15:14:23.096root 11241100x8000000000000000703040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c112dc24d9e06dd62023-02-07 15:14:23.096root 11241100x8000000000000000703039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91c44239d8418cc2023-02-07 15:14:23.096root 11241100x8000000000000000703046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c19a81199aac202023-02-07 15:14:23.097root 11241100x8000000000000000703045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc84f20184235932023-02-07 15:14:23.097root 11241100x8000000000000000703044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03488541d75dce92023-02-07 15:14:23.097root 11241100x8000000000000000703043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8b6c51ab46b8302023-02-07 15:14:23.097root 11241100x8000000000000000703048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b045fc9fbf84cb12023-02-07 15:14:23.098root 11241100x8000000000000000703047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732006a0a1a909c42023-02-07 15:14:23.098root 11241100x8000000000000000703053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc75904dad5ccd92023-02-07 15:14:23.596root 11241100x8000000000000000703052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8275df3cd6121a5c2023-02-07 15:14:23.596root 11241100x8000000000000000703051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f7547963a5e52b2023-02-07 15:14:23.596root 11241100x8000000000000000703050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b7fb70c99d62d12023-02-07 15:14:23.596root 11241100x8000000000000000703049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fd7ba5ff014db02023-02-07 15:14:23.596root 11241100x8000000000000000703060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8109ce3f53f8b2c2023-02-07 15:14:23.597root 11241100x8000000000000000703059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51966f73d0fc03752023-02-07 15:14:23.597root 11241100x8000000000000000703058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dad4fdb13ec3ef2023-02-07 15:14:23.597root 11241100x8000000000000000703057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafb03d3ccd637f32023-02-07 15:14:23.597root 11241100x8000000000000000703056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3ac63214bcf92d2023-02-07 15:14:23.597root 11241100x8000000000000000703055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baefe2307a31e4d2023-02-07 15:14:23.597root 11241100x8000000000000000703054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb3e62daf29acf32023-02-07 15:14:23.597root 11241100x8000000000000000703062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0166393d548a5e2023-02-07 15:14:24.095root 11241100x8000000000000000703061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea34bfb7100bfd52023-02-07 15:14:24.095root 11241100x8000000000000000703066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de39e5c1ccb01c42023-02-07 15:14:24.096root 11241100x8000000000000000703065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7e11d0e6a007d82023-02-07 15:14:24.096root 11241100x8000000000000000703064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dc4adbc647f2932023-02-07 15:14:24.096root 11241100x8000000000000000703063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cc31dddcc41aa12023-02-07 15:14:24.096root 11241100x8000000000000000703072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba588d043295abec2023-02-07 15:14:24.097root 11241100x8000000000000000703071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66c9296d055768a2023-02-07 15:14:24.097root 11241100x8000000000000000703070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28cd342ecc554842023-02-07 15:14:24.097root 11241100x8000000000000000703069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7407bf64faeba2c72023-02-07 15:14:24.097root 11241100x8000000000000000703068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d03e91cb51229062023-02-07 15:14:24.097root 11241100x8000000000000000703067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553989959c6d46fb2023-02-07 15:14:24.097root 354300x8000000000000000703073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.204{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42244-false10.0.1.12-8000- 11241100x8000000000000000703080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e83cd0d34bf5dae2023-02-07 15:14:24.595root 11241100x8000000000000000703079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9437ef9a65bc1a2023-02-07 15:14:24.595root 11241100x8000000000000000703078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8e8cf032a409d02023-02-07 15:14:24.595root 11241100x8000000000000000703077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2fc3aa800dfcf62023-02-07 15:14:24.595root 11241100x8000000000000000703076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa63512829f55452023-02-07 15:14:24.595root 11241100x8000000000000000703075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba8773558af4e142023-02-07 15:14:24.595root 11241100x8000000000000000703074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dceca68508773a2023-02-07 15:14:24.595root 11241100x8000000000000000703086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8713c0a9e9d854082023-02-07 15:14:24.596root 11241100x8000000000000000703085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ff96f8b2bcd0782023-02-07 15:14:24.596root 11241100x8000000000000000703084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286c26f3cb806da72023-02-07 15:14:24.596root 11241100x8000000000000000703083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6968a874a51d732023-02-07 15:14:24.596root 11241100x8000000000000000703082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc47828ff46f8e232023-02-07 15:14:24.596root 11241100x8000000000000000703081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cc4551790f4f7a2023-02-07 15:14:24.596root 11241100x8000000000000000703087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:24.730{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:14:24.730root 11241100x8000000000000000703094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56a06e0976bdfb92023-02-07 15:14:25.095root 11241100x8000000000000000703093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757f9cad0525b6592023-02-07 15:14:25.095root 11241100x8000000000000000703092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62b0b30d5f0e23e2023-02-07 15:14:25.095root 11241100x8000000000000000703091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df933be5ce2256cd2023-02-07 15:14:25.095root 11241100x8000000000000000703090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e593fc733ab1b192023-02-07 15:14:25.095root 11241100x8000000000000000703089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cbe5a15895cefb2023-02-07 15:14:25.095root 11241100x8000000000000000703088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de4dde059dc4aaa2023-02-07 15:14:25.095root 11241100x8000000000000000703101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52776ce78e9ad18b2023-02-07 15:14:25.096root 11241100x8000000000000000703100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ae7c840a13088c2023-02-07 15:14:25.096root 11241100x8000000000000000703099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa53c0d30bfd7a62023-02-07 15:14:25.096root 11241100x8000000000000000703098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b461ea7eef870012023-02-07 15:14:25.096root 11241100x8000000000000000703097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac91ce51f6297702023-02-07 15:14:25.096root 11241100x8000000000000000703096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7344aca3957e2dd52023-02-07 15:14:25.096root 11241100x8000000000000000703095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbd8a7e142cba1c2023-02-07 15:14:25.096root 11241100x8000000000000000703107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eee0cd502e580d02023-02-07 15:14:25.595root 11241100x8000000000000000703106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2be2f4f38253582023-02-07 15:14:25.595root 11241100x8000000000000000703105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f124d717ef8ad72023-02-07 15:14:25.595root 11241100x8000000000000000703104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d3a3a00bd7ea342023-02-07 15:14:25.595root 11241100x8000000000000000703103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b37f6b678a4b6b2023-02-07 15:14:25.595root 11241100x8000000000000000703102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ba4bb27e1625182023-02-07 15:14:25.595root 11241100x8000000000000000703115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014fcfa7769383dc2023-02-07 15:14:25.596root 11241100x8000000000000000703114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273c22d219a137962023-02-07 15:14:25.596root 11241100x8000000000000000703113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1253f41bc2ac13232023-02-07 15:14:25.596root 11241100x8000000000000000703112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60543568967d5b0c2023-02-07 15:14:25.596root 11241100x8000000000000000703111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c6ea10792a195d2023-02-07 15:14:25.596root 11241100x8000000000000000703110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4abb1e588d1f1ef2023-02-07 15:14:25.596root 11241100x8000000000000000703109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90c7ea55bbde8a12023-02-07 15:14:25.596root 11241100x8000000000000000703108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840911bc883902a82023-02-07 15:14:25.596root 11241100x8000000000000000703123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0879028eaff3d5c52023-02-07 15:14:26.096root 11241100x8000000000000000703122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7730abf4788b47952023-02-07 15:14:26.096root 11241100x8000000000000000703121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d476f4ec0b4c4c12023-02-07 15:14:26.096root 11241100x8000000000000000703120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8196c6120c61efb32023-02-07 15:14:26.096root 11241100x8000000000000000703119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c675e6ed880c00a2023-02-07 15:14:26.096root 11241100x8000000000000000703118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e0a74a2796163c2023-02-07 15:14:26.096root 11241100x8000000000000000703117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef541523cd00ced2023-02-07 15:14:26.096root 11241100x8000000000000000703116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21646eb7825bb2062023-02-07 15:14:26.096root 11241100x8000000000000000703129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69549d8fd8ddb2032023-02-07 15:14:26.097root 11241100x8000000000000000703128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2f9bb13f5357a62023-02-07 15:14:26.097root 11241100x8000000000000000703127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8b1686e69cd72e2023-02-07 15:14:26.097root 11241100x8000000000000000703126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574b1c0b3ffe80e02023-02-07 15:14:26.097root 11241100x8000000000000000703125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8af125e785334f2023-02-07 15:14:26.097root 11241100x8000000000000000703124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73c9600123932132023-02-07 15:14:26.097root 11241100x8000000000000000703135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36af59f38b1f4c62023-02-07 15:14:26.595root 11241100x8000000000000000703134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fef6f7adf76e80c2023-02-07 15:14:26.595root 11241100x8000000000000000703133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ae2687149e1e4f2023-02-07 15:14:26.595root 11241100x8000000000000000703132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3c80bdb0b1f4822023-02-07 15:14:26.595root 11241100x8000000000000000703131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a4ba6017acc9c42023-02-07 15:14:26.595root 11241100x8000000000000000703130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cedae2fa8ec4022023-02-07 15:14:26.595root 11241100x8000000000000000703141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ac4abb12b83352023-02-07 15:14:26.596root 11241100x8000000000000000703140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023f33bd751c195a2023-02-07 15:14:26.596root 11241100x8000000000000000703139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe56f1a79b5ec52b2023-02-07 15:14:26.596root 11241100x8000000000000000703138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea73b49cd35239352023-02-07 15:14:26.596root 11241100x8000000000000000703137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b5bfbe1fd28a2f2023-02-07 15:14:26.596root 11241100x8000000000000000703136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb602bc14298222023-02-07 15:14:26.596root 11241100x8000000000000000703143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0579b249a8da9c212023-02-07 15:14:26.597root 11241100x8000000000000000703142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885205118e4285d2023-02-07 15:14:26.597root 11241100x8000000000000000703148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f4c0dbc99faa0f2023-02-07 15:14:27.095root 11241100x8000000000000000703147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3061890e423493d42023-02-07 15:14:27.095root 11241100x8000000000000000703146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a182343ec4b3632023-02-07 15:14:27.095root 11241100x8000000000000000703145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6858e3e99d32552a2023-02-07 15:14:27.095root 11241100x8000000000000000703144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6331089b3a9774262023-02-07 15:14:27.095root 11241100x8000000000000000703154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30afa2a581693a62023-02-07 15:14:27.096root 11241100x8000000000000000703153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f80c01e7dbb0fb2023-02-07 15:14:27.096root 11241100x8000000000000000703152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34b9b4a5ad51e382023-02-07 15:14:27.096root 11241100x8000000000000000703151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64d889c7518cb712023-02-07 15:14:27.096root 11241100x8000000000000000703150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b659ecd3294e7af12023-02-07 15:14:27.096root 11241100x8000000000000000703149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bcbad49414d10c2023-02-07 15:14:27.096root 11241100x8000000000000000703157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d018d04daf652202023-02-07 15:14:27.097root 11241100x8000000000000000703156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a925f131eb9197592023-02-07 15:14:27.097root 11241100x8000000000000000703155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d1624cf2be4fdb2023-02-07 15:14:27.097root 11241100x8000000000000000703159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e697a7895294607a2023-02-07 15:14:27.595root 11241100x8000000000000000703158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f2e15e88ee59242023-02-07 15:14:27.595root 11241100x8000000000000000703163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7b0b7cb794e6b62023-02-07 15:14:27.596root 11241100x8000000000000000703162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081e50f7a73fcab82023-02-07 15:14:27.596root 11241100x8000000000000000703161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfb365ec96c61d32023-02-07 15:14:27.596root 11241100x8000000000000000703160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3486e235b6a61d2023-02-07 15:14:27.596root 11241100x8000000000000000703169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bde75fb3618bfd12023-02-07 15:14:27.597root 11241100x8000000000000000703168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b81ce22b45684b32023-02-07 15:14:27.597root 11241100x8000000000000000703167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf874d66fd457a42023-02-07 15:14:27.597root 11241100x8000000000000000703166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622cbf340dba04212023-02-07 15:14:27.597root 11241100x8000000000000000703165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc5f31eb577e5ab2023-02-07 15:14:27.597root 11241100x8000000000000000703164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd6ee44f62db4d2023-02-07 15:14:27.597root 11241100x8000000000000000703171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af0c7090d414ba2023-02-07 15:14:27.598root 11241100x8000000000000000703170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7515bf7f5b998eb02023-02-07 15:14:27.598root 23542300x8000000000000000703172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:27.732{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000703178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f064a3c698c495912023-02-07 15:14:28.095root 11241100x8000000000000000703177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097849a897b14bba2023-02-07 15:14:28.095root 11241100x8000000000000000703176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658971cd2d8416db2023-02-07 15:14:28.095root 11241100x8000000000000000703175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819f6ecdea0ea5742023-02-07 15:14:28.095root 11241100x8000000000000000703174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f13feb211c15242023-02-07 15:14:28.095root 11241100x8000000000000000703173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb021d514eee8f2023-02-07 15:14:28.095root 11241100x8000000000000000703182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cfbd4f0ac96b212023-02-07 15:14:28.096root 11241100x8000000000000000703181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7929b7fa78b73372023-02-07 15:14:28.096root 11241100x8000000000000000703180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e577dcc05c26bd702023-02-07 15:14:28.096root 11241100x8000000000000000703179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f132e8ac39b02a2023-02-07 15:14:28.096root 11241100x8000000000000000703187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d439687527806d12023-02-07 15:14:28.097root 11241100x8000000000000000703186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d930d129ef2c6d382023-02-07 15:14:28.097root 11241100x8000000000000000703185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04af3a90b0da9b3f2023-02-07 15:14:28.097root 11241100x8000000000000000703184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b143ed7b30ffb7a2023-02-07 15:14:28.097root 11241100x8000000000000000703183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191f76a93883a1c62023-02-07 15:14:28.097root 11241100x8000000000000000703192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05af66f726f0cbe12023-02-07 15:14:28.595root 11241100x8000000000000000703191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15134f273acf9372023-02-07 15:14:28.595root 11241100x8000000000000000703190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76df9b54dbe0204c2023-02-07 15:14:28.595root 11241100x8000000000000000703189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c7b920a935e3f62023-02-07 15:14:28.595root 11241100x8000000000000000703188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5517c1b874f9364d2023-02-07 15:14:28.595root 11241100x8000000000000000703202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415ba76e471cadb2023-02-07 15:14:28.596root 11241100x8000000000000000703201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5d1f3cbc74863b2023-02-07 15:14:28.596root 11241100x8000000000000000703200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a023c6cd39469842023-02-07 15:14:28.596root 11241100x8000000000000000703199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2d292b4c15e9892023-02-07 15:14:28.596root 11241100x8000000000000000703198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108cb9e6674f78792023-02-07 15:14:28.596root 11241100x8000000000000000703197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162f748f3c30758b2023-02-07 15:14:28.596root 11241100x8000000000000000703196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8371ca963cea86f2023-02-07 15:14:28.596root 11241100x8000000000000000703195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e674631ef00ad52023-02-07 15:14:28.596root 11241100x8000000000000000703194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de58c3c02733d80a2023-02-07 15:14:28.596root 11241100x8000000000000000703193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8587047b743814882023-02-07 15:14:28.596root 11241100x8000000000000000703210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb001aed5145a4c2023-02-07 15:14:29.096root 11241100x8000000000000000703209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac118f25de4a17742023-02-07 15:14:29.096root 11241100x8000000000000000703208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5a969d7cb6f4582023-02-07 15:14:29.096root 11241100x8000000000000000703207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba24ff91110cde62023-02-07 15:14:29.096root 11241100x8000000000000000703206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517ba40cffd33c472023-02-07 15:14:29.096root 11241100x8000000000000000703205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda62bb50f682e72023-02-07 15:14:29.096root 11241100x8000000000000000703204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd69f1c9b568a0d2023-02-07 15:14:29.096root 11241100x8000000000000000703203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b554efffb925ff2023-02-07 15:14:29.096root 11241100x8000000000000000703217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333da69dc037a8db2023-02-07 15:14:29.097root 11241100x8000000000000000703216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f3846e1ec0a23c2023-02-07 15:14:29.097root 11241100x8000000000000000703215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f47633dc3b70cc2023-02-07 15:14:29.097root 11241100x8000000000000000703214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4a246a7e4cb7052023-02-07 15:14:29.097root 11241100x8000000000000000703213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c65b680efb45fc42023-02-07 15:14:29.097root 11241100x8000000000000000703212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32ca42f7c50b2f62023-02-07 15:14:29.097root 11241100x8000000000000000703211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f8c054208112ca2023-02-07 15:14:29.097root 354300x8000000000000000703218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.218{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46638-false10.0.1.12-8000- 11241100x8000000000000000703225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fd823076ccc86d2023-02-07 15:14:29.595root 11241100x8000000000000000703224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26578096ec7bc9d2023-02-07 15:14:29.595root 11241100x8000000000000000703223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d9e87b0822ec8d2023-02-07 15:14:29.595root 11241100x8000000000000000703222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d250f9e9e85cd22023-02-07 15:14:29.595root 11241100x8000000000000000703221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2694e2b3e1ea392023-02-07 15:14:29.595root 11241100x8000000000000000703220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac42d49428e2980a2023-02-07 15:14:29.595root 11241100x8000000000000000703219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94f7fc199ed39d62023-02-07 15:14:29.595root 11241100x8000000000000000703234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a763c00bd84b72023-02-07 15:14:29.596root 11241100x8000000000000000703233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0653da2f96fb23b32023-02-07 15:14:29.596root 11241100x8000000000000000703232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece974bed31a05a2023-02-07 15:14:29.596root 11241100x8000000000000000703231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32dbc10759659f62023-02-07 15:14:29.596root 11241100x8000000000000000703230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88561f01bf4926d2023-02-07 15:14:29.596root 11241100x8000000000000000703229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989f815daa0b64892023-02-07 15:14:29.596root 11241100x8000000000000000703228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffed93bab858cc152023-02-07 15:14:29.596root 11241100x8000000000000000703227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96ca94c4a713be72023-02-07 15:14:29.596root 11241100x8000000000000000703226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8456f5d0d8c2152023-02-07 15:14:29.596root 11241100x8000000000000000703241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50ea6a5fa82d0372023-02-07 15:14:30.095root 11241100x8000000000000000703240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2fa85a149f65af2023-02-07 15:14:30.095root 11241100x8000000000000000703239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ba518335995b9e2023-02-07 15:14:30.095root 11241100x8000000000000000703238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dbdef380fe1b522023-02-07 15:14:30.095root 11241100x8000000000000000703237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71f3ecc0f9b63e22023-02-07 15:14:30.095root 11241100x8000000000000000703236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0b74f4bd66f0222023-02-07 15:14:30.095root 11241100x8000000000000000703235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a6f78bc99597d52023-02-07 15:14:30.095root 11241100x8000000000000000703251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ed0680e8335fd12023-02-07 15:14:30.096root 11241100x8000000000000000703250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67be05f5566ac57b2023-02-07 15:14:30.096root 11241100x8000000000000000703249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b9ee669ff93e5e2023-02-07 15:14:30.096root 11241100x8000000000000000703248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8106c8f6a82cae2023-02-07 15:14:30.096root 11241100x8000000000000000703247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9963ac3f037658e2023-02-07 15:14:30.096root 11241100x8000000000000000703246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1d0e3845a4c9782023-02-07 15:14:30.096root 11241100x8000000000000000703245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589563db081642d82023-02-07 15:14:30.096root 11241100x8000000000000000703244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ef39e06d9792a02023-02-07 15:14:30.096root 11241100x8000000000000000703243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c654c72dd3d756a62023-02-07 15:14:30.096root 11241100x8000000000000000703242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49561473599f2682023-02-07 15:14:30.096root 11241100x8000000000000000703257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6af2298432d6d82023-02-07 15:14:30.595root 11241100x8000000000000000703256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a900a02d40a4ba8b2023-02-07 15:14:30.595root 11241100x8000000000000000703255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d240c0a02f4185e42023-02-07 15:14:30.595root 11241100x8000000000000000703254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d209971ab15f19a2023-02-07 15:14:30.595root 11241100x8000000000000000703253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ea0ec77f1672b22023-02-07 15:14:30.595root 11241100x8000000000000000703252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f307823a65c29062023-02-07 15:14:30.595root 11241100x8000000000000000703267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111092d34b435cb22023-02-07 15:14:30.596root 11241100x8000000000000000703266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d023ca8c7da97d52023-02-07 15:14:30.596root 11241100x8000000000000000703265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed88b345e0bb08552023-02-07 15:14:30.596root 11241100x8000000000000000703264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290b536b94c00df62023-02-07 15:14:30.596root 11241100x8000000000000000703263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91094576fed39b302023-02-07 15:14:30.596root 11241100x8000000000000000703262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc6730e32d6ba512023-02-07 15:14:30.596root 11241100x8000000000000000703261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff40eddf81124572023-02-07 15:14:30.596root 11241100x8000000000000000703260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9642e22df59b872d2023-02-07 15:14:30.596root 11241100x8000000000000000703259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79a9417ae44cec42023-02-07 15:14:30.596root 11241100x8000000000000000703258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419397ce0dbaa5252023-02-07 15:14:30.596root 11241100x8000000000000000703268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd4788f65503fb2023-02-07 15:14:30.597root 11241100x8000000000000000703273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393f82f06532d19d2023-02-07 15:14:31.095root 11241100x8000000000000000703272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bcce8cb4b4d9f32023-02-07 15:14:31.095root 11241100x8000000000000000703271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aa6f1ae0b17fef2023-02-07 15:14:31.095root 11241100x8000000000000000703270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4581b2094c7477642023-02-07 15:14:31.095root 11241100x8000000000000000703269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93887254325941832023-02-07 15:14:31.095root 11241100x8000000000000000703284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa824b7a53b98be2023-02-07 15:14:31.096root 11241100x8000000000000000703283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb5e10e3481cea52023-02-07 15:14:31.096root 11241100x8000000000000000703282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e9282a92034b062023-02-07 15:14:31.096root 11241100x8000000000000000703281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84e22b4ec660a102023-02-07 15:14:31.096root 11241100x8000000000000000703280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182944cbff224d902023-02-07 15:14:31.096root 11241100x8000000000000000703279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63e330da38cee7a2023-02-07 15:14:31.096root 11241100x8000000000000000703278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35502dae9c33e3e12023-02-07 15:14:31.096root 11241100x8000000000000000703277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae079d6c6915c43f2023-02-07 15:14:31.096root 11241100x8000000000000000703276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b05b0893a448c62023-02-07 15:14:31.096root 11241100x8000000000000000703275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c035ecda0c9a5a952023-02-07 15:14:31.096root 11241100x8000000000000000703274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fc429b315a03e72023-02-07 15:14:31.096root 11241100x8000000000000000703285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1236cf7fce23a95a2023-02-07 15:14:31.097root 11241100x8000000000000000703291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8763129705a561162023-02-07 15:14:31.595root 11241100x8000000000000000703290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebea7fe568e0d8a72023-02-07 15:14:31.595root 11241100x8000000000000000703289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418eca31bfd7151b2023-02-07 15:14:31.595root 11241100x8000000000000000703288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa1a556a75eada62023-02-07 15:14:31.595root 11241100x8000000000000000703287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9cf0ecc2928ea82023-02-07 15:14:31.595root 11241100x8000000000000000703286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8742ad936cf6a5e92023-02-07 15:14:31.595root 11241100x8000000000000000703300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a445c918a85cbfc2023-02-07 15:14:31.596root 11241100x8000000000000000703299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2f852311f0d0392023-02-07 15:14:31.596root 11241100x8000000000000000703298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c78eac3b30cef02023-02-07 15:14:31.596root 11241100x8000000000000000703297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229fbae72eb87002023-02-07 15:14:31.596root 11241100x8000000000000000703296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88fb001c39e682c2023-02-07 15:14:31.596root 11241100x8000000000000000703295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d995d6f103a984532023-02-07 15:14:31.596root 11241100x8000000000000000703294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552826d27fcc2eed2023-02-07 15:14:31.596root 11241100x8000000000000000703293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc378888c6df7a362023-02-07 15:14:31.596root 11241100x8000000000000000703292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82d1e10daccc7762023-02-07 15:14:31.596root 11241100x8000000000000000703302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394dea34074a97df2023-02-07 15:14:31.597root 11241100x8000000000000000703301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5909b08f805475a52023-02-07 15:14:31.597root 11241100x8000000000000000703304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d0e7309fff68f72023-02-07 15:14:32.095root 11241100x8000000000000000703303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea435a80dd3eed962023-02-07 15:14:32.095root 11241100x8000000000000000703311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166f5da0bede7e912023-02-07 15:14:32.096root 11241100x8000000000000000703310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3f872f96a666342023-02-07 15:14:32.096root 11241100x8000000000000000703309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b7f0b8bbfbdc772023-02-07 15:14:32.096root 11241100x8000000000000000703308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b51966bdab0b26e2023-02-07 15:14:32.096root 11241100x8000000000000000703307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cd6c4e93e8ecb52023-02-07 15:14:32.096root 11241100x8000000000000000703306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c032a9ceed73026b2023-02-07 15:14:32.096root 11241100x8000000000000000703305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb9e0dafe2e12f82023-02-07 15:14:32.096root 11241100x8000000000000000703320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d86a25ad628b4a2023-02-07 15:14:32.097root 11241100x8000000000000000703319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63f0a908c56d6302023-02-07 15:14:32.097root 11241100x8000000000000000703318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee238c4b822420122023-02-07 15:14:32.097root 11241100x8000000000000000703317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9f1c342cf3b68e2023-02-07 15:14:32.097root 11241100x8000000000000000703316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564275aa524f22012023-02-07 15:14:32.097root 11241100x8000000000000000703315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f103d6c12536ef22023-02-07 15:14:32.097root 11241100x8000000000000000703314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998392301b89ef6c2023-02-07 15:14:32.097root 11241100x8000000000000000703313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248738deefff9bb92023-02-07 15:14:32.097root 11241100x8000000000000000703312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fb7d1531f3a8cf2023-02-07 15:14:32.097root 11241100x8000000000000000703322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48775cca8e249cec2023-02-07 15:14:32.595root 11241100x8000000000000000703321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a296e35a375f82792023-02-07 15:14:32.595root 11241100x8000000000000000703332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6d7ce19abc18762023-02-07 15:14:32.596root 11241100x8000000000000000703331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f359831698f7022023-02-07 15:14:32.596root 11241100x8000000000000000703330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ae8e1e9661b95a2023-02-07 15:14:32.596root 11241100x8000000000000000703329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7371af46177c152023-02-07 15:14:32.596root 11241100x8000000000000000703328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7904684f965fc4e52023-02-07 15:14:32.596root 11241100x8000000000000000703327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb7b7bd068046ef2023-02-07 15:14:32.596root 11241100x8000000000000000703326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5715a4a6b02772b52023-02-07 15:14:32.596root 11241100x8000000000000000703325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13110625107798ba2023-02-07 15:14:32.596root 11241100x8000000000000000703324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a617dab0e7b67eaa2023-02-07 15:14:32.596root 11241100x8000000000000000703323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f394d2f09953d5712023-02-07 15:14:32.596root 11241100x8000000000000000703336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6e8fe3313a0e2b2023-02-07 15:14:32.597root 11241100x8000000000000000703335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25d7befb4829e282023-02-07 15:14:32.597root 11241100x8000000000000000703334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a35111563945002023-02-07 15:14:32.597root 11241100x8000000000000000703333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686659a3400e1c9d2023-02-07 15:14:32.597root 11241100x8000000000000000703343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893ce2a7c6e08f5e2023-02-07 15:14:33.095root 11241100x8000000000000000703342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b9de30b181eb7a2023-02-07 15:14:33.095root 11241100x8000000000000000703341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57bc5051c8a98112023-02-07 15:14:33.095root 11241100x8000000000000000703340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efdabd426798dba2023-02-07 15:14:33.095root 11241100x8000000000000000703339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52faf21d15da3ada2023-02-07 15:14:33.095root 11241100x8000000000000000703338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1957da230164ff2023-02-07 15:14:33.095root 11241100x8000000000000000703337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0358c0ecd3763bc62023-02-07 15:14:33.095root 11241100x8000000000000000703351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93428662a568f5ed2023-02-07 15:14:33.096root 11241100x8000000000000000703350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3332faad16fabbc62023-02-07 15:14:33.096root 11241100x8000000000000000703349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e7526d611702492023-02-07 15:14:33.096root 11241100x8000000000000000703348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edbceef229a44e82023-02-07 15:14:33.096root 11241100x8000000000000000703347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d178928a461a99e2023-02-07 15:14:33.096root 11241100x8000000000000000703346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf8dd92b55a58032023-02-07 15:14:33.096root 11241100x8000000000000000703345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e121cd20b2fed2023-02-07 15:14:33.096root 11241100x8000000000000000703344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07617fcf2bfd5bf82023-02-07 15:14:33.096root 11241100x8000000000000000703352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82cfd2c6d36ad132023-02-07 15:14:33.097root 11241100x8000000000000000703354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934b5f882f74afab2023-02-07 15:14:33.595root 11241100x8000000000000000703353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cbdda0aad124922023-02-07 15:14:33.595root 11241100x8000000000000000703357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340ca2df64b1fc492023-02-07 15:14:33.596root 11241100x8000000000000000703356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c96adb26505fd2023-02-07 15:14:33.596root 11241100x8000000000000000703355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba139d268369c882023-02-07 15:14:33.596root 11241100x8000000000000000703361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016eadfc304a23a62023-02-07 15:14:33.597root 11241100x8000000000000000703360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d719143a895c50b62023-02-07 15:14:33.597root 11241100x8000000000000000703359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2365c089ad83c32023-02-07 15:14:33.597root 11241100x8000000000000000703358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7837f8b56d2ebc52023-02-07 15:14:33.597root 11241100x8000000000000000703366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1dc4926e5b99e02023-02-07 15:14:33.598root 11241100x8000000000000000703365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4816330b06fd2512023-02-07 15:14:33.598root 11241100x8000000000000000703364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a185e21094c1472023-02-07 15:14:33.598root 11241100x8000000000000000703363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dff259324fc9c792023-02-07 15:14:33.598root 11241100x8000000000000000703362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4ff022f9cdcaf32023-02-07 15:14:33.598root 11241100x8000000000000000703368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655ed43a6c45ecf82023-02-07 15:14:33.599root 11241100x8000000000000000703367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca45eb0901bdac3c2023-02-07 15:14:33.599root 11241100x8000000000000000703370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21002f4c5631de4c2023-02-07 15:14:34.095root 11241100x8000000000000000703369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4282c93bb0abcecc2023-02-07 15:14:34.095root 11241100x8000000000000000703374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d83fef177e07a632023-02-07 15:14:34.096root 11241100x8000000000000000703373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b744f6ce1d4b23592023-02-07 15:14:34.096root 11241100x8000000000000000703372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa41f86dd46ca942023-02-07 15:14:34.096root 11241100x8000000000000000703371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbab2760c443b8132023-02-07 15:14:34.096root 11241100x8000000000000000703381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7892d1d8c4f850b52023-02-07 15:14:34.097root 11241100x8000000000000000703380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c4fea93dc514012023-02-07 15:14:34.097root 11241100x8000000000000000703379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119e943b9808514e2023-02-07 15:14:34.097root 11241100x8000000000000000703378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d290685e7f2308422023-02-07 15:14:34.097root 11241100x8000000000000000703377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790c3b8c1a36505d2023-02-07 15:14:34.097root 11241100x8000000000000000703376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbef7007f88d53882023-02-07 15:14:34.097root 11241100x8000000000000000703375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20826762b42ecf702023-02-07 15:14:34.097root 11241100x8000000000000000703384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afde4e04d460c742023-02-07 15:14:34.098root 11241100x8000000000000000703383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8760e310237e1a3a2023-02-07 15:14:34.098root 11241100x8000000000000000703382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93aa4ab2544fd2e2023-02-07 15:14:34.098root 11241100x8000000000000000703388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155558e343f568af2023-02-07 15:14:34.595root 11241100x8000000000000000703387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e4988eb48b82522023-02-07 15:14:34.595root 11241100x8000000000000000703386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ddc3616cb2cbb62023-02-07 15:14:34.595root 11241100x8000000000000000703385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3733af5608efa97c2023-02-07 15:14:34.595root 11241100x8000000000000000703398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b426602a715b062023-02-07 15:14:34.596root 11241100x8000000000000000703397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8589472777c20732023-02-07 15:14:34.596root 11241100x8000000000000000703396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7100eed14430a2c32023-02-07 15:14:34.596root 11241100x8000000000000000703395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af7425db7ddcd72023-02-07 15:14:34.596root 11241100x8000000000000000703394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2a1ea49ff86a732023-02-07 15:14:34.596root 11241100x8000000000000000703393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581865907772c2f32023-02-07 15:14:34.596root 11241100x8000000000000000703392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1921cc8e2c10da62023-02-07 15:14:34.596root 11241100x8000000000000000703391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c9af02ebbd80512023-02-07 15:14:34.596root 11241100x8000000000000000703390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0154097f41c4e82023-02-07 15:14:34.596root 11241100x8000000000000000703389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d358ee08a9c66bdb2023-02-07 15:14:34.596root 11241100x8000000000000000703400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dc292f93cbe3c72023-02-07 15:14:34.597root 11241100x8000000000000000703399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b88a5b15237d6402023-02-07 15:14:34.597root 11241100x8000000000000000703402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66430e83a1f337682023-02-07 15:14:35.082root 354300x8000000000000000703401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.082{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41990-false10.0.1.12-8000- 11241100x8000000000000000703407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2642a2cd8043b2582023-02-07 15:14:35.083root 11241100x8000000000000000703406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee897f1c7dfb6542023-02-07 15:14:35.083root 11241100x8000000000000000703405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90508ed78dce5e3f2023-02-07 15:14:35.083root 11241100x8000000000000000703404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77d85c5793c48382023-02-07 15:14:35.083root 11241100x8000000000000000703403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c72d13126153fab2023-02-07 15:14:35.083root 11241100x8000000000000000703412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d779f91cdf54a2023-02-07 15:14:35.084root 11241100x8000000000000000703411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ccf6897ea712f22023-02-07 15:14:35.084root 11241100x8000000000000000703410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed82ddd1495e7bcc2023-02-07 15:14:35.084root 11241100x8000000000000000703409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c19f00c046672302023-02-07 15:14:35.084root 11241100x8000000000000000703408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b3c6eb91f5aa5f2023-02-07 15:14:35.084root 11241100x8000000000000000703417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.085{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0242ddb5c92764832023-02-07 15:14:35.085root 11241100x8000000000000000703416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.085{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8de17df7100b802023-02-07 15:14:35.085root 11241100x8000000000000000703415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.085{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c6a18a01a540172023-02-07 15:14:35.085root 11241100x8000000000000000703414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.085{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc816cd4efbf5bcc2023-02-07 15:14:35.085root 11241100x8000000000000000703413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.085{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7cee621f97e4712023-02-07 15:14:35.085root 11241100x8000000000000000703420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.086{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d894cc9b5f7a475d2023-02-07 15:14:35.086root 11241100x8000000000000000703419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.086{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4170fa9976afb3302023-02-07 15:14:35.086root 11241100x8000000000000000703418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.086{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd154c555cd136e2023-02-07 15:14:35.086root 11241100x8000000000000000703422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bb6b176e63787d2023-02-07 15:14:35.345root 11241100x8000000000000000703421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4781b151fad68f2023-02-07 15:14:35.345root 11241100x8000000000000000703427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bbefa13046ef92023-02-07 15:14:35.346root 11241100x8000000000000000703426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab68cc10ab0ad2542023-02-07 15:14:35.346root 11241100x8000000000000000703425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45885d35e7f3803f2023-02-07 15:14:35.346root 11241100x8000000000000000703424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615e7bf691ad8abe2023-02-07 15:14:35.346root 11241100x8000000000000000703423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a38f67391bcb1232023-02-07 15:14:35.346root 11241100x8000000000000000703436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede07c289d2fa8992023-02-07 15:14:35.347root 11241100x8000000000000000703435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a7da56277ff39c2023-02-07 15:14:35.347root 11241100x8000000000000000703434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38a822614bb12fc2023-02-07 15:14:35.347root 11241100x8000000000000000703433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb443871076eaac2023-02-07 15:14:35.347root 11241100x8000000000000000703432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cd1bb8f908bdb72023-02-07 15:14:35.347root 11241100x8000000000000000703431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb409fbe5bcb04e72023-02-07 15:14:35.347root 11241100x8000000000000000703430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a9c91aafb343082023-02-07 15:14:35.347root 11241100x8000000000000000703429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2986bced035a572023-02-07 15:14:35.347root 11241100x8000000000000000703428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be17edd92de4b9a2023-02-07 15:14:35.347root 11241100x8000000000000000703443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40328005d1376ada2023-02-07 15:14:35.348root 11241100x8000000000000000703442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd2bdb9c89bc36c2023-02-07 15:14:35.348root 11241100x8000000000000000703441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06618d414f805fa32023-02-07 15:14:35.348root 11241100x8000000000000000703440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cea93434d60c3b02023-02-07 15:14:35.348root 11241100x8000000000000000703439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db6eda623aac68f2023-02-07 15:14:35.348root 11241100x8000000000000000703438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49fb0d49161059e2023-02-07 15:14:35.348root 11241100x8000000000000000703437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ad73e3007aaaee2023-02-07 15:14:35.348root 11241100x8000000000000000703451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5e78e2ae38f00f2023-02-07 15:14:35.846root 11241100x8000000000000000703450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76de00c1c449652f2023-02-07 15:14:35.846root 11241100x8000000000000000703449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c997e4d14a2b56d62023-02-07 15:14:35.846root 11241100x8000000000000000703448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c92aad2d38cfc22023-02-07 15:14:35.846root 11241100x8000000000000000703447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360b0dbecbfbb9be2023-02-07 15:14:35.846root 11241100x8000000000000000703446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b7e672a8fa447c2023-02-07 15:14:35.846root 11241100x8000000000000000703445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f870a48a952053332023-02-07 15:14:35.846root 11241100x8000000000000000703444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d927469fcecda402023-02-07 15:14:35.846root 11241100x8000000000000000703459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67da37142812b7852023-02-07 15:14:35.847root 11241100x8000000000000000703458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334ff4c9af00878d2023-02-07 15:14:35.847root 11241100x8000000000000000703457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc84240e2eb9f7fb2023-02-07 15:14:35.847root 11241100x8000000000000000703456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d7b3f3cce29cff2023-02-07 15:14:35.847root 11241100x8000000000000000703455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aeb3e7a3a12f242023-02-07 15:14:35.847root 11241100x8000000000000000703454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9943bde2cd0f76d92023-02-07 15:14:35.847root 11241100x8000000000000000703453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772a6eecce316eaa2023-02-07 15:14:35.847root 11241100x8000000000000000703452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5028d2ffba5fd4c2023-02-07 15:14:35.847root 11241100x8000000000000000703460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1a117c99d9f1512023-02-07 15:14:35.848root 11241100x8000000000000000703469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4a01193d648802023-02-07 15:14:36.346root 11241100x8000000000000000703468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02377c6eb8ccd5a52023-02-07 15:14:36.346root 11241100x8000000000000000703467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f3b7b5a1d743672023-02-07 15:14:36.346root 11241100x8000000000000000703466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf00ebbc643dff402023-02-07 15:14:36.346root 11241100x8000000000000000703465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bfb6abbfbc46b92023-02-07 15:14:36.346root 11241100x8000000000000000703464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31c25f90345b20b2023-02-07 15:14:36.346root 11241100x8000000000000000703463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5f831c7803844b2023-02-07 15:14:36.346root 11241100x8000000000000000703462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127437e4ce40a1fe2023-02-07 15:14:36.346root 11241100x8000000000000000703461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3fc71a663228602023-02-07 15:14:36.346root 11241100x8000000000000000703477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2aa787b947827b2023-02-07 15:14:36.347root 11241100x8000000000000000703476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe214d947d3a006e2023-02-07 15:14:36.347root 11241100x8000000000000000703475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cebd7db2605b5a2023-02-07 15:14:36.347root 11241100x8000000000000000703474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3547db5d3635f2332023-02-07 15:14:36.347root 11241100x8000000000000000703473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae31a24ae5f97b42023-02-07 15:14:36.347root 11241100x8000000000000000703472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27861fd6ac8fea492023-02-07 15:14:36.347root 11241100x8000000000000000703471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d076bdf341e3510d2023-02-07 15:14:36.347root 11241100x8000000000000000703470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e27d51f5b3abaa2023-02-07 15:14:36.347root 11241100x8000000000000000703478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f9350d0dc4d1592023-02-07 15:14:36.845root 11241100x8000000000000000703487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5091b3ad9c8e6e872023-02-07 15:14:36.846root 11241100x8000000000000000703486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c528ea75c9650a42023-02-07 15:14:36.846root 11241100x8000000000000000703485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add88fec6e0776d92023-02-07 15:14:36.846root 11241100x8000000000000000703484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2e7bd0534008382023-02-07 15:14:36.846root 11241100x8000000000000000703483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698306ed3febba0c2023-02-07 15:14:36.846root 11241100x8000000000000000703482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef766f815684feb2023-02-07 15:14:36.846root 11241100x8000000000000000703481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c69dfbd6d2c392023-02-07 15:14:36.846root 11241100x8000000000000000703480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909fd282eff1fbc52023-02-07 15:14:36.846root 11241100x8000000000000000703479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8849e66d68145a72023-02-07 15:14:36.846root 11241100x8000000000000000703494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e5eadce3c789c2023-02-07 15:14:36.847root 11241100x8000000000000000703493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abf1b4b685fa9fc2023-02-07 15:14:36.847root 11241100x8000000000000000703492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423b0425557d5a292023-02-07 15:14:36.847root 11241100x8000000000000000703491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae15523c40155782023-02-07 15:14:36.847root 11241100x8000000000000000703490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715887162d4b4dec2023-02-07 15:14:36.847root 11241100x8000000000000000703489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcffa53793dc2c392023-02-07 15:14:36.847root 11241100x8000000000000000703488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dee39f2c99d7d5c2023-02-07 15:14:36.847root 11241100x8000000000000000703499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1c2871f4020b362023-02-07 15:14:37.348root 11241100x8000000000000000703498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c64792dac3460022023-02-07 15:14:37.348root 11241100x8000000000000000703497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627d2dd119d8b0d42023-02-07 15:14:37.348root 11241100x8000000000000000703496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45accb74d4601f62023-02-07 15:14:37.348root 11241100x8000000000000000703495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241fc1841305aac12023-02-07 15:14:37.348root 11241100x8000000000000000703504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d300cb7d9c8a80ac2023-02-07 15:14:37.349root 11241100x8000000000000000703503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91d216e59ef29dc2023-02-07 15:14:37.349root 11241100x8000000000000000703502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239011ef89231e902023-02-07 15:14:37.349root 11241100x8000000000000000703501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f857171052cb2e2023-02-07 15:14:37.349root 11241100x8000000000000000703500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f182a449e8e89ae92023-02-07 15:14:37.349root 11241100x8000000000000000703509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b47eb084a7a66002023-02-07 15:14:37.350root 11241100x8000000000000000703508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b9d627b8b6ba1a2023-02-07 15:14:37.350root 11241100x8000000000000000703507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257ebefa789dd66f2023-02-07 15:14:37.350root 11241100x8000000000000000703506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc0b28794e709b22023-02-07 15:14:37.350root 11241100x8000000000000000703505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26546a3c6f3d5b5f2023-02-07 15:14:37.350root 11241100x8000000000000000703511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d3ef50e7442c1d2023-02-07 15:14:37.351root 11241100x8000000000000000703510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6e5f47692c15cf2023-02-07 15:14:37.351root 11241100x8000000000000000703512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e49a30a62381862023-02-07 15:14:37.845root 11241100x8000000000000000703522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f683cfa3f8440222023-02-07 15:14:37.846root 11241100x8000000000000000703521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979bd092868285992023-02-07 15:14:37.846root 11241100x8000000000000000703520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719a096ae72800302023-02-07 15:14:37.846root 11241100x8000000000000000703519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1df9c6a093236d2023-02-07 15:14:37.846root 11241100x8000000000000000703518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97b2b3d721361292023-02-07 15:14:37.846root 11241100x8000000000000000703517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec16d54a785345f92023-02-07 15:14:37.846root 11241100x8000000000000000703516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0d5b48d831c102023-02-07 15:14:37.846root 11241100x8000000000000000703515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9133e871aa0a15372023-02-07 15:14:37.846root 11241100x8000000000000000703514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ad971073fee04f2023-02-07 15:14:37.846root 11241100x8000000000000000703513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d3105d0074d0fd2023-02-07 15:14:37.846root 11241100x8000000000000000703528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2df3a38cc55dfc02023-02-07 15:14:37.847root 11241100x8000000000000000703527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9bca31d2190bab2023-02-07 15:14:37.847root 11241100x8000000000000000703526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f6b0180ad7552f2023-02-07 15:14:37.847root 11241100x8000000000000000703525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91af483eceb8095c2023-02-07 15:14:37.847root 11241100x8000000000000000703524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cd23b7db2f10a42023-02-07 15:14:37.847root 11241100x8000000000000000703523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbbf8ce903dafba2023-02-07 15:14:37.847root 11241100x8000000000000000703529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11ed53555f5d4452023-02-07 15:14:38.345root 11241100x8000000000000000703537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff57a9cfa23b7a982023-02-07 15:14:38.346root 11241100x8000000000000000703536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0e3bdd11f266952023-02-07 15:14:38.346root 11241100x8000000000000000703535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63464f09524a7b282023-02-07 15:14:38.346root 11241100x8000000000000000703534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abf03b5d6ac9fbf2023-02-07 15:14:38.346root 11241100x8000000000000000703533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a8660e5c8a9eda2023-02-07 15:14:38.346root 11241100x8000000000000000703532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a43bbb05fb9f4922023-02-07 15:14:38.346root 11241100x8000000000000000703531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbff1c39a4b4f332023-02-07 15:14:38.346root 11241100x8000000000000000703530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161df2e5846edc4b2023-02-07 15:14:38.346root 11241100x8000000000000000703545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae90426637169d42023-02-07 15:14:38.347root 11241100x8000000000000000703544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dfe594ab3f64a32023-02-07 15:14:38.347root 11241100x8000000000000000703543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc8c8dca12701162023-02-07 15:14:38.347root 11241100x8000000000000000703542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af3591de82f9e802023-02-07 15:14:38.347root 11241100x8000000000000000703541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09d294145c09a212023-02-07 15:14:38.347root 11241100x8000000000000000703540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91cdcf63b2d210b2023-02-07 15:14:38.347root 11241100x8000000000000000703539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2cc9cb364879af2023-02-07 15:14:38.347root 11241100x8000000000000000703538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e444c9cd8956d3a2023-02-07 15:14:38.347root 11241100x8000000000000000703546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cea6f6ad4c893b2023-02-07 15:14:38.845root 11241100x8000000000000000703552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d7c9a1d220f7a32023-02-07 15:14:38.846root 11241100x8000000000000000703551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39d76acd27b3dec2023-02-07 15:14:38.846root 11241100x8000000000000000703550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32f42eaae2d748b2023-02-07 15:14:38.846root 11241100x8000000000000000703549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4b595a579806e2023-02-07 15:14:38.846root 11241100x8000000000000000703548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d313631f2551dc0c2023-02-07 15:14:38.846root 11241100x8000000000000000703547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887811adb18fef472023-02-07 15:14:38.846root 11241100x8000000000000000703559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eece19657c66a92023-02-07 15:14:38.847root 11241100x8000000000000000703558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15348e352cba0c802023-02-07 15:14:38.847root 11241100x8000000000000000703557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e314eb201f32952023-02-07 15:14:38.847root 11241100x8000000000000000703556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e65b419818c58242023-02-07 15:14:38.847root 11241100x8000000000000000703555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab46af954925ecc2023-02-07 15:14:38.847root 11241100x8000000000000000703554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93305df247991e372023-02-07 15:14:38.847root 11241100x8000000000000000703553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9db5725bb6939c42023-02-07 15:14:38.847root 11241100x8000000000000000703562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7ad06bfce818c72023-02-07 15:14:38.848root 11241100x8000000000000000703561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cd5f41855848f12023-02-07 15:14:38.848root 11241100x8000000000000000703560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:38.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04877faecddf62c92023-02-07 15:14:38.848root 11241100x8000000000000000703570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce56830262988872023-02-07 15:14:39.346root 11241100x8000000000000000703569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809347b92d0fc4a42023-02-07 15:14:39.346root 11241100x8000000000000000703568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa206702754e4b8d2023-02-07 15:14:39.346root 11241100x8000000000000000703567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c629094fc60e81b52023-02-07 15:14:39.346root 11241100x8000000000000000703566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6589cdda78308b502023-02-07 15:14:39.346root 11241100x8000000000000000703565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa28bd2c22990342023-02-07 15:14:39.346root 11241100x8000000000000000703564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c488819f1c24242023-02-07 15:14:39.346root 11241100x8000000000000000703563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fffb346a3fedf32023-02-07 15:14:39.346root 11241100x8000000000000000703577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2315f4476df14b62023-02-07 15:14:39.347root 11241100x8000000000000000703576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b8c620bb8a59452023-02-07 15:14:39.347root 11241100x8000000000000000703575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7d7294bc8de7092023-02-07 15:14:39.347root 11241100x8000000000000000703574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4eb115068352252023-02-07 15:14:39.347root 11241100x8000000000000000703573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775a97fde142adf12023-02-07 15:14:39.347root 11241100x8000000000000000703572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345475ec0446275d2023-02-07 15:14:39.347root 11241100x8000000000000000703571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3fa496ee7619552023-02-07 15:14:39.347root 11241100x8000000000000000703579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2189c0d50c48e72023-02-07 15:14:39.348root 11241100x8000000000000000703578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3734eabb4d26bd532023-02-07 15:14:39.348root 11241100x8000000000000000703580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aa0db4ddea9b142023-02-07 15:14:39.845root 11241100x8000000000000000703588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e331e99a8b4a9dd72023-02-07 15:14:39.846root 11241100x8000000000000000703587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721d3f8402cef5662023-02-07 15:14:39.846root 11241100x8000000000000000703586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60fb289f613c52a2023-02-07 15:14:39.846root 11241100x8000000000000000703585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5847922fc4adbd222023-02-07 15:14:39.846root 11241100x8000000000000000703584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c65000e6ba0ddb92023-02-07 15:14:39.846root 11241100x8000000000000000703583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd8c0881d79dda22023-02-07 15:14:39.846root 11241100x8000000000000000703582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85262ed071b32822023-02-07 15:14:39.846root 11241100x8000000000000000703581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32774fa563f37a82023-02-07 15:14:39.846root 11241100x8000000000000000703596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1060f1971fcbedc82023-02-07 15:14:39.847root 11241100x8000000000000000703595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c850329d65e642a52023-02-07 15:14:39.847root 11241100x8000000000000000703594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2810cfa0bbda917a2023-02-07 15:14:39.847root 11241100x8000000000000000703593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e385ced0947100512023-02-07 15:14:39.847root 11241100x8000000000000000703592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b20f642603f56982023-02-07 15:14:39.847root 11241100x8000000000000000703591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40cf843822c33cd2023-02-07 15:14:39.847root 11241100x8000000000000000703590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c786b62cba0d140a2023-02-07 15:14:39.847root 11241100x8000000000000000703589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e77131a4ef0eaf2023-02-07 15:14:39.847root 11241100x8000000000000000703598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949207652caa4b5e2023-02-07 15:14:40.346root 11241100x8000000000000000703597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0097df8d99a4572023-02-07 15:14:40.346root 11241100x8000000000000000703602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585724bfc0e83cf92023-02-07 15:14:40.347root 11241100x8000000000000000703601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4258cff817a14ea2023-02-07 15:14:40.347root 11241100x8000000000000000703600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7224b8346baf30232023-02-07 15:14:40.347root 11241100x8000000000000000703599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854007d5543414bf2023-02-07 15:14:40.347root 11241100x8000000000000000703609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c97a1064792d8e82023-02-07 15:14:40.348root 11241100x8000000000000000703608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b3f01fe7eaef572023-02-07 15:14:40.348root 11241100x8000000000000000703607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79440f9cabbdfbf72023-02-07 15:14:40.348root 11241100x8000000000000000703606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f0be973c2957a62023-02-07 15:14:40.348root 11241100x8000000000000000703605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0027633bc04c9d222023-02-07 15:14:40.348root 11241100x8000000000000000703604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030687da701551c92023-02-07 15:14:40.348root 11241100x8000000000000000703603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704766c44277738d2023-02-07 15:14:40.348root 11241100x8000000000000000703613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d70b9261a689e4d2023-02-07 15:14:40.349root 11241100x8000000000000000703612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb75c556da2e6e522023-02-07 15:14:40.349root 11241100x8000000000000000703611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac948d08fa3a88232023-02-07 15:14:40.349root 11241100x8000000000000000703610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49b12982b103612023-02-07 15:14:40.349root 11241100x8000000000000000703627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827bb291f5df0af02023-02-07 15:14:40.846root 11241100x8000000000000000703626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4f2be58ffef3ef2023-02-07 15:14:40.846root 11241100x8000000000000000703625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f575a3a1f6ed32023-02-07 15:14:40.846root 11241100x8000000000000000703624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c5480cc9098d042023-02-07 15:14:40.846root 11241100x8000000000000000703623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3558b5c2eef6526c2023-02-07 15:14:40.846root 11241100x8000000000000000703622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63bcb38201e71042023-02-07 15:14:40.846root 11241100x8000000000000000703621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f4c947aa37d222023-02-07 15:14:40.846root 11241100x8000000000000000703620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eced85794e9dbc002023-02-07 15:14:40.846root 11241100x8000000000000000703619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f1eab45556f2832023-02-07 15:14:40.846root 11241100x8000000000000000703618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8075f7b80a948be52023-02-07 15:14:40.846root 11241100x8000000000000000703617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121767d80650cce02023-02-07 15:14:40.846root 11241100x8000000000000000703616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babe9912f70f0b052023-02-07 15:14:40.846root 11241100x8000000000000000703615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e996e1c5f0fff2023-02-07 15:14:40.846root 11241100x8000000000000000703614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64ca66d0c1730b02023-02-07 15:14:40.846root 11241100x8000000000000000703630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044c695aeabdecf22023-02-07 15:14:40.847root 11241100x8000000000000000703629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dddf6b889fc6b7a2023-02-07 15:14:40.847root 11241100x8000000000000000703628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31e7582db7d1fd12023-02-07 15:14:40.847root 354300x8000000000000000703631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.068{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41996-false10.0.1.12-8000- 11241100x8000000000000000703640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9ff9709ec7522b2023-02-07 15:14:41.346root 11241100x8000000000000000703639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d103bbe7e2d1c52023-02-07 15:14:41.346root 11241100x8000000000000000703638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c35808acca51e4b2023-02-07 15:14:41.346root 11241100x8000000000000000703637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846a5587a05eaedf2023-02-07 15:14:41.346root 11241100x8000000000000000703636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d74c624ba117e72023-02-07 15:14:41.346root 11241100x8000000000000000703635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3673c1ffc3e939f52023-02-07 15:14:41.346root 11241100x8000000000000000703634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b5d7b3fe46ef822023-02-07 15:14:41.346root 11241100x8000000000000000703633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d01fc55132cace2023-02-07 15:14:41.346root 11241100x8000000000000000703632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b66dee733812242023-02-07 15:14:41.346root 11241100x8000000000000000703649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b595df0b18f85c2023-02-07 15:14:41.347root 11241100x8000000000000000703648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9e4ff938e23ff02023-02-07 15:14:41.347root 11241100x8000000000000000703647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8995ff172341c7c72023-02-07 15:14:41.347root 11241100x8000000000000000703646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c0d749f7cd8e5f2023-02-07 15:14:41.347root 11241100x8000000000000000703645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112794d86d3dc7f62023-02-07 15:14:41.347root 11241100x8000000000000000703644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62804f61cd8de2792023-02-07 15:14:41.347root 11241100x8000000000000000703643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fcc88a636607462023-02-07 15:14:41.347root 11241100x8000000000000000703642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698a30e690429b342023-02-07 15:14:41.347root 11241100x8000000000000000703641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0604a769210d2a22023-02-07 15:14:41.347root 11241100x8000000000000000703663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69dd4e5952e23782023-02-07 15:14:41.846root 11241100x8000000000000000703662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f976a0ad600f771a2023-02-07 15:14:41.846root 11241100x8000000000000000703661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b80eb47871af8e32023-02-07 15:14:41.846root 11241100x8000000000000000703660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b0e6435a571dda2023-02-07 15:14:41.846root 11241100x8000000000000000703659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c483f43c02675fe2023-02-07 15:14:41.846root 11241100x8000000000000000703658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5632f6cab1f8a02023-02-07 15:14:41.846root 11241100x8000000000000000703657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59a85f3a6866b532023-02-07 15:14:41.846root 11241100x8000000000000000703656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316fa49542f659642023-02-07 15:14:41.846root 11241100x8000000000000000703655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b984f2fe520c9f52023-02-07 15:14:41.846root 11241100x8000000000000000703654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18414310b84cf42e2023-02-07 15:14:41.846root 11241100x8000000000000000703653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cb356da4924b7a2023-02-07 15:14:41.846root 11241100x8000000000000000703652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d71fc1f6849bf02023-02-07 15:14:41.846root 11241100x8000000000000000703651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729ec6cab451a6a22023-02-07 15:14:41.846root 11241100x8000000000000000703650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e8a3bbb2f379b22023-02-07 15:14:41.846root 11241100x8000000000000000703667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc46d8fbc18b48f82023-02-07 15:14:41.847root 11241100x8000000000000000703666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a418566d10602e12023-02-07 15:14:41.847root 11241100x8000000000000000703665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9ae932090fc6e62023-02-07 15:14:41.847root 11241100x8000000000000000703664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:41.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c391c05f98d8be2023-02-07 15:14:41.847root 11241100x8000000000000000703681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fd97103bce594c2023-02-07 15:14:42.346root 11241100x8000000000000000703680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e4967431d72a042023-02-07 15:14:42.346root 11241100x8000000000000000703679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a35049039a791552023-02-07 15:14:42.346root 11241100x8000000000000000703678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69edb37ddaa5ae902023-02-07 15:14:42.346root 11241100x8000000000000000703677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa73544d8a7e76d82023-02-07 15:14:42.346root 11241100x8000000000000000703676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5198d183daa9db12023-02-07 15:14:42.346root 11241100x8000000000000000703675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e82a7f0797e4162023-02-07 15:14:42.346root 11241100x8000000000000000703674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882131685c897922023-02-07 15:14:42.346root 11241100x8000000000000000703673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e716bec58d43b32023-02-07 15:14:42.346root 11241100x8000000000000000703672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1cb117d515eda22023-02-07 15:14:42.346root 11241100x8000000000000000703671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad64441277cb7902023-02-07 15:14:42.346root 11241100x8000000000000000703670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a974faadb8f7ba02023-02-07 15:14:42.346root 11241100x8000000000000000703669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16b0bc7ec4617312023-02-07 15:14:42.346root 11241100x8000000000000000703668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f84dcdac5a47ffa2023-02-07 15:14:42.346root 11241100x8000000000000000703685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3135a32e4f12212023-02-07 15:14:42.347root 11241100x8000000000000000703684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8215fe082d1ed2ad2023-02-07 15:14:42.347root 11241100x8000000000000000703683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232089071b42d5fd2023-02-07 15:14:42.347root 11241100x8000000000000000703682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bdc8cb20f6de352023-02-07 15:14:42.347root 11241100x8000000000000000703697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469bba8a02f951482023-02-07 15:14:42.846root 11241100x8000000000000000703696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64adf72bf18c37692023-02-07 15:14:42.846root 11241100x8000000000000000703695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c05c28ce5354dfa2023-02-07 15:14:42.846root 11241100x8000000000000000703694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206f92f30035ac6d2023-02-07 15:14:42.846root 11241100x8000000000000000703693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bd8e0b9831b1782023-02-07 15:14:42.846root 11241100x8000000000000000703692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cc978924c9a4052023-02-07 15:14:42.846root 11241100x8000000000000000703691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac92d75fd33d9fd32023-02-07 15:14:42.846root 11241100x8000000000000000703690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80c4432a7c7d8ff2023-02-07 15:14:42.846root 11241100x8000000000000000703689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2589ec94c8aa54812023-02-07 15:14:42.846root 11241100x8000000000000000703688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8310d907a0e73482023-02-07 15:14:42.846root 11241100x8000000000000000703687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34003242eaec48b2023-02-07 15:14:42.846root 11241100x8000000000000000703686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713db0fce13b4a4a2023-02-07 15:14:42.846root 11241100x8000000000000000703702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a083928e736a992023-02-07 15:14:42.847root 11241100x8000000000000000703701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c682f694198baa7b2023-02-07 15:14:42.847root 11241100x8000000000000000703700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51225b998a0f29112023-02-07 15:14:42.847root 11241100x8000000000000000703699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec4c3d374da7622023-02-07 15:14:42.847root 11241100x8000000000000000703698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f14d114db30b5662023-02-07 15:14:42.847root 11241100x8000000000000000703703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfeea574806e6c72023-02-07 15:14:42.848root 11241100x8000000000000000703708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1496be30e86ec7c32023-02-07 15:14:43.346root 11241100x8000000000000000703707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dce8416d9206482023-02-07 15:14:43.346root 11241100x8000000000000000703706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571111bcfaa3422b2023-02-07 15:14:43.346root 11241100x8000000000000000703705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fa094c48a5ab232023-02-07 15:14:43.346root 11241100x8000000000000000703704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81052d9a64b1d1042023-02-07 15:14:43.346root 11241100x8000000000000000703721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b7173b629683c72023-02-07 15:14:43.347root 11241100x8000000000000000703720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404da95cd2e28ac42023-02-07 15:14:43.347root 11241100x8000000000000000703719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326c26660624bda2023-02-07 15:14:43.347root 11241100x8000000000000000703718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e8a8b0f2b491382023-02-07 15:14:43.347root 11241100x8000000000000000703717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4d7fe8939a02142023-02-07 15:14:43.347root 11241100x8000000000000000703716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83ca6d8d6955bf82023-02-07 15:14:43.347root 11241100x8000000000000000703715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86463189a258e14f2023-02-07 15:14:43.347root 11241100x8000000000000000703714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8529eaea8bfe2c172023-02-07 15:14:43.347root 11241100x8000000000000000703713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a146456a6522132023-02-07 15:14:43.347root 11241100x8000000000000000703712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157c92f57dc043f32023-02-07 15:14:43.347root 11241100x8000000000000000703711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb110f7deb21fd662023-02-07 15:14:43.347root 11241100x8000000000000000703710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dbd48ff69e5a4e2023-02-07 15:14:43.347root 11241100x8000000000000000703709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0505e0f800dcb22023-02-07 15:14:43.347root 11241100x8000000000000000703734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d744a133f4427d2023-02-07 15:14:43.846root 11241100x8000000000000000703733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb9e2bd87aec2642023-02-07 15:14:43.846root 11241100x8000000000000000703732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d845f94cb6fba52023-02-07 15:14:43.846root 11241100x8000000000000000703731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d670c6f70b7ab2023-02-07 15:14:43.846root 11241100x8000000000000000703730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47322b5fff4f06232023-02-07 15:14:43.846root 11241100x8000000000000000703729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feed7152810f56e2023-02-07 15:14:43.846root 11241100x8000000000000000703728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ddedef62bb5da2023-02-07 15:14:43.846root 11241100x8000000000000000703727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d41ea29d74d3ef42023-02-07 15:14:43.846root 11241100x8000000000000000703726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c604233a6fe753a72023-02-07 15:14:43.846root 11241100x8000000000000000703725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05fd2656e6e18dd2023-02-07 15:14:43.846root 11241100x8000000000000000703724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de59ba161aae4f42023-02-07 15:14:43.846root 11241100x8000000000000000703723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de33fd22311267e52023-02-07 15:14:43.846root 11241100x8000000000000000703722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca27ffe462ef12bc2023-02-07 15:14:43.846root 11241100x8000000000000000703739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d2dbbe2e31df382023-02-07 15:14:43.847root 11241100x8000000000000000703738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1bd811b5a3371a2023-02-07 15:14:43.847root 11241100x8000000000000000703737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe2d2b15538fef72023-02-07 15:14:43.847root 11241100x8000000000000000703736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb19cf458f383742023-02-07 15:14:43.847root 11241100x8000000000000000703735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3edbad5a86f59b2023-02-07 15:14:43.847root 11241100x8000000000000000703753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241a4e27450cbd722023-02-07 15:14:44.346root 11241100x8000000000000000703752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bd60b6fcab0a122023-02-07 15:14:44.346root 11241100x8000000000000000703751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ea0f6173775d7b2023-02-07 15:14:44.346root 11241100x8000000000000000703750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1fc210d3bf3be32023-02-07 15:14:44.346root 11241100x8000000000000000703749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a417e362f6fa8fe2023-02-07 15:14:44.346root 11241100x8000000000000000703748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84ff013e0231f212023-02-07 15:14:44.346root 11241100x8000000000000000703747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a086245df708b72c2023-02-07 15:14:44.346root 11241100x8000000000000000703746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc65097d70019bc2023-02-07 15:14:44.346root 11241100x8000000000000000703745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f3324359570f342023-02-07 15:14:44.346root 11241100x8000000000000000703744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a430217bdd0a6e2023-02-07 15:14:44.346root 11241100x8000000000000000703743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ca69e95b92b5052023-02-07 15:14:44.346root 11241100x8000000000000000703742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9d500a5db160882023-02-07 15:14:44.346root 11241100x8000000000000000703741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc516567d7b420f2023-02-07 15:14:44.346root 11241100x8000000000000000703740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdecd1d9dcd016b2023-02-07 15:14:44.346root 11241100x8000000000000000703757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610e4546b731e0ce2023-02-07 15:14:44.347root 11241100x8000000000000000703756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40278a36c4b2aa302023-02-07 15:14:44.347root 11241100x8000000000000000703755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bdb76334e2e6002023-02-07 15:14:44.347root 11241100x8000000000000000703754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0add79d92b63d1b22023-02-07 15:14:44.347root 11241100x8000000000000000703771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6e3931909d64892023-02-07 15:14:44.846root 11241100x8000000000000000703770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84068eefb24214572023-02-07 15:14:44.846root 11241100x8000000000000000703769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580e8993ae5975062023-02-07 15:14:44.846root 11241100x8000000000000000703768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9d0fb2670223ae2023-02-07 15:14:44.846root 11241100x8000000000000000703767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad256728f15b6b02023-02-07 15:14:44.846root 11241100x8000000000000000703766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492279d709b86bf82023-02-07 15:14:44.846root 11241100x8000000000000000703765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7917bcfce7aeddcf2023-02-07 15:14:44.846root 11241100x8000000000000000703764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bced0dfac8e2792023-02-07 15:14:44.846root 11241100x8000000000000000703763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76425f70bfa8f7532023-02-07 15:14:44.846root 11241100x8000000000000000703762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038dfbf1803d24782023-02-07 15:14:44.846root 11241100x8000000000000000703761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a357cdf70c2bb742023-02-07 15:14:44.846root 11241100x8000000000000000703760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954fdd5e7b7e33972023-02-07 15:14:44.846root 11241100x8000000000000000703759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abad6a41bcf8d932023-02-07 15:14:44.846root 11241100x8000000000000000703758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd5e627e79fe3ff2023-02-07 15:14:44.846root 11241100x8000000000000000703775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0048e6cf23c015612023-02-07 15:14:44.847root 11241100x8000000000000000703774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea6ce0c79fcba942023-02-07 15:14:44.847root 11241100x8000000000000000703773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ad4115d63de44f2023-02-07 15:14:44.847root 11241100x8000000000000000703772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:44.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d415af997ef6a02023-02-07 15:14:44.847root 11241100x8000000000000000703782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be62acd291c79cd42023-02-07 15:14:45.346root 11241100x8000000000000000703781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692719b0ccdc6e552023-02-07 15:14:45.346root 11241100x8000000000000000703780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646884e53809b33a2023-02-07 15:14:45.346root 11241100x8000000000000000703779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45576694635280b42023-02-07 15:14:45.346root 11241100x8000000000000000703778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0f9aeb87337d712023-02-07 15:14:45.346root 11241100x8000000000000000703777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ad7477ae48ea5d2023-02-07 15:14:45.346root 11241100x8000000000000000703776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b80d480986b35b2023-02-07 15:14:45.346root 11241100x8000000000000000703793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d46b8546cf98142023-02-07 15:14:45.347root 11241100x8000000000000000703792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c772c38c60c49712023-02-07 15:14:45.347root 11241100x8000000000000000703791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf3f9cf5aee9c612023-02-07 15:14:45.347root 11241100x8000000000000000703790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7614e089265c39b22023-02-07 15:14:45.347root 11241100x8000000000000000703789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253642d0bc08b3e22023-02-07 15:14:45.347root 11241100x8000000000000000703788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fe489645361d4d2023-02-07 15:14:45.347root 11241100x8000000000000000703787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f93beb512fc51d2023-02-07 15:14:45.347root 11241100x8000000000000000703786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011cb44a675f272c2023-02-07 15:14:45.347root 11241100x8000000000000000703785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1245a4b3d029ec542023-02-07 15:14:45.347root 11241100x8000000000000000703784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5522d6d17ad1c72023-02-07 15:14:45.347root 11241100x8000000000000000703783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b49038327778062023-02-07 15:14:45.347root 11241100x8000000000000000703805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173a3da19b9277a82023-02-07 15:14:45.846root 11241100x8000000000000000703804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb67303056d1432023-02-07 15:14:45.846root 11241100x8000000000000000703803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4e4a0db89324b02023-02-07 15:14:45.846root 11241100x8000000000000000703802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c0f5523867b7d32023-02-07 15:14:45.846root 11241100x8000000000000000703801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd19c59716fb2bb92023-02-07 15:14:45.846root 11241100x8000000000000000703800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa4fb392014b37b2023-02-07 15:14:45.846root 11241100x8000000000000000703799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313701c09085fc402023-02-07 15:14:45.846root 11241100x8000000000000000703798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb93bfa3974ef0492023-02-07 15:14:45.846root 11241100x8000000000000000703797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8354543f29db0e6e2023-02-07 15:14:45.846root 11241100x8000000000000000703796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a6fc72a64d8d8c2023-02-07 15:14:45.846root 11241100x8000000000000000703795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98caa94ff472d8952023-02-07 15:14:45.846root 11241100x8000000000000000703794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84973f4d6f608a4f2023-02-07 15:14:45.846root 11241100x8000000000000000703810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71dd46933bcbd22023-02-07 15:14:45.847root 11241100x8000000000000000703809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bc9b99086d33ad2023-02-07 15:14:45.847root 11241100x8000000000000000703808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81b6028b0d14b632023-02-07 15:14:45.847root 11241100x8000000000000000703807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cf6a1951468bd52023-02-07 15:14:45.847root 11241100x8000000000000000703806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cd26e629d9bb2e2023-02-07 15:14:45.847root 11241100x8000000000000000703811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:45.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf621a9be44ef402023-02-07 15:14:45.849root 354300x8000000000000000703812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.249{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37956-false10.0.1.12-8000- 11241100x8000000000000000703824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce313cfc9125c9932023-02-07 15:14:46.250root 11241100x8000000000000000703823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2fd8db4229113a2023-02-07 15:14:46.250root 11241100x8000000000000000703822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bec7cffb6ce89a72023-02-07 15:14:46.250root 11241100x8000000000000000703821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af51755d8535cacd2023-02-07 15:14:46.250root 11241100x8000000000000000703820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c99c36beb4c1bf22023-02-07 15:14:46.250root 11241100x8000000000000000703819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1be2ded9e14c2022023-02-07 15:14:46.250root 11241100x8000000000000000703818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94fbbbe295d94f2023-02-07 15:14:46.250root 11241100x8000000000000000703817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757f870969ce32202023-02-07 15:14:46.250root 11241100x8000000000000000703816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b46dd5a721caf42023-02-07 15:14:46.250root 11241100x8000000000000000703815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7327cb25a7f1ef32023-02-07 15:14:46.250root 11241100x8000000000000000703814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68357e902aaae5fd2023-02-07 15:14:46.250root 11241100x8000000000000000703813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bfd346e3ef87ce2023-02-07 15:14:46.250root 11241100x8000000000000000703834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f880fc92a8ea45e92023-02-07 15:14:46.251root 11241100x8000000000000000703833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47ca7cb8cca66e12023-02-07 15:14:46.251root 11241100x8000000000000000703832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002fb712869e7c2e2023-02-07 15:14:46.251root 11241100x8000000000000000703831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2da5b0035b6b97f2023-02-07 15:14:46.251root 11241100x8000000000000000703830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e218da73750cc45b2023-02-07 15:14:46.251root 11241100x8000000000000000703829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65b48e1e22253b92023-02-07 15:14:46.251root 11241100x8000000000000000703828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46b50c7348852212023-02-07 15:14:46.251root 11241100x8000000000000000703827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b7072454a5be012023-02-07 15:14:46.251root 11241100x8000000000000000703826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c91bceb0700e97d2023-02-07 15:14:46.251root 11241100x8000000000000000703825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f112ba379044d12023-02-07 15:14:46.251root 11241100x8000000000000000703843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed792b871eee5fe02023-02-07 15:14:46.252root 11241100x8000000000000000703842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d7a3c508e3212d2023-02-07 15:14:46.252root 11241100x8000000000000000703841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac002cec1381da02023-02-07 15:14:46.252root 11241100x8000000000000000703840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c563586dc19840452023-02-07 15:14:46.252root 11241100x8000000000000000703839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a669902a437fe69b2023-02-07 15:14:46.252root 11241100x8000000000000000703838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ede0b88916355362023-02-07 15:14:46.252root 11241100x8000000000000000703837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c55e20e4664f0df2023-02-07 15:14:46.252root 11241100x8000000000000000703836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be567a9ce0e2ab12023-02-07 15:14:46.252root 11241100x8000000000000000703835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f001c9c8ce680e7b2023-02-07 15:14:46.252root 11241100x8000000000000000703846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ed8204152ebb02023-02-07 15:14:46.253root 11241100x8000000000000000703845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aa1653ecf00eaa2023-02-07 15:14:46.253root 11241100x8000000000000000703844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04df40e9d1df1932023-02-07 15:14:46.253root 11241100x8000000000000000703858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63849b1303f85b82023-02-07 15:14:46.254root 11241100x8000000000000000703857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8a30a6bdacff3b2023-02-07 15:14:46.254root 11241100x8000000000000000703856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c07cf261d2b2ee2023-02-07 15:14:46.254root 11241100x8000000000000000703855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cd057dd727b4c92023-02-07 15:14:46.254root 11241100x8000000000000000703854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e7ff9fc7c2b1212023-02-07 15:14:46.254root 11241100x8000000000000000703853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618fca895d0d1d712023-02-07 15:14:46.254root 11241100x8000000000000000703852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8687cafa86c92b92023-02-07 15:14:46.254root 11241100x8000000000000000703851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b351cb6328e1f22023-02-07 15:14:46.254root 11241100x8000000000000000703850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84c18b537bbc0312023-02-07 15:14:46.254root 11241100x8000000000000000703849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a6d9d0a922a7522023-02-07 15:14:46.254root 11241100x8000000000000000703848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4929fa33bfa750422023-02-07 15:14:46.254root 11241100x8000000000000000703847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55c763beb06a9a32023-02-07 15:14:46.254root 11241100x8000000000000000703865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589b061b84cae40a2023-02-07 15:14:46.597root 11241100x8000000000000000703864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da72e3833960cb82023-02-07 15:14:46.597root 11241100x8000000000000000703863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd45acafd263ab4f2023-02-07 15:14:46.597root 11241100x8000000000000000703862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36177d752b2476e02023-02-07 15:14:46.597root 11241100x8000000000000000703861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1973f9415d29e9a22023-02-07 15:14:46.597root 11241100x8000000000000000703860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336da68a25d325022023-02-07 15:14:46.597root 11241100x8000000000000000703859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9342c576e701fd2023-02-07 15:14:46.597root 11241100x8000000000000000703874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81a8114a3eb237c2023-02-07 15:14:46.598root 11241100x8000000000000000703873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378634e02f3248b2023-02-07 15:14:46.598root 11241100x8000000000000000703872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94087c7bcdc4c22023-02-07 15:14:46.598root 11241100x8000000000000000703871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586dce176e791c092023-02-07 15:14:46.598root 11241100x8000000000000000703870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5928ffaff9e3ab352023-02-07 15:14:46.598root 11241100x8000000000000000703869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46295a163a4046f72023-02-07 15:14:46.598root 11241100x8000000000000000703868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcadfb7ce861bcc92023-02-07 15:14:46.598root 11241100x8000000000000000703867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bea33cce3f92c5f2023-02-07 15:14:46.598root 11241100x8000000000000000703866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f382765aa4fa3bcd2023-02-07 15:14:46.598root 11241100x8000000000000000703877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e18aafe97b6a3212023-02-07 15:14:46.599root 11241100x8000000000000000703876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301efdae37f80ceb2023-02-07 15:14:46.599root 11241100x8000000000000000703875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:46.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e89722ef017aef2023-02-07 15:14:46.599root 11241100x8000000000000000703883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ce7ef59c9b9aaa2023-02-07 15:14:47.096root 11241100x8000000000000000703882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe7e12423466c572023-02-07 15:14:47.096root 11241100x8000000000000000703881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c373daabc22f20e2023-02-07 15:14:47.096root 11241100x8000000000000000703880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02754f5e5f6257302023-02-07 15:14:47.096root 11241100x8000000000000000703879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c42d2945fab3032023-02-07 15:14:47.096root 11241100x8000000000000000703878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de882b2e1c095b3b2023-02-07 15:14:47.096root 11241100x8000000000000000703895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c184c5f810b22fc2023-02-07 15:14:47.097root 11241100x8000000000000000703894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2fadfb7d8869862023-02-07 15:14:47.097root 11241100x8000000000000000703893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bbc19b244013e32023-02-07 15:14:47.097root 11241100x8000000000000000703892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01e3d87eb0794cb2023-02-07 15:14:47.097root 11241100x8000000000000000703891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367b731a873e9aa62023-02-07 15:14:47.097root 11241100x8000000000000000703890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6935bef53dbe3f1e2023-02-07 15:14:47.097root 11241100x8000000000000000703889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e419bc87c371b12023-02-07 15:14:47.097root 11241100x8000000000000000703888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e51c0c6ae08d53a2023-02-07 15:14:47.097root 11241100x8000000000000000703887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc723cd2e4b1fd2023-02-07 15:14:47.097root 11241100x8000000000000000703886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13a55df4a52bd442023-02-07 15:14:47.097root 11241100x8000000000000000703885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994f3f722cfc87b92023-02-07 15:14:47.097root 11241100x8000000000000000703884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0671720283464e362023-02-07 15:14:47.097root 11241100x8000000000000000703896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e638bbadf1ff72023-02-07 15:14:47.098root 11241100x8000000000000000703902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d941528578676c902023-02-07 15:14:47.595root 11241100x8000000000000000703901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd18d53f0f24cb3c2023-02-07 15:14:47.595root 11241100x8000000000000000703900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161ac17ad6c306202023-02-07 15:14:47.595root 11241100x8000000000000000703899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cb03faf9295e682023-02-07 15:14:47.595root 11241100x8000000000000000703898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a703f47a61f12cf2023-02-07 15:14:47.595root 11241100x8000000000000000703897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1ff3a7df83778e2023-02-07 15:14:47.595root 11241100x8000000000000000703913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d85e30a5e904012023-02-07 15:14:47.596root 11241100x8000000000000000703912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8294b9bffb5e47542023-02-07 15:14:47.596root 11241100x8000000000000000703911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e756da2e3c98b72023-02-07 15:14:47.596root 11241100x8000000000000000703910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e930fed8ba93e8132023-02-07 15:14:47.596root 11241100x8000000000000000703909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f39be971cc65892023-02-07 15:14:47.596root 11241100x8000000000000000703908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bc4c7d13e32da62023-02-07 15:14:47.596root 11241100x8000000000000000703907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcd81488cda194f2023-02-07 15:14:47.596root 11241100x8000000000000000703906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ed3167fc8ecdec2023-02-07 15:14:47.596root 11241100x8000000000000000703905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395131ff95264b3c2023-02-07 15:14:47.596root 11241100x8000000000000000703904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca829f4a03b90642023-02-07 15:14:47.596root 11241100x8000000000000000703903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7463a17ccfd35c0f2023-02-07 15:14:47.596root 11241100x8000000000000000703915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faeeba9d8d326682023-02-07 15:14:47.597root 11241100x8000000000000000703914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51e3245095638da2023-02-07 15:14:47.597root 11241100x8000000000000000703919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce726c2fe7121e0a2023-02-07 15:14:48.095root 11241100x8000000000000000703918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7801408e0987ab4a2023-02-07 15:14:48.095root 11241100x8000000000000000703917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2961cb485ab641a2023-02-07 15:14:48.095root 11241100x8000000000000000703916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aecc0c71925fd42023-02-07 15:14:48.095root 11241100x8000000000000000703929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03dbf205fa710662023-02-07 15:14:48.096root 11241100x8000000000000000703928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec1954c77333fdb2023-02-07 15:14:48.096root 11241100x8000000000000000703927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f20c9ab0f33cce2023-02-07 15:14:48.096root 11241100x8000000000000000703926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271667ae79d81fd82023-02-07 15:14:48.096root 11241100x8000000000000000703925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9db188193a1c1b2023-02-07 15:14:48.096root 11241100x8000000000000000703924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ddb6c7183dd7ed2023-02-07 15:14:48.096root 11241100x8000000000000000703923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7bf73ff21b34072023-02-07 15:14:48.096root 11241100x8000000000000000703922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d38859b7264326a2023-02-07 15:14:48.096root 11241100x8000000000000000703921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5af1af3b8a7075c2023-02-07 15:14:48.096root 11241100x8000000000000000703920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479cfbf7812026912023-02-07 15:14:48.096root 11241100x8000000000000000703934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fab4bc9d9b62dc82023-02-07 15:14:48.097root 11241100x8000000000000000703933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0e9182bbbdc7b42023-02-07 15:14:48.097root 11241100x8000000000000000703932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f920d7c0222fdf2023-02-07 15:14:48.097root 11241100x8000000000000000703931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7659110ca4459352023-02-07 15:14:48.097root 11241100x8000000000000000703930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401ae40c930222db2023-02-07 15:14:48.097root 11241100x8000000000000000703939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ab3a0e61e877c72023-02-07 15:14:48.595root 11241100x8000000000000000703938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0c955951073f362023-02-07 15:14:48.595root 11241100x8000000000000000703937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7a723731eac1322023-02-07 15:14:48.595root 11241100x8000000000000000703936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f263cf7f466aedca2023-02-07 15:14:48.595root 11241100x8000000000000000703935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb25f5c6f8aa4db82023-02-07 15:14:48.595root 11241100x8000000000000000703949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034d4c7d8f2f3a752023-02-07 15:14:48.596root 11241100x8000000000000000703948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fb26085c5120232023-02-07 15:14:48.596root 11241100x8000000000000000703947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9067cc839d6551482023-02-07 15:14:48.596root 11241100x8000000000000000703946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9d09aa07fae3362023-02-07 15:14:48.596root 11241100x8000000000000000703945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97feb4ea3c0a3c82023-02-07 15:14:48.596root 11241100x8000000000000000703944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21b94edab9767a42023-02-07 15:14:48.596root 11241100x8000000000000000703943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fdc9c6f4594a4d2023-02-07 15:14:48.596root 11241100x8000000000000000703942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc62ed74dac6234c2023-02-07 15:14:48.596root 11241100x8000000000000000703941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37636283040e098e2023-02-07 15:14:48.596root 11241100x8000000000000000703940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199705c1120b4b442023-02-07 15:14:48.596root 11241100x8000000000000000703953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77194f9c690c3b4d2023-02-07 15:14:48.597root 11241100x8000000000000000703952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aef4042ee8f49e32023-02-07 15:14:48.597root 11241100x8000000000000000703951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56f912003168f5e2023-02-07 15:14:48.597root 11241100x8000000000000000703950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3954fd905b36582023-02-07 15:14:48.597root 11241100x8000000000000000703955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89763848cdd7b8ec2023-02-07 15:14:49.095root 11241100x8000000000000000703954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05020414a92a1b562023-02-07 15:14:49.095root 11241100x8000000000000000703959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe2f99cb00fe1802023-02-07 15:14:49.096root 11241100x8000000000000000703958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb434a8518782062023-02-07 15:14:49.096root 11241100x8000000000000000703957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2393b33827f1562023-02-07 15:14:49.096root 11241100x8000000000000000703956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57cd0ea786331802023-02-07 15:14:49.096root 11241100x8000000000000000703962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8001b92e129befce2023-02-07 15:14:49.097root 11241100x8000000000000000703961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7242407aa014512023-02-07 15:14:49.097root 11241100x8000000000000000703960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fffd040268d558f2023-02-07 15:14:49.097root 11241100x8000000000000000703967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0ea3d348559bf62023-02-07 15:14:49.098root 11241100x8000000000000000703966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d3e5552fe92e6d2023-02-07 15:14:49.098root 11241100x8000000000000000703965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac74fa71cef55262023-02-07 15:14:49.098root 11241100x8000000000000000703964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc3310e660729d32023-02-07 15:14:49.098root 11241100x8000000000000000703963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e95d575ea50a7e02023-02-07 15:14:49.098root 11241100x8000000000000000703970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19ff02e99f73ac62023-02-07 15:14:49.099root 11241100x8000000000000000703969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daf04d540e6ab7b2023-02-07 15:14:49.099root 11241100x8000000000000000703968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a30086c8704371c2023-02-07 15:14:49.099root 11241100x8000000000000000703972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ad0a5b7d29dcad2023-02-07 15:14:49.100root 11241100x8000000000000000703971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477821597df5ead42023-02-07 15:14:49.100root 11241100x8000000000000000703974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733d01565d8502b92023-02-07 15:14:49.595root 11241100x8000000000000000703973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb572e796605392023-02-07 15:14:49.595root 11241100x8000000000000000703979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d15c27dd12cc862023-02-07 15:14:49.596root 11241100x8000000000000000703978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c97adcf614a9e202023-02-07 15:14:49.596root 11241100x8000000000000000703977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d53b0ff339fd7dd2023-02-07 15:14:49.596root 11241100x8000000000000000703976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9282ec676295e4332023-02-07 15:14:49.596root 11241100x8000000000000000703975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be81e778832982542023-02-07 15:14:49.596root 11241100x8000000000000000703985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8195e9fb3a08ebf62023-02-07 15:14:49.597root 11241100x8000000000000000703984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f834e67ee6eb42023-02-07 15:14:49.597root 11241100x8000000000000000703983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8455f8e7497fdb932023-02-07 15:14:49.597root 11241100x8000000000000000703982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba6b22e83ac0b092023-02-07 15:14:49.597root 11241100x8000000000000000703981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b783d707718157302023-02-07 15:14:49.597root 11241100x8000000000000000703980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326b388e3e6d30c2023-02-07 15:14:49.597root 11241100x8000000000000000703992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c78ec273bd2d522023-02-07 15:14:49.598root 11241100x8000000000000000703991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5babb1c5405539572023-02-07 15:14:49.598root 11241100x8000000000000000703990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa8da7396ca42f72023-02-07 15:14:49.598root 11241100x8000000000000000703989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb79a2bdb35e7412023-02-07 15:14:49.598root 11241100x8000000000000000703988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65478bb716999122023-02-07 15:14:49.598root 11241100x8000000000000000703987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b54efd5a270f0362023-02-07 15:14:49.598root 11241100x8000000000000000703986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed46b68e0ef3c82d2023-02-07 15:14:49.598root 11241100x8000000000000000703998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159b1b67b4b9c6f12023-02-07 15:14:50.095root 11241100x8000000000000000703997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6caef0611cf8ab32023-02-07 15:14:50.095root 11241100x8000000000000000703996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96bfc036cf36e352023-02-07 15:14:50.095root 11241100x8000000000000000703995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bc2c6a5536fcff2023-02-07 15:14:50.095root 11241100x8000000000000000703994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a499b8a442bbfedd2023-02-07 15:14:50.095root 11241100x8000000000000000703993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f080ee9a29ff79712023-02-07 15:14:50.095root 11241100x8000000000000000704002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73670539fad8f8392023-02-07 15:14:50.096root 11241100x8000000000000000704001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2fc6093f626d272023-02-07 15:14:50.096root 11241100x8000000000000000704000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793bc7ae309bd8322023-02-07 15:14:50.096root 11241100x8000000000000000703999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc20887a7c545b2023-02-07 15:14:50.096root 11241100x8000000000000000704006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd70e01955f519e2023-02-07 15:14:50.097root 11241100x8000000000000000704005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8a2f3c9ee4d9302023-02-07 15:14:50.097root 11241100x8000000000000000704004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9614951e4da9fa2023-02-07 15:14:50.097root 11241100x8000000000000000704003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d4dd539ecc57b22023-02-07 15:14:50.097root 11241100x8000000000000000704010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6929979a936e3e72023-02-07 15:14:50.098root 11241100x8000000000000000704009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f04c5d1340fc3b72023-02-07 15:14:50.098root 11241100x8000000000000000704008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f5831e272cee92023-02-07 15:14:50.098root 11241100x8000000000000000704007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09248560a79998582023-02-07 15:14:50.098root 11241100x8000000000000000704011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e169b3b90e2da262023-02-07 15:14:50.099root 11241100x8000000000000000704013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f166c8096e03b4d2023-02-07 15:14:50.595root 11241100x8000000000000000704012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2130d94b56954b702023-02-07 15:14:50.595root 11241100x8000000000000000704017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0bc56334c7d47f2023-02-07 15:14:50.596root 11241100x8000000000000000704016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0223e79aa8d15ea32023-02-07 15:14:50.596root 11241100x8000000000000000704015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e108472d9431e72023-02-07 15:14:50.596root 11241100x8000000000000000704014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6437a2add882e5102023-02-07 15:14:50.596root 11241100x8000000000000000704022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1241fd44f67834b2023-02-07 15:14:50.597root 11241100x8000000000000000704021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf9ddd247d986852023-02-07 15:14:50.597root 11241100x8000000000000000704020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee0f2e080aa0adc2023-02-07 15:14:50.597root 11241100x8000000000000000704019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edea600de9122a2d2023-02-07 15:14:50.597root 11241100x8000000000000000704018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7693585833de4062023-02-07 15:14:50.597root 11241100x8000000000000000704027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dd5bb044b9906a2023-02-07 15:14:50.598root 11241100x8000000000000000704026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f31e37732848392023-02-07 15:14:50.598root 11241100x8000000000000000704025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665c7e3281329822023-02-07 15:14:50.598root 11241100x8000000000000000704024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1fe9cc3a4ee1b2023-02-07 15:14:50.598root 11241100x8000000000000000704023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cf71fe928202d22023-02-07 15:14:50.598root 11241100x8000000000000000704031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c469463a8373ed2023-02-07 15:14:50.599root 11241100x8000000000000000704030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a33314bb4dc54232023-02-07 15:14:50.599root 11241100x8000000000000000704029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72641476eed68902023-02-07 15:14:50.599root 11241100x8000000000000000704028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:50.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0e7c0b641bb5dc2023-02-07 15:14:50.599root 11241100x8000000000000000704037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d016496eab9c1382023-02-07 15:14:51.095root 11241100x8000000000000000704036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf269c989b77832023-02-07 15:14:51.095root 11241100x8000000000000000704035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df03889fbedf77762023-02-07 15:14:51.095root 11241100x8000000000000000704034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1f6f34ff0717842023-02-07 15:14:51.095root 11241100x8000000000000000704033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e287b09cf2c7b1e72023-02-07 15:14:51.095root 11241100x8000000000000000704032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57dff79883879c72023-02-07 15:14:51.095root 11241100x8000000000000000704042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4704a3991f1a54212023-02-07 15:14:51.096root 11241100x8000000000000000704041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6f060db6700fb32023-02-07 15:14:51.096root 11241100x8000000000000000704040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18616216e1952a62023-02-07 15:14:51.096root 11241100x8000000000000000704039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1623b40294728d052023-02-07 15:14:51.096root 11241100x8000000000000000704038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a62349f1d70612023-02-07 15:14:51.096root 11241100x8000000000000000704046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064f4f25f11687852023-02-07 15:14:51.097root 11241100x8000000000000000704045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106eb86ef03fa6df2023-02-07 15:14:51.097root 11241100x8000000000000000704044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a2b3f65116e872023-02-07 15:14:51.097root 11241100x8000000000000000704043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ff06d604344ab32023-02-07 15:14:51.097root 11241100x8000000000000000704050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90f5a738f0815bd2023-02-07 15:14:51.098root 11241100x8000000000000000704049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69801edbc852add2023-02-07 15:14:51.098root 11241100x8000000000000000704048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f214afc870c7b4da2023-02-07 15:14:51.098root 11241100x8000000000000000704047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e04e8d60b163d52023-02-07 15:14:51.098root 11241100x8000000000000000704052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d8993f991af6142023-02-07 15:14:51.595root 11241100x8000000000000000704051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0036c507fe5cd242023-02-07 15:14:51.595root 11241100x8000000000000000704056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60214dfc4f6b037f2023-02-07 15:14:51.596root 11241100x8000000000000000704055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920b5edb4260b9132023-02-07 15:14:51.596root 11241100x8000000000000000704054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de362fdf38a55bf22023-02-07 15:14:51.596root 11241100x8000000000000000704053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5323697386cf73322023-02-07 15:14:51.596root 11241100x8000000000000000704059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56f723f97033c272023-02-07 15:14:51.597root 11241100x8000000000000000704058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97125eee4fc96fdb2023-02-07 15:14:51.597root 11241100x8000000000000000704057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d318024aa68f1bf2023-02-07 15:14:51.597root 11241100x8000000000000000704064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40d0cc3652920f32023-02-07 15:14:51.598root 11241100x8000000000000000704063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66625db5c1f1f9a72023-02-07 15:14:51.598root 11241100x8000000000000000704062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6a768c161baded2023-02-07 15:14:51.598root 11241100x8000000000000000704061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c59300a57f60182023-02-07 15:14:51.598root 11241100x8000000000000000704060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941e7d211febe9f32023-02-07 15:14:51.598root 11241100x8000000000000000704065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc27c7a12f408ff02023-02-07 15:14:51.599root 11241100x8000000000000000704068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03c17d725c77b1d2023-02-07 15:14:51.600root 11241100x8000000000000000704067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c366467b2e517cd2023-02-07 15:14:51.600root 11241100x8000000000000000704066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b986333b826f9a592023-02-07 15:14:51.600root 11241100x8000000000000000704069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:51.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734473601fa430742023-02-07 15:14:51.601root 11241100x8000000000000000704071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.043{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68321294e37c271c2023-02-07 15:14:52.043root 354300x8000000000000000704070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.043{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37960-false10.0.1.12-8000- 11241100x8000000000000000704084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e1398168c5a4e12023-02-07 15:14:52.044root 11241100x8000000000000000704083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6250d70811fddfd22023-02-07 15:14:52.044root 11241100x8000000000000000704082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4c4cd023c987892023-02-07 15:14:52.044root 11241100x8000000000000000704081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706bb2d45fa241922023-02-07 15:14:52.044root 11241100x8000000000000000704080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f723a82155a78e302023-02-07 15:14:52.044root 11241100x8000000000000000704079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212e6c26bfb3cebc2023-02-07 15:14:52.044root 11241100x8000000000000000704078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c25c8d8961058e62023-02-07 15:14:52.044root 11241100x8000000000000000704077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c551775a535bdcf02023-02-07 15:14:52.044root 11241100x8000000000000000704076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae46b7ddb53343c22023-02-07 15:14:52.044root 11241100x8000000000000000704075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731e9b1ef082e63d2023-02-07 15:14:52.044root 11241100x8000000000000000704074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdbfcee8cd9e4e52023-02-07 15:14:52.044root 11241100x8000000000000000704073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58125a013d8dc1112023-02-07 15:14:52.044root 11241100x8000000000000000704072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53ff8e1a4eb871b2023-02-07 15:14:52.044root 11241100x8000000000000000704090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf87d6504404a582023-02-07 15:14:52.045root 11241100x8000000000000000704089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72027f5b6e7488522023-02-07 15:14:52.045root 11241100x8000000000000000704088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d67ad85bb7cd252023-02-07 15:14:52.045root 11241100x8000000000000000704087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968a3172d6e6de882023-02-07 15:14:52.045root 11241100x8000000000000000704086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d7de2234cff402023-02-07 15:14:52.045root 11241100x8000000000000000704085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9361f135781d89352023-02-07 15:14:52.045root 11241100x8000000000000000704095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2556496730ebab1d2023-02-07 15:14:52.346root 11241100x8000000000000000704094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368ffef86632555f2023-02-07 15:14:52.346root 11241100x8000000000000000704093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274505455daffa442023-02-07 15:14:52.346root 11241100x8000000000000000704092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167b5a9b6cc6fb422023-02-07 15:14:52.346root 11241100x8000000000000000704091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b67e8cd1a5de91a2023-02-07 15:14:52.346root 11241100x8000000000000000704101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed765f56685486962023-02-07 15:14:52.347root 11241100x8000000000000000704100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801209e98ae70a832023-02-07 15:14:52.347root 11241100x8000000000000000704099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eb71c6ec8f1c3f2023-02-07 15:14:52.347root 11241100x8000000000000000704098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509784d189c961172023-02-07 15:14:52.347root 11241100x8000000000000000704097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e2bfad7a038f3a2023-02-07 15:14:52.347root 11241100x8000000000000000704096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998422df428a489c2023-02-07 15:14:52.347root 11241100x8000000000000000704107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d614c6dfc0b6f7d2023-02-07 15:14:52.348root 11241100x8000000000000000704106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2abdf3b9038a1512023-02-07 15:14:52.348root 11241100x8000000000000000704105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d8f55ceaa161462023-02-07 15:14:52.348root 11241100x8000000000000000704104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75facf3caf3307d02023-02-07 15:14:52.348root 11241100x8000000000000000704103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553df02fffecab4f2023-02-07 15:14:52.348root 11241100x8000000000000000704102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c162bd093498c2023-02-07 15:14:52.348root 11241100x8000000000000000704110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e71c101cd9ecf72023-02-07 15:14:52.349root 11241100x8000000000000000704109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b43f1cdde931e2023-02-07 15:14:52.349root 11241100x8000000000000000704108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576c85550e1c3f142023-02-07 15:14:52.349root 11241100x8000000000000000704114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882edd1a096880172023-02-07 15:14:52.846root 11241100x8000000000000000704113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762fe9262437f4702023-02-07 15:14:52.846root 11241100x8000000000000000704112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db54d8f6e6cc54192023-02-07 15:14:52.846root 11241100x8000000000000000704111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f4505541985de02023-02-07 15:14:52.846root 11241100x8000000000000000704119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890167341e46f2ba2023-02-07 15:14:52.847root 11241100x8000000000000000704118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e1aed6af5967a42023-02-07 15:14:52.847root 11241100x8000000000000000704117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e16d8d4fca2f7e32023-02-07 15:14:52.847root 11241100x8000000000000000704116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48226c7d571f40772023-02-07 15:14:52.847root 11241100x8000000000000000704115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6e4799dd934abd2023-02-07 15:14:52.847root 11241100x8000000000000000704126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff46d91578484a52023-02-07 15:14:52.848root 11241100x8000000000000000704125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aab090f2a95f0a2023-02-07 15:14:52.848root 11241100x8000000000000000704124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31f1c8eef7341c12023-02-07 15:14:52.848root 11241100x8000000000000000704123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ddc8b230fa194f2023-02-07 15:14:52.848root 11241100x8000000000000000704122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7588a56b407b3332023-02-07 15:14:52.848root 11241100x8000000000000000704121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed0b64fd3b23902023-02-07 15:14:52.848root 11241100x8000000000000000704120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a35313aee22106d2023-02-07 15:14:52.848root 11241100x8000000000000000704129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebddb75375a74042023-02-07 15:14:52.849root 11241100x8000000000000000704128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a895a5bbaa42db32023-02-07 15:14:52.849root 11241100x8000000000000000704127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a404f873469abfd22023-02-07 15:14:52.849root 11241100x8000000000000000704130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:52.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abad997ae292ad0f2023-02-07 15:14:52.850root 154100x8000000000000000704131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.221{ec244aba-6aed-63e2-6864-fb127d550000}6107/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 11241100x8000000000000000704132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.223{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0c446941293cb82023-02-07 15:14:53.223root 11241100x8000000000000000704137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.224{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b859fa5c93dcf462023-02-07 15:14:53.224root 11241100x8000000000000000704136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.224{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740c7b25da9eb9bf2023-02-07 15:14:53.224root 11241100x8000000000000000704135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.224{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b396cb10bdbc7efc2023-02-07 15:14:53.224root 11241100x8000000000000000704134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.224{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeed4a212b703ca62023-02-07 15:14:53.224root 11241100x8000000000000000704133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.224{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e1f0862b64eb702023-02-07 15:14:53.224root 11241100x8000000000000000704140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.225{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2350f70a53fbe40c2023-02-07 15:14:53.225root 11241100x8000000000000000704139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.225{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63548ea18c7947b42023-02-07 15:14:53.225root 11241100x8000000000000000704138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.225{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36073710d7e445812023-02-07 15:14:53.225root 11241100x8000000000000000704143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.226{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e8676a243b6172023-02-07 15:14:53.226root 11241100x8000000000000000704142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.226{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10ceb2d5a63a0d12023-02-07 15:14:53.226root 11241100x8000000000000000704141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.226{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21863f0f9a39a852023-02-07 15:14:53.226root 11241100x8000000000000000704149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.227{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf4cc91ddab3dd72023-02-07 15:14:53.227root 11241100x8000000000000000704148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.227{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793594aea828734d2023-02-07 15:14:53.227root 11241100x8000000000000000704147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.227{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06486bdb4041ff12023-02-07 15:14:53.227root 11241100x8000000000000000704146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.227{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b283e938d8b0957e2023-02-07 15:14:53.227root 11241100x8000000000000000704145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.227{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f21f5ce2d9b2ca22023-02-07 15:14:53.227root 11241100x8000000000000000704144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.227{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae712abcf3830392023-02-07 15:14:53.227root 11241100x8000000000000000704152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.228{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbe5346db731d432023-02-07 15:14:53.228root 11241100x8000000000000000704151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.228{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bb4ad2c5ef9cba2023-02-07 15:14:53.228root 11241100x8000000000000000704150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.228{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1906bde1f00f7b2023-02-07 15:14:53.228root 534500x8000000000000000704153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.233{ec244aba-6aed-63e2-6864-fb127d550000}6107/bin/psroot 11241100x8000000000000000704154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cbaf28635982542023-02-07 15:14:53.595root 11241100x8000000000000000704159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3c0db8cfee97fd2023-02-07 15:14:53.596root 11241100x8000000000000000704158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c4d6c827e078d12023-02-07 15:14:53.596root 11241100x8000000000000000704157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1da70d6132b3a552023-02-07 15:14:53.596root 11241100x8000000000000000704156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dec2996239d6c52023-02-07 15:14:53.596root 11241100x8000000000000000704155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7451f7ccfc55572023-02-07 15:14:53.596root 11241100x8000000000000000704169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c87981f3d2d792023-02-07 15:14:53.597root 11241100x8000000000000000704168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d038c4bebac640f2023-02-07 15:14:53.597root 11241100x8000000000000000704167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38d70e6b7cfadf52023-02-07 15:14:53.597root 11241100x8000000000000000704166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d270882175e69b512023-02-07 15:14:53.597root 11241100x8000000000000000704165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e2b9a5b55683842023-02-07 15:14:53.597root 11241100x8000000000000000704164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbdf10ea0d6e462023-02-07 15:14:53.597root 11241100x8000000000000000704163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee636396e05b1e12023-02-07 15:14:53.597root 11241100x8000000000000000704162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e681669290119f2023-02-07 15:14:53.597root 11241100x8000000000000000704161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80d1417e57106cf2023-02-07 15:14:53.597root 11241100x8000000000000000704160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b215fe94f20f4dce2023-02-07 15:14:53.597root 11241100x8000000000000000704175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dea2e3efa9a85602023-02-07 15:14:53.598root 11241100x8000000000000000704174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c353c2c7b65e632023-02-07 15:14:53.598root 11241100x8000000000000000704173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1658700138c5df9d2023-02-07 15:14:53.598root 11241100x8000000000000000704172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a448383868d4af82023-02-07 15:14:53.598root 11241100x8000000000000000704171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd22cb79d259c4dc2023-02-07 15:14:53.598root 11241100x8000000000000000704170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:53.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17571953c902702023-02-07 15:14:53.598root 11241100x8000000000000000704182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b813bafbcfe7859d2023-02-07 15:14:54.095root 11241100x8000000000000000704181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d379a3d444410d0a2023-02-07 15:14:54.095root 11241100x8000000000000000704180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88a2726a13518952023-02-07 15:14:54.095root 11241100x8000000000000000704179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76884aa1e2f7c102023-02-07 15:14:54.095root 11241100x8000000000000000704178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11625e90bb96d9e62023-02-07 15:14:54.095root 11241100x8000000000000000704177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0a90ede8a0a98e2023-02-07 15:14:54.095root 11241100x8000000000000000704176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b194eb4215bbba842023-02-07 15:14:54.095root 11241100x8000000000000000704197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c40174b0f69cab2023-02-07 15:14:54.096root 11241100x8000000000000000704196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7817f08e2881be3c2023-02-07 15:14:54.096root 11241100x8000000000000000704195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a567ebaf599ffc022023-02-07 15:14:54.096root 11241100x8000000000000000704194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a76cc502acb0c82023-02-07 15:14:54.096root 11241100x8000000000000000704193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b158c707d9ef2242023-02-07 15:14:54.096root 11241100x8000000000000000704192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326cf86a91f635852023-02-07 15:14:54.096root 11241100x8000000000000000704191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe87b52a82bbf972023-02-07 15:14:54.096root 11241100x8000000000000000704190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06c29e7b60bb342023-02-07 15:14:54.096root 11241100x8000000000000000704189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f9528e1fb595a72023-02-07 15:14:54.096root 11241100x8000000000000000704188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c0ba43d792ad4d2023-02-07 15:14:54.096root 11241100x8000000000000000704187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309932b7f2eba7c72023-02-07 15:14:54.096root 11241100x8000000000000000704186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b70da38ba056ab82023-02-07 15:14:54.096root 11241100x8000000000000000704185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1919ffbaa0162c2023-02-07 15:14:54.096root 11241100x8000000000000000704184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ead1a797d25ea52023-02-07 15:14:54.096root 11241100x8000000000000000704183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6290f6c6ba1a095b2023-02-07 15:14:54.096root 11241100x8000000000000000704203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895163e72d6a8dd82023-02-07 15:14:54.595root 11241100x8000000000000000704202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa4c89170d004922023-02-07 15:14:54.595root 11241100x8000000000000000704201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76186be18a283ca2023-02-07 15:14:54.595root 11241100x8000000000000000704200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49dd34eec02e6282023-02-07 15:14:54.595root 11241100x8000000000000000704199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17c92ab167485e22023-02-07 15:14:54.595root 11241100x8000000000000000704198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aee164c9acbc7b2023-02-07 15:14:54.595root 11241100x8000000000000000704213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ede61b7bd13ee2023-02-07 15:14:54.596root 11241100x8000000000000000704212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c44d731ddd3370a2023-02-07 15:14:54.596root 11241100x8000000000000000704211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fde4b52daf9f4422023-02-07 15:14:54.596root 11241100x8000000000000000704210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd673332fb05e022023-02-07 15:14:54.596root 11241100x8000000000000000704209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5add0fe4eb17f22023-02-07 15:14:54.596root 11241100x8000000000000000704208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78576289b46c2ce02023-02-07 15:14:54.596root 11241100x8000000000000000704207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad8acdc18814ec72023-02-07 15:14:54.596root 11241100x8000000000000000704206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a7d17628344722023-02-07 15:14:54.596root 11241100x8000000000000000704205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b8bb56992d3ed2023-02-07 15:14:54.596root 11241100x8000000000000000704204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41911e4d1e7dddbd2023-02-07 15:14:54.596root 11241100x8000000000000000704219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0047471bde111d2023-02-07 15:14:54.597root 11241100x8000000000000000704218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15a8654d916f9092023-02-07 15:14:54.597root 11241100x8000000000000000704217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3cde138486bf5c2023-02-07 15:14:54.597root 11241100x8000000000000000704216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295c489841b0c22c2023-02-07 15:14:54.597root 11241100x8000000000000000704215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e65021ddf131082023-02-07 15:14:54.597root 11241100x8000000000000000704214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68309a550f15de372023-02-07 15:14:54.597root 11241100x8000000000000000704220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:54.730{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:14:54.730root 11241100x8000000000000000704223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2fa8267ce3732d2023-02-07 15:14:55.095root 11241100x8000000000000000704222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84c7b44ce2b4ee82023-02-07 15:14:55.095root 11241100x8000000000000000704221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5a19c105d14a6d2023-02-07 15:14:55.095root 11241100x8000000000000000704231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36695ac97138ec12023-02-07 15:14:55.096root 11241100x8000000000000000704230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9de96286d3767c92023-02-07 15:14:55.096root 11241100x8000000000000000704229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b27ed12d8504bb32023-02-07 15:14:55.096root 11241100x8000000000000000704228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d12d124920b3332023-02-07 15:14:55.096root 11241100x8000000000000000704227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbecfeb3d7a8198c2023-02-07 15:14:55.096root 11241100x8000000000000000704226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1cb6e2c7b786232023-02-07 15:14:55.096root 11241100x8000000000000000704225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9096e7a4586770cd2023-02-07 15:14:55.096root 11241100x8000000000000000704224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c169f868f4356d22023-02-07 15:14:55.096root 11241100x8000000000000000704240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf46b03408e8237c2023-02-07 15:14:55.097root 11241100x8000000000000000704239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fdb061908066582023-02-07 15:14:55.097root 11241100x8000000000000000704238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0062271d2f6891f12023-02-07 15:14:55.097root 11241100x8000000000000000704237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ab9d77bcdd354d2023-02-07 15:14:55.097root 11241100x8000000000000000704236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84286dfc81d9a4fe2023-02-07 15:14:55.097root 11241100x8000000000000000704235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4b46f7b570dab42023-02-07 15:14:55.097root 11241100x8000000000000000704234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1127e2583f7123392023-02-07 15:14:55.097root 11241100x8000000000000000704233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b9efecd7adc77a2023-02-07 15:14:55.097root 11241100x8000000000000000704232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc88f337d563dd4f2023-02-07 15:14:55.097root 11241100x8000000000000000704247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc070a130ed7c112023-02-07 15:14:55.098root 11241100x8000000000000000704246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e685dfc3adc10152023-02-07 15:14:55.098root 11241100x8000000000000000704245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f581827178cf662023-02-07 15:14:55.098root 11241100x8000000000000000704244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6699f5085d86c6032023-02-07 15:14:55.098root 11241100x8000000000000000704243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6c464ad4a6b2762023-02-07 15:14:55.098root 11241100x8000000000000000704242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5b24fc8f0aa2aa2023-02-07 15:14:55.098root 11241100x8000000000000000704241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ee22021e3cf14f2023-02-07 15:14:55.098root 11241100x8000000000000000704252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bb0975dcfeb4982023-02-07 15:14:55.595root 11241100x8000000000000000704251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c32f266cfa8d52023-02-07 15:14:55.595root 11241100x8000000000000000704250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd151d5c87f9e8eb2023-02-07 15:14:55.595root 11241100x8000000000000000704249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d50b6d8549fa492023-02-07 15:14:55.595root 11241100x8000000000000000704248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc2bd57b6a3bf0c2023-02-07 15:14:55.595root 11241100x8000000000000000704262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fe9daa92127b302023-02-07 15:14:55.596root 11241100x8000000000000000704261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213068c4bce1c2ce2023-02-07 15:14:55.596root 11241100x8000000000000000704260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086405b5eb59939e2023-02-07 15:14:55.596root 11241100x8000000000000000704259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d98a3d08722ffb92023-02-07 15:14:55.596root 11241100x8000000000000000704258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8489e42f746cf77f2023-02-07 15:14:55.596root 11241100x8000000000000000704257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b713b4d3401eb9f12023-02-07 15:14:55.596root 11241100x8000000000000000704256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c0e49c0555a2342023-02-07 15:14:55.596root 11241100x8000000000000000704255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e20fcec0b4083a02023-02-07 15:14:55.596root 11241100x8000000000000000704254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc614344055bb082023-02-07 15:14:55.596root 11241100x8000000000000000704253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d18766b60587ab92023-02-07 15:14:55.596root 11241100x8000000000000000704269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcaf081571ae0bc2023-02-07 15:14:55.597root 11241100x8000000000000000704268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0c26c22cfc56572023-02-07 15:14:55.597root 11241100x8000000000000000704267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06562243a3abdb912023-02-07 15:14:55.597root 11241100x8000000000000000704266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1495a8b6afbb0c2d2023-02-07 15:14:55.597root 11241100x8000000000000000704265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60647e2f5bbe85532023-02-07 15:14:55.597root 11241100x8000000000000000704264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6b730f7b855aab2023-02-07 15:14:55.597root 11241100x8000000000000000704263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c1142efafd83ad2023-02-07 15:14:55.597root 11241100x8000000000000000704274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80dd81ba3f5c6952023-02-07 15:14:55.598root 11241100x8000000000000000704273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382ce309602aa3c22023-02-07 15:14:55.598root 11241100x8000000000000000704272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8306342eba34352023-02-07 15:14:55.598root 11241100x8000000000000000704271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7945ce779da8f50c2023-02-07 15:14:55.598root 11241100x8000000000000000704270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b233527fc56204342023-02-07 15:14:55.598root 11241100x8000000000000000704278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24692266ad7c2e9f2023-02-07 15:14:56.095root 11241100x8000000000000000704277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87af84e73694d4bb2023-02-07 15:14:56.095root 11241100x8000000000000000704276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb57672af0fc9a932023-02-07 15:14:56.095root 11241100x8000000000000000704275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689fb379724362d72023-02-07 15:14:56.095root 11241100x8000000000000000704287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e56a240a2624ed2023-02-07 15:14:56.096root 11241100x8000000000000000704286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75360568e4988fcf2023-02-07 15:14:56.096root 11241100x8000000000000000704285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9119fa8fff084c02023-02-07 15:14:56.096root 11241100x8000000000000000704284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fd1929ccd6bc4f2023-02-07 15:14:56.096root 11241100x8000000000000000704283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf562c72acf40f92023-02-07 15:14:56.096root 11241100x8000000000000000704282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7fca8f529547e02023-02-07 15:14:56.096root 11241100x8000000000000000704281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16ca84161c372cd2023-02-07 15:14:56.096root 11241100x8000000000000000704280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ed838fe1fe6662023-02-07 15:14:56.096root 11241100x8000000000000000704279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4bd28dbfbfe4f52023-02-07 15:14:56.096root 11241100x8000000000000000704298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b932e4600ebc51d2023-02-07 15:14:56.097root 11241100x8000000000000000704297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2089b3697625060a2023-02-07 15:14:56.097root 11241100x8000000000000000704296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d16be46176359002023-02-07 15:14:56.097root 11241100x8000000000000000704295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e802350fc128f3972023-02-07 15:14:56.097root 11241100x8000000000000000704294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4099bde1df67dd4c2023-02-07 15:14:56.097root 11241100x8000000000000000704293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566181e84d2b73232023-02-07 15:14:56.097root 11241100x8000000000000000704292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b9adb2c75a9ff62023-02-07 15:14:56.097root 11241100x8000000000000000704291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd79b910b9bde06e2023-02-07 15:14:56.097root 11241100x8000000000000000704290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2715f6f2694d2c442023-02-07 15:14:56.097root 11241100x8000000000000000704289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b59cc9315419a82023-02-07 15:14:56.097root 11241100x8000000000000000704288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7bf691cc6854182023-02-07 15:14:56.097root 11241100x8000000000000000704302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93b5a6f3d143c412023-02-07 15:14:56.098root 11241100x8000000000000000704301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f221e9d9867432222023-02-07 15:14:56.098root 11241100x8000000000000000704300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780471bf56143ab62023-02-07 15:14:56.098root 11241100x8000000000000000704299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae894a7791270a312023-02-07 15:14:56.098root 11241100x8000000000000000704303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f590b9ff3d4e432023-02-07 15:14:56.099root 11241100x8000000000000000704308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9394f61c0d049822023-02-07 15:14:56.595root 11241100x8000000000000000704307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfc21053bb7c2332023-02-07 15:14:56.595root 11241100x8000000000000000704306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d343f53f28a2c2352023-02-07 15:14:56.595root 11241100x8000000000000000704305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217bfb00c955b6112023-02-07 15:14:56.595root 11241100x8000000000000000704304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4606b58f943243d12023-02-07 15:14:56.595root 11241100x8000000000000000704316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eda91864abce362023-02-07 15:14:56.596root 11241100x8000000000000000704315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34275f18e30b7752023-02-07 15:14:56.596root 11241100x8000000000000000704314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f056f2ece352a22023-02-07 15:14:56.596root 11241100x8000000000000000704313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1bb3315fd7a5532023-02-07 15:14:56.596root 11241100x8000000000000000704312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e6d2fff23065eb2023-02-07 15:14:56.596root 11241100x8000000000000000704311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d784cf6fcb9c5a202023-02-07 15:14:56.596root 11241100x8000000000000000704310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c790d98858985a852023-02-07 15:14:56.596root 11241100x8000000000000000704309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b13fc3f6300b19e2023-02-07 15:14:56.596root 11241100x8000000000000000704320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebec7a3a11172ab2023-02-07 15:14:56.597root 11241100x8000000000000000704319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d4d7d6e9e59ad12023-02-07 15:14:56.597root 11241100x8000000000000000704318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649541de07007cfe2023-02-07 15:14:56.597root 11241100x8000000000000000704317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b89cfceaeeec342023-02-07 15:14:56.597root 11241100x8000000000000000704325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889ede81cbb6b2b22023-02-07 15:14:56.598root 11241100x8000000000000000704324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765d596a4a1469a2023-02-07 15:14:56.598root 11241100x8000000000000000704323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c481d1baaac1bef2023-02-07 15:14:56.598root 11241100x8000000000000000704322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c2e8d058e189a2023-02-07 15:14:56.598root 11241100x8000000000000000704321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca308df3812db52023-02-07 15:14:56.598root 11241100x8000000000000000704329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e5a7e93868002a2023-02-07 15:14:56.599root 11241100x8000000000000000704328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc1c884a7f0daa2023-02-07 15:14:56.599root 11241100x8000000000000000704327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf26e4079adf7f12023-02-07 15:14:56.599root 11241100x8000000000000000704326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdde3b6605b5aa812023-02-07 15:14:56.599root 11241100x8000000000000000704333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a944b99aa785c03b2023-02-07 15:14:56.600root 11241100x8000000000000000704332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0004393acc437cfa2023-02-07 15:14:56.600root 11241100x8000000000000000704331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a187c4f78fd9e792023-02-07 15:14:56.600root 11241100x8000000000000000704330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ad7cc9b4070462023-02-07 15:14:56.600root 11241100x8000000000000000704338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3df2dbd963ec9702023-02-07 15:14:56.601root 11241100x8000000000000000704337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a34831e68b4be2023-02-07 15:14:56.601root 11241100x8000000000000000704336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0febf102f00c910c2023-02-07 15:14:56.601root 11241100x8000000000000000704335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ee5c9414ae42e82023-02-07 15:14:56.601root 11241100x8000000000000000704334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:56.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed68e39ab6fc5b6a2023-02-07 15:14:56.601root 11241100x8000000000000000704341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cd25a1aeb040d92023-02-07 15:14:57.095root 11241100x8000000000000000704340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6837fc593237cac82023-02-07 15:14:57.095root 11241100x8000000000000000704339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90952ce461c12572023-02-07 15:14:57.095root 11241100x8000000000000000704346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0298be6d3b6b9ed12023-02-07 15:14:57.096root 11241100x8000000000000000704345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3af3524b790a4682023-02-07 15:14:57.096root 11241100x8000000000000000704344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ba0de4e00a50042023-02-07 15:14:57.096root 11241100x8000000000000000704343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d232cbd492d03afd2023-02-07 15:14:57.096root 11241100x8000000000000000704342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd23e926ba0d8e32023-02-07 15:14:57.096root 11241100x8000000000000000704351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d8b4260b63ab6f2023-02-07 15:14:57.097root 11241100x8000000000000000704350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c336d5479791052023-02-07 15:14:57.097root 11241100x8000000000000000704349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d61dea1f85fa242023-02-07 15:14:57.097root 11241100x8000000000000000704348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac69c04c609b8de32023-02-07 15:14:57.097root 11241100x8000000000000000704347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c0394b957c7c802023-02-07 15:14:57.097root 11241100x8000000000000000704355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8a1a3f3fa5a7412023-02-07 15:14:57.098root 11241100x8000000000000000704354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954fc6e0c53735c72023-02-07 15:14:57.098root 11241100x8000000000000000704353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514af5c2840e1f7c2023-02-07 15:14:57.098root 11241100x8000000000000000704352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c2c3a3041e32862023-02-07 15:14:57.098root 11241100x8000000000000000704360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe32fee27ce79242023-02-07 15:14:57.099root 11241100x8000000000000000704359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2837a9294b48f02023-02-07 15:14:57.099root 11241100x8000000000000000704358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc8858f32e650792023-02-07 15:14:57.099root 11241100x8000000000000000704357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9cbb133d4df58c2023-02-07 15:14:57.099root 11241100x8000000000000000704356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60997ca1fd28c9672023-02-07 15:14:57.099root 11241100x8000000000000000704364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c0141878bb2e2b2023-02-07 15:14:57.100root 11241100x8000000000000000704363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5498d1600f3287fb2023-02-07 15:14:57.100root 11241100x8000000000000000704362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce138816f60aee8c2023-02-07 15:14:57.100root 11241100x8000000000000000704361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b06246cadb17212023-02-07 15:14:57.100root 354300x8000000000000000704365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.159{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44600-false10.0.1.12-8000- 11241100x8000000000000000704373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5370776190fe824f2023-02-07 15:14:57.595root 11241100x8000000000000000704372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65b089a00029f492023-02-07 15:14:57.595root 11241100x8000000000000000704371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aebb2e19110d8e12023-02-07 15:14:57.595root 11241100x8000000000000000704370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c5fcd623af955b2023-02-07 15:14:57.595root 11241100x8000000000000000704369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b616caf07dadcf2023-02-07 15:14:57.595root 11241100x8000000000000000704368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adc21b9eca8f7122023-02-07 15:14:57.595root 11241100x8000000000000000704367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45f3641e0eacaec2023-02-07 15:14:57.595root 11241100x8000000000000000704366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24107bd332885432023-02-07 15:14:57.595root 11241100x8000000000000000704385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11aa6e1ec3527dff2023-02-07 15:14:57.596root 11241100x8000000000000000704384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2215f51b5fb8c912023-02-07 15:14:57.596root 11241100x8000000000000000704383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12c0e8f1857ee42023-02-07 15:14:57.596root 11241100x8000000000000000704382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb07755ea2d9f1932023-02-07 15:14:57.596root 11241100x8000000000000000704381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e50feaabb330d2023-02-07 15:14:57.596root 11241100x8000000000000000704380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e99dfb49b741612023-02-07 15:14:57.596root 11241100x8000000000000000704379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e13a92e4557f1bd2023-02-07 15:14:57.596root 11241100x8000000000000000704378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e248fd715f667dc62023-02-07 15:14:57.596root 11241100x8000000000000000704377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b54a8f1ffe2d3252023-02-07 15:14:57.596root 11241100x8000000000000000704376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12ab0229f7ba8ef2023-02-07 15:14:57.596root 11241100x8000000000000000704375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b98a3f9225f30ed2023-02-07 15:14:57.596root 11241100x8000000000000000704374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ea4226247543072023-02-07 15:14:57.596root 11241100x8000000000000000704389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5ddc154d8d7eae2023-02-07 15:14:57.597root 11241100x8000000000000000704388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8742a734b917d9ed2023-02-07 15:14:57.597root 11241100x8000000000000000704387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362ec906db923c322023-02-07 15:14:57.597root 11241100x8000000000000000704386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4b36a44d01c41d2023-02-07 15:14:57.597root 23542300x8000000000000000704390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:57.733{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000704392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986fea24faab03cd2023-02-07 15:14:58.095root 11241100x8000000000000000704391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ba77b72d1105302023-02-07 15:14:58.095root 11241100x8000000000000000704402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50a5d44716c10be2023-02-07 15:14:58.096root 11241100x8000000000000000704401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5148a12b549dd492023-02-07 15:14:58.096root 11241100x8000000000000000704400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e2254e1055e5092023-02-07 15:14:58.096root 11241100x8000000000000000704399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6382e4aae771c7a2023-02-07 15:14:58.096root 11241100x8000000000000000704398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23506f08fe9424d22023-02-07 15:14:58.096root 11241100x8000000000000000704397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b923e21c5197cc572023-02-07 15:14:58.096root 11241100x8000000000000000704396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ec365f2f0e68452023-02-07 15:14:58.096root 11241100x8000000000000000704395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d355256f4e48ecf2023-02-07 15:14:58.096root 11241100x8000000000000000704394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61afe3c4b24aeddb2023-02-07 15:14:58.096root 11241100x8000000000000000704393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf165ab25b09aa42023-02-07 15:14:58.096root 11241100x8000000000000000704411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1005dd52f2d7efa82023-02-07 15:14:58.097root 11241100x8000000000000000704410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e69debd49b3dd72023-02-07 15:14:58.097root 11241100x8000000000000000704409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b36e1835b53fa02023-02-07 15:14:58.097root 11241100x8000000000000000704408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637d4c75cbd914892023-02-07 15:14:58.097root 11241100x8000000000000000704407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427064ee73eeab112023-02-07 15:14:58.097root 11241100x8000000000000000704406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef721142393d9072023-02-07 15:14:58.097root 11241100x8000000000000000704405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35cd946906237492023-02-07 15:14:58.097root 11241100x8000000000000000704404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a093975eabfcb7882023-02-07 15:14:58.097root 11241100x8000000000000000704403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201ffb69e5bea06f2023-02-07 15:14:58.097root 11241100x8000000000000000704417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfad1ec8c26a73012023-02-07 15:14:58.098root 11241100x8000000000000000704416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac26e1c71e5cf442023-02-07 15:14:58.098root 11241100x8000000000000000704415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4379d447aa6e192023-02-07 15:14:58.098root 11241100x8000000000000000704414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b868307cfb27ea2023-02-07 15:14:58.098root 11241100x8000000000000000704413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3aa2c1e8d4f89742023-02-07 15:14:58.098root 11241100x8000000000000000704412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2313445c0fea12262023-02-07 15:14:58.098root 11241100x8000000000000000704418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d034c83419b0652023-02-07 15:14:58.595root 11241100x8000000000000000704423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4989b927fa7bd9f02023-02-07 15:14:58.596root 11241100x8000000000000000704422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b4a279f127c4162023-02-07 15:14:58.596root 11241100x8000000000000000704421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de8e8d0a44e6ee2023-02-07 15:14:58.596root 11241100x8000000000000000704420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad97e03871e728b2023-02-07 15:14:58.596root 11241100x8000000000000000704419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a672a6a203ba9332023-02-07 15:14:58.596root 11241100x8000000000000000704435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81197334ae793d582023-02-07 15:14:58.597root 11241100x8000000000000000704434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71262dd1c344a4cd2023-02-07 15:14:58.597root 11241100x8000000000000000704433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b74230b1a81e4052023-02-07 15:14:58.597root 11241100x8000000000000000704432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8682392d126578212023-02-07 15:14:58.597root 11241100x8000000000000000704431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8725f1a61e383a72023-02-07 15:14:58.597root 11241100x8000000000000000704430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339c7c7e6ad9f1082023-02-07 15:14:58.597root 11241100x8000000000000000704429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e83b8e7b6c66e52023-02-07 15:14:58.597root 11241100x8000000000000000704428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6567f5aa50372b4c2023-02-07 15:14:58.597root 11241100x8000000000000000704427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bbb395b09f8d292023-02-07 15:14:58.597root 11241100x8000000000000000704426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0eb1562c4370d2023-02-07 15:14:58.597root 11241100x8000000000000000704425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c4d432602c01682023-02-07 15:14:58.597root 11241100x8000000000000000704424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333ba34aecc2d7842023-02-07 15:14:58.597root 11241100x8000000000000000704443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9e571f54d5a9d42023-02-07 15:14:58.598root 11241100x8000000000000000704442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d44654832750b82023-02-07 15:14:58.598root 11241100x8000000000000000704441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284c3f1c653cc0512023-02-07 15:14:58.598root 11241100x8000000000000000704440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f42294c046bf82023-02-07 15:14:58.598root 11241100x8000000000000000704439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255de6b86a9676d32023-02-07 15:14:58.598root 11241100x8000000000000000704438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea40c11e9dd77032023-02-07 15:14:58.598root 11241100x8000000000000000704437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c86292eee2c712023-02-07 15:14:58.598root 11241100x8000000000000000704436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b06474ef9662fb2023-02-07 15:14:58.598root 11241100x8000000000000000704444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baa01cee0c8adf12023-02-07 15:14:58.599root 11241100x8000000000000000704445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b895a275c2e5632023-02-07 15:14:59.095root 11241100x8000000000000000704449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d22eea4cf8520b2023-02-07 15:14:59.096root 11241100x8000000000000000704448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69317a7d4a963cfb2023-02-07 15:14:59.096root 11241100x8000000000000000704447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17defaa48c36ea912023-02-07 15:14:59.096root 11241100x8000000000000000704446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb9f6abd5f1c452023-02-07 15:14:59.096root 11241100x8000000000000000704453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be15cd1d4e4d3dcd2023-02-07 15:14:59.097root 11241100x8000000000000000704452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32838e7d072ad6012023-02-07 15:14:59.097root 11241100x8000000000000000704451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ff6b484267887b2023-02-07 15:14:59.097root 11241100x8000000000000000704450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdb5037c6b78a842023-02-07 15:14:59.097root 11241100x8000000000000000704456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b063af2207062d2023-02-07 15:14:59.099root 11241100x8000000000000000704455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dee9a32148bd022023-02-07 15:14:59.099root 11241100x8000000000000000704454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4491e5c2142c6e712023-02-07 15:14:59.099root 11241100x8000000000000000704464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79e4d29cd8a80b32023-02-07 15:14:59.100root 11241100x8000000000000000704463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a12341b5e3d9e22023-02-07 15:14:59.100root 11241100x8000000000000000704462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7b735f2868f85e2023-02-07 15:14:59.100root 11241100x8000000000000000704461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01609392c12137962023-02-07 15:14:59.100root 11241100x8000000000000000704460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19486cdf4629d182023-02-07 15:14:59.100root 11241100x8000000000000000704459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be43384370a4b032023-02-07 15:14:59.100root 11241100x8000000000000000704458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a6ca137223d74e2023-02-07 15:14:59.100root 11241100x8000000000000000704457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01b5b45de1084872023-02-07 15:14:59.100root 11241100x8000000000000000704471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f199b5e334b79c502023-02-07 15:14:59.101root 11241100x8000000000000000704470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02304ff51367b7a42023-02-07 15:14:59.101root 11241100x8000000000000000704469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce72d331d609dcb2023-02-07 15:14:59.101root 11241100x8000000000000000704468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f7e81474b6d8052023-02-07 15:14:59.101root 11241100x8000000000000000704467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eec7b391766f6c52023-02-07 15:14:59.101root 11241100x8000000000000000704466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4675e4bd012c4aae2023-02-07 15:14:59.101root 11241100x8000000000000000704465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18960cdade5a12e12023-02-07 15:14:59.101root 11241100x8000000000000000704479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863a1c2a840fc7522023-02-07 15:14:59.595root 11241100x8000000000000000704478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924a5a76fd21e5622023-02-07 15:14:59.595root 11241100x8000000000000000704477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a659dbf3799874282023-02-07 15:14:59.595root 11241100x8000000000000000704476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29edf97d9c8c39752023-02-07 15:14:59.595root 11241100x8000000000000000704475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c8fb01db64369c2023-02-07 15:14:59.595root 11241100x8000000000000000704474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3256bfcf4a64582023-02-07 15:14:59.595root 11241100x8000000000000000704473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7224d33200a3e12023-02-07 15:14:59.595root 11241100x8000000000000000704472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d56c5eb523ba78d2023-02-07 15:14:59.595root 11241100x8000000000000000704485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58b5e18f8fb33032023-02-07 15:14:59.596root 11241100x8000000000000000704484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3f3704207730df2023-02-07 15:14:59.596root 11241100x8000000000000000704483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3958ec0a59df9e2023-02-07 15:14:59.596root 11241100x8000000000000000704482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8767b9b2f5ea482023-02-07 15:14:59.596root 11241100x8000000000000000704481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90849ac58701de12023-02-07 15:14:59.596root 11241100x8000000000000000704480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b77b7da95d3762023-02-07 15:14:59.596root 11241100x8000000000000000704493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c0b80c59af2f722023-02-07 15:14:59.597root 11241100x8000000000000000704492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c6edce9567dd862023-02-07 15:14:59.597root 11241100x8000000000000000704491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23024a8b341c60db2023-02-07 15:14:59.597root 11241100x8000000000000000704490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdabeaa8c3a460622023-02-07 15:14:59.597root 11241100x8000000000000000704489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a717b4f8f658b42023-02-07 15:14:59.597root 11241100x8000000000000000704488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c445fbb7c21a712023-02-07 15:14:59.597root 11241100x8000000000000000704487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306fc7db30cd6a12023-02-07 15:14:59.597root 11241100x8000000000000000704486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdbbbd849ada3df2023-02-07 15:14:59.597root 11241100x8000000000000000704496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2f025cc909a6e02023-02-07 15:14:59.598root 11241100x8000000000000000704495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49651002476007b72023-02-07 15:14:59.598root 11241100x8000000000000000704494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:14:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b4c9e313511c0e2023-02-07 15:14:59.598root 11241100x8000000000000000704503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db2f9d2f13011432023-02-07 15:15:00.095root 11241100x8000000000000000704502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2498fdc6d85ed2023-02-07 15:15:00.095root 11241100x8000000000000000704501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fc14456976d202023-02-07 15:15:00.095root 11241100x8000000000000000704500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00dc85e6347aef92023-02-07 15:15:00.095root 11241100x8000000000000000704499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a20c0ff5b798dfd2023-02-07 15:15:00.095root 11241100x8000000000000000704498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec76513c52564a42023-02-07 15:15:00.095root 11241100x8000000000000000704497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548aaaa03018e91d2023-02-07 15:15:00.095root 11241100x8000000000000000704519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4899a50bec9853272023-02-07 15:15:00.096root 11241100x8000000000000000704518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2a7360c9084a1e2023-02-07 15:15:00.096root 11241100x8000000000000000704517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f86cb9aed59c7202023-02-07 15:15:00.096root 11241100x8000000000000000704516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79031bbf2964a5b2023-02-07 15:15:00.096root 11241100x8000000000000000704515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166ead2a250c6092023-02-07 15:15:00.096root 11241100x8000000000000000704514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60761641204accc62023-02-07 15:15:00.096root 11241100x8000000000000000704513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e57c262ea82ac2023-02-07 15:15:00.096root 11241100x8000000000000000704512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbd03ddbf28e6552023-02-07 15:15:00.096root 11241100x8000000000000000704511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66835b57126a8d872023-02-07 15:15:00.096root 11241100x8000000000000000704510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f97358cc5e6f5cc2023-02-07 15:15:00.096root 11241100x8000000000000000704509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3269d95e9acd642023-02-07 15:15:00.096root 11241100x8000000000000000704508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0423e6d2eaaf02e2023-02-07 15:15:00.096root 11241100x8000000000000000704507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1387803aecd1b11f2023-02-07 15:15:00.096root 11241100x8000000000000000704506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858025d678d8f76b2023-02-07 15:15:00.096root 11241100x8000000000000000704505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2e455b1b09d44b2023-02-07 15:15:00.096root 11241100x8000000000000000704504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8fd31917f838272023-02-07 15:15:00.096root 11241100x8000000000000000704522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd00363e5112c502023-02-07 15:15:00.097root 11241100x8000000000000000704521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bbe63311313e962023-02-07 15:15:00.097root 11241100x8000000000000000704520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5695f8f70d4d4dc2023-02-07 15:15:00.097root 11241100x8000000000000000704527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a57289fcdc1b42023-02-07 15:15:00.595root 11241100x8000000000000000704526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaf9215c78f4efb2023-02-07 15:15:00.595root 11241100x8000000000000000704525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f24c829e0b812c2023-02-07 15:15:00.595root 11241100x8000000000000000704524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895ac548eeafffc52023-02-07 15:15:00.595root 11241100x8000000000000000704523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e068d2fa70d8d2023-02-07 15:15:00.595root 11241100x8000000000000000704533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37c5b2f40349d4e2023-02-07 15:15:00.596root 11241100x8000000000000000704532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f79339e40d1fe02023-02-07 15:15:00.596root 11241100x8000000000000000704531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3849bf47f427a62023-02-07 15:15:00.596root 11241100x8000000000000000704530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a041f387fe2b74c02023-02-07 15:15:00.596root 11241100x8000000000000000704529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94390b15824c88652023-02-07 15:15:00.596root 11241100x8000000000000000704528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fecfdf371597c2023-02-07 15:15:00.596root 11241100x8000000000000000704539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad8cf30b764ae532023-02-07 15:15:00.597root 11241100x8000000000000000704538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a109ee9e6f0f782023-02-07 15:15:00.597root 11241100x8000000000000000704537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fbaecef681b1d52023-02-07 15:15:00.597root 11241100x8000000000000000704536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086857ae14bfe0ac2023-02-07 15:15:00.597root 11241100x8000000000000000704535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df84ecb0e7dadbc72023-02-07 15:15:00.597root 11241100x8000000000000000704534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dbf8503da27dd02023-02-07 15:15:00.597root 11241100x8000000000000000704542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1d231feab9992a2023-02-07 15:15:00.598root 11241100x8000000000000000704541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c994cd5101318e842023-02-07 15:15:00.598root 11241100x8000000000000000704540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ca50d6b3694dd32023-02-07 15:15:00.598root 11241100x8000000000000000704546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3f28a8eefdf0432023-02-07 15:15:00.599root 11241100x8000000000000000704545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489613916aae80be2023-02-07 15:15:00.599root 11241100x8000000000000000704544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481b208160364c6b2023-02-07 15:15:00.599root 11241100x8000000000000000704543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b1993d70ef80382023-02-07 15:15:00.599root 11241100x8000000000000000704552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0f9c00600f35692023-02-07 15:15:00.600root 11241100x8000000000000000704551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8970d10a6d12f1c42023-02-07 15:15:00.600root 11241100x8000000000000000704550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4c99216e105d812023-02-07 15:15:00.600root 11241100x8000000000000000704549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510da7650af62ac72023-02-07 15:15:00.600root 11241100x8000000000000000704548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e050a614d3d08c852023-02-07 15:15:00.600root 11241100x8000000000000000704547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:00.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0c5246adc18d6a2023-02-07 15:15:00.600root 11241100x8000000000000000704557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b78af86b08af90c2023-02-07 15:15:01.095root 11241100x8000000000000000704556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3490f15b5d550532023-02-07 15:15:01.095root 11241100x8000000000000000704555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952354e85b3e86012023-02-07 15:15:01.095root 11241100x8000000000000000704554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40459503ee5d3c72023-02-07 15:15:01.095root 11241100x8000000000000000704553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fb291cda56a4cc2023-02-07 15:15:01.095root 11241100x8000000000000000704567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb821634bf642bf2023-02-07 15:15:01.096root 11241100x8000000000000000704566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13419f68efb6d38b2023-02-07 15:15:01.096root 11241100x8000000000000000704565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90e46ef6027f03f2023-02-07 15:15:01.096root 11241100x8000000000000000704564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4001e11e2909af2023-02-07 15:15:01.096root 11241100x8000000000000000704563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b274a18f7070712023-02-07 15:15:01.096root 11241100x8000000000000000704562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4759f4bb925ff4272023-02-07 15:15:01.096root 11241100x8000000000000000704561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccd23f340ab83c12023-02-07 15:15:01.096root 11241100x8000000000000000704560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af25254e63e99932023-02-07 15:15:01.096root 11241100x8000000000000000704559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7309a41c3f9e5fe12023-02-07 15:15:01.096root 11241100x8000000000000000704558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c98d5fc443d2652023-02-07 15:15:01.096root 11241100x8000000000000000704577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ece19f9318f02302023-02-07 15:15:01.097root 11241100x8000000000000000704576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0022e21aef2b60132023-02-07 15:15:01.097root 11241100x8000000000000000704575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba70b4b5ae6d0dda2023-02-07 15:15:01.097root 11241100x8000000000000000704574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0ebf8952abe00e2023-02-07 15:15:01.097root 11241100x8000000000000000704573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a104560d299088122023-02-07 15:15:01.097root 11241100x8000000000000000704572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b5bf8d095c51c22023-02-07 15:15:01.097root 11241100x8000000000000000704571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f590d36dd546755c2023-02-07 15:15:01.097root 11241100x8000000000000000704570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe22ac6ce46db77a2023-02-07 15:15:01.097root 11241100x8000000000000000704569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec05f09c9f9bb5d2023-02-07 15:15:01.097root 11241100x8000000000000000704568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e936874b4011f52023-02-07 15:15:01.097root 11241100x8000000000000000704578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9383d86cfaf935a02023-02-07 15:15:01.098root 11241100x8000000000000000704583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a30af628fbc3552023-02-07 15:15:01.595root 11241100x8000000000000000704582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400d6b2d81602be02023-02-07 15:15:01.595root 11241100x8000000000000000704581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff8e6f834e3663a2023-02-07 15:15:01.595root 11241100x8000000000000000704580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a212657759a1bcb32023-02-07 15:15:01.595root 11241100x8000000000000000704579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37035d4ebef9d6a2023-02-07 15:15:01.595root 11241100x8000000000000000704593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b585a9e02b08c3a2023-02-07 15:15:01.596root 11241100x8000000000000000704592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e666a45ac0e8f8072023-02-07 15:15:01.596root 11241100x8000000000000000704591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20685561dfbf5fdc2023-02-07 15:15:01.596root 11241100x8000000000000000704590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f1bdd8cea5f4f82023-02-07 15:15:01.596root 11241100x8000000000000000704589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cf4b842cf3c0072023-02-07 15:15:01.596root 11241100x8000000000000000704588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea5ba0be6ab33b72023-02-07 15:15:01.596root 11241100x8000000000000000704587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd48dee896db244a2023-02-07 15:15:01.596root 11241100x8000000000000000704586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71786592439c10e22023-02-07 15:15:01.596root 11241100x8000000000000000704585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db68e3b023cebc082023-02-07 15:15:01.596root 11241100x8000000000000000704584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9df836315897e32023-02-07 15:15:01.596root 11241100x8000000000000000704600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38162f92da89a9d92023-02-07 15:15:01.597root 11241100x8000000000000000704599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c801c88e291fe642023-02-07 15:15:01.597root 11241100x8000000000000000704598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae501dca5c6f12982023-02-07 15:15:01.597root 11241100x8000000000000000704597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ae1f21e05b84cf2023-02-07 15:15:01.597root 11241100x8000000000000000704596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0305c588f9b0ef162023-02-07 15:15:01.597root 11241100x8000000000000000704595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978ee2ebbd7e92fe2023-02-07 15:15:01.597root 11241100x8000000000000000704594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a568d38ccf8a85e2023-02-07 15:15:01.597root 11241100x8000000000000000704603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da6150a1713ef672023-02-07 15:15:01.598root 11241100x8000000000000000704602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b145b42a4413172023-02-07 15:15:01.598root 11241100x8000000000000000704601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d81216ee374a3942023-02-07 15:15:01.598root 11241100x8000000000000000704605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6cf28fd4e4b0b52023-02-07 15:15:02.095root 11241100x8000000000000000704604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c3129853ba00f22023-02-07 15:15:02.095root 11241100x8000000000000000704608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693d0989a2cd657b2023-02-07 15:15:02.096root 11241100x8000000000000000704607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b8d0a00892d4ed2023-02-07 15:15:02.096root 11241100x8000000000000000704606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c93985c2a25fd62023-02-07 15:15:02.096root 11241100x8000000000000000704613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757fc63e5b90fa162023-02-07 15:15:02.097root 11241100x8000000000000000704612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85431f8ce42ad722023-02-07 15:15:02.097root 11241100x8000000000000000704611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2995f190afdad622023-02-07 15:15:02.097root 11241100x8000000000000000704610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a135ef940c124e0c2023-02-07 15:15:02.097root 11241100x8000000000000000704609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d069c0e8f4c4f9f2023-02-07 15:15:02.097root 11241100x8000000000000000704617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719a6e13c8d632cc2023-02-07 15:15:02.098root 11241100x8000000000000000704616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195917e478cb857f2023-02-07 15:15:02.098root 11241100x8000000000000000704615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad751e656c4450892023-02-07 15:15:02.098root 11241100x8000000000000000704614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c498ddfde0b77422023-02-07 15:15:02.098root 11241100x8000000000000000704621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1751791a70e7602023-02-07 15:15:02.099root 11241100x8000000000000000704620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32ea2d80be48c382023-02-07 15:15:02.099root 11241100x8000000000000000704619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca63a6265862c9c2023-02-07 15:15:02.099root 11241100x8000000000000000704618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106c0994444038452023-02-07 15:15:02.099root 11241100x8000000000000000704626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db741b512842b912023-02-07 15:15:02.100root 11241100x8000000000000000704625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d188937b65ad3c2023-02-07 15:15:02.100root 11241100x8000000000000000704624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35458c89c66e4a22023-02-07 15:15:02.100root 11241100x8000000000000000704623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8468c595f66f142023-02-07 15:15:02.100root 11241100x8000000000000000704622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62333262419edb912023-02-07 15:15:02.100root 11241100x8000000000000000704628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c7210fdefa0d8c2023-02-07 15:15:02.101root 11241100x8000000000000000704627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249b7b1091f2f6272023-02-07 15:15:02.101root 11241100x8000000000000000704630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e2706878060b9c2023-02-07 15:15:02.595root 11241100x8000000000000000704629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980dad8f1062f912023-02-07 15:15:02.595root 11241100x8000000000000000704634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2e37719b7651e92023-02-07 15:15:02.596root 11241100x8000000000000000704633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3f3ba6b6f9d1842023-02-07 15:15:02.596root 11241100x8000000000000000704632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e029d86151a2af8d2023-02-07 15:15:02.596root 11241100x8000000000000000704631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90074335e83ea8782023-02-07 15:15:02.596root 11241100x8000000000000000704639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96996aa7a2a4c1a2023-02-07 15:15:02.597root 11241100x8000000000000000704638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283e06d27edfe6fa2023-02-07 15:15:02.597root 11241100x8000000000000000704637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e35d7e15a5145b02023-02-07 15:15:02.597root 11241100x8000000000000000704636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f840dd7fbd895d72023-02-07 15:15:02.597root 11241100x8000000000000000704635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e508cec14e34ddba2023-02-07 15:15:02.597root 11241100x8000000000000000704642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29f9815f09edcc32023-02-07 15:15:02.598root 11241100x8000000000000000704641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e491b9867719a6be2023-02-07 15:15:02.598root 11241100x8000000000000000704640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7d12dfc9a1a9842023-02-07 15:15:02.598root 11241100x8000000000000000704647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6215aaa32555d72023-02-07 15:15:02.599root 11241100x8000000000000000704646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fad72d7070442b2023-02-07 15:15:02.599root 11241100x8000000000000000704645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc125eac45554ca2023-02-07 15:15:02.599root 11241100x8000000000000000704644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9cbd9cf3146c9c2023-02-07 15:15:02.599root 11241100x8000000000000000704643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a514e54c41fd1c62023-02-07 15:15:02.599root 11241100x8000000000000000704651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de32dd8c49e86492023-02-07 15:15:02.600root 11241100x8000000000000000704650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c94247e3ca853412023-02-07 15:15:02.600root 11241100x8000000000000000704649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d550be4d313b212023-02-07 15:15:02.600root 11241100x8000000000000000704648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ef3045a701c7d52023-02-07 15:15:02.600root 11241100x8000000000000000704654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc04ec2c66bd0c032023-02-07 15:15:02.601root 11241100x8000000000000000704653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437978297cfcf7b42023-02-07 15:15:02.601root 11241100x8000000000000000704652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:02.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d555cc246a23b72023-02-07 15:15:02.601root 354300x8000000000000000704655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.026{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44602-false10.0.1.12-8000- 11241100x8000000000000000704659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b091a970398e51bf2023-02-07 15:15:03.027root 11241100x8000000000000000704658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d2dfbcb66bcbdd2023-02-07 15:15:03.027root 11241100x8000000000000000704657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f625eb1117a22bd2023-02-07 15:15:03.027root 11241100x8000000000000000704656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99aba6d64b58aff2023-02-07 15:15:03.027root 11241100x8000000000000000704669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb51228121ed70c2023-02-07 15:15:03.028root 11241100x8000000000000000704668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa279207d4bbc542023-02-07 15:15:03.028root 11241100x8000000000000000704667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab906e387153cf72023-02-07 15:15:03.028root 11241100x8000000000000000704666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203b537b8b72bca02023-02-07 15:15:03.028root 11241100x8000000000000000704665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db6fd71401741942023-02-07 15:15:03.028root 11241100x8000000000000000704664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8219f8fd9a83be62023-02-07 15:15:03.028root 11241100x8000000000000000704663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6c2dcc1dde01c82023-02-07 15:15:03.028root 11241100x8000000000000000704662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2341cab3b13ceb2023-02-07 15:15:03.028root 11241100x8000000000000000704661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c56eccde83de912023-02-07 15:15:03.028root 11241100x8000000000000000704660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.028{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef8d6ebab26d3042023-02-07 15:15:03.028root 11241100x8000000000000000704675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.029{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2aed7fc1e9de4392023-02-07 15:15:03.029root 11241100x8000000000000000704674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.029{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db85bad0e2faf28c2023-02-07 15:15:03.029root 11241100x8000000000000000704673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.029{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbd76e0ca2e753e2023-02-07 15:15:03.029root 11241100x8000000000000000704672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.029{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1bcfa2c05a7f982023-02-07 15:15:03.029root 11241100x8000000000000000704671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.029{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9554b6685becf1ea2023-02-07 15:15:03.029root 11241100x8000000000000000704670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.029{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb112831bd0738482023-02-07 15:15:03.029root 11241100x8000000000000000704677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.030{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489947d1fb41f73f2023-02-07 15:15:03.030root 11241100x8000000000000000704676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.030{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ea25adc202e5e82023-02-07 15:15:03.030root 11241100x8000000000000000704681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.031{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b84f022cebad7a02023-02-07 15:15:03.031root 11241100x8000000000000000704680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.031{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703ea8fa0f0f499e2023-02-07 15:15:03.031root 11241100x8000000000000000704679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.031{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b874d7f469de609f2023-02-07 15:15:03.031root 11241100x8000000000000000704678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.031{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cb29035aacb7032023-02-07 15:15:03.031root 11241100x8000000000000000704684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.032{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20f8452df52319c2023-02-07 15:15:03.032root 11241100x8000000000000000704683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.032{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68abd5237f021b2d2023-02-07 15:15:03.032root 11241100x8000000000000000704682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.032{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab8fef17c70564b2023-02-07 15:15:03.032root 11241100x8000000000000000704687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a02b1d658f762882023-02-07 15:15:03.346root 11241100x8000000000000000704686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1af8a48365ec8b2023-02-07 15:15:03.346root 11241100x8000000000000000704685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e10dad9ed68149e2023-02-07 15:15:03.346root 11241100x8000000000000000704693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea56f3f40e0ec5a2023-02-07 15:15:03.347root 11241100x8000000000000000704692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b95f728900e3cc2023-02-07 15:15:03.347root 11241100x8000000000000000704691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad402d2b99d6cb0e2023-02-07 15:15:03.347root 11241100x8000000000000000704690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b5313f7b6b68f62023-02-07 15:15:03.347root 11241100x8000000000000000704689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e509a68086f8ada82023-02-07 15:15:03.347root 11241100x8000000000000000704688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93e0bea87b7cee82023-02-07 15:15:03.347root 11241100x8000000000000000704699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c096aa8c6a10d23d2023-02-07 15:15:03.348root 11241100x8000000000000000704698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4494f1f3c286cd2023-02-07 15:15:03.348root 11241100x8000000000000000704697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bb826f0627d3232023-02-07 15:15:03.348root 11241100x8000000000000000704696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e97f8937a08c25d2023-02-07 15:15:03.348root 11241100x8000000000000000704695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fe7d67b83bd1e02023-02-07 15:15:03.348root 11241100x8000000000000000704694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf6eee560b74ab12023-02-07 15:15:03.348root 11241100x8000000000000000704702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f175f8db8ef8f62023-02-07 15:15:03.349root 11241100x8000000000000000704701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e3d046909a9bc42023-02-07 15:15:03.349root 11241100x8000000000000000704700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aad696ab759d952023-02-07 15:15:03.349root 11241100x8000000000000000704708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f112b06d5332a62b2023-02-07 15:15:03.350root 11241100x8000000000000000704707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44285521ea5ace1c2023-02-07 15:15:03.350root 11241100x8000000000000000704706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3a3005630eaeb32023-02-07 15:15:03.350root 11241100x8000000000000000704705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae951897b029ff732023-02-07 15:15:03.350root 11241100x8000000000000000704704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b892d4457bb9b5582023-02-07 15:15:03.350root 11241100x8000000000000000704703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cf0054ede533f02023-02-07 15:15:03.350root 11241100x8000000000000000704710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f4954125ea98cd2023-02-07 15:15:03.351root 11241100x8000000000000000704709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c45052c36e7e32023-02-07 15:15:03.351root 11241100x8000000000000000704715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273283afa82347b72023-02-07 15:15:03.846root 11241100x8000000000000000704714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7741308f12164e2023-02-07 15:15:03.846root 11241100x8000000000000000704713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bd6949c6d971c02023-02-07 15:15:03.846root 11241100x8000000000000000704712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0666bc3c3024298e2023-02-07 15:15:03.846root 11241100x8000000000000000704711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a31ed452f62be32023-02-07 15:15:03.846root 11241100x8000000000000000704720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0554f226b56264232023-02-07 15:15:03.847root 11241100x8000000000000000704719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d1eba81e0661e32023-02-07 15:15:03.847root 11241100x8000000000000000704718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce78ca8f450f5d22023-02-07 15:15:03.847root 11241100x8000000000000000704717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4941e66fdcc0d07d2023-02-07 15:15:03.847root 11241100x8000000000000000704716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de6def4dc78c9552023-02-07 15:15:03.847root 11241100x8000000000000000704722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce88e00b365e3aa2023-02-07 15:15:03.848root 11241100x8000000000000000704721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ecc3181b9d314c2023-02-07 15:15:03.848root 11241100x8000000000000000704732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb5feaaf8939f832023-02-07 15:15:03.849root 11241100x8000000000000000704731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60712595f24debd32023-02-07 15:15:03.849root 11241100x8000000000000000704730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd446c1dc2df0e3b2023-02-07 15:15:03.849root 11241100x8000000000000000704729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49414b84b68ef2d72023-02-07 15:15:03.849root 11241100x8000000000000000704728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b865e7ed6128f8a2023-02-07 15:15:03.849root 11241100x8000000000000000704727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5232265ab9ee38432023-02-07 15:15:03.849root 11241100x8000000000000000704726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeac8aec033c6d12023-02-07 15:15:03.849root 11241100x8000000000000000704725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384cb1c2a30a5e182023-02-07 15:15:03.849root 11241100x8000000000000000704724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ed3e5594c95d342023-02-07 15:15:03.849root 11241100x8000000000000000704723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7f8ba7ea26e1232023-02-07 15:15:03.849root 11241100x8000000000000000704735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9554ac42aaa05812023-02-07 15:15:03.850root 11241100x8000000000000000704734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef82c341d6e0e442023-02-07 15:15:03.850root 11241100x8000000000000000704733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4425dd3c260f7d72023-02-07 15:15:03.850root 11241100x8000000000000000704736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:03.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1529305783b7b4482023-02-07 15:15:03.851root 11241100x8000000000000000704745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf035c2d540ba8f2023-02-07 15:15:04.346root 11241100x8000000000000000704744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb963ee1573eb3c12023-02-07 15:15:04.346root 11241100x8000000000000000704743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389290af4ed3a42c2023-02-07 15:15:04.346root 11241100x8000000000000000704742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ded7ec6406c6c5d2023-02-07 15:15:04.346root 11241100x8000000000000000704741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e681ab2a6e6325ff2023-02-07 15:15:04.346root 11241100x8000000000000000704740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af4d5fdbf383f722023-02-07 15:15:04.346root 11241100x8000000000000000704739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fb027161ab6a792023-02-07 15:15:04.346root 11241100x8000000000000000704738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca25a5cd82340a072023-02-07 15:15:04.346root 11241100x8000000000000000704737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49f9dc0466d6a952023-02-07 15:15:04.346root 11241100x8000000000000000704760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedbef61492a323c2023-02-07 15:15:04.347root 11241100x8000000000000000704759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2511d823125002023-02-07 15:15:04.347root 11241100x8000000000000000704758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660378528014a4242023-02-07 15:15:04.347root 11241100x8000000000000000704757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e71edb502ffec82023-02-07 15:15:04.347root 11241100x8000000000000000704756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e801d987a6b68f2023-02-07 15:15:04.347root 11241100x8000000000000000704755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8556b8a64029d7e92023-02-07 15:15:04.347root 11241100x8000000000000000704754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1728e02b0ca17712023-02-07 15:15:04.347root 11241100x8000000000000000704753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b9c223011262412023-02-07 15:15:04.347root 11241100x8000000000000000704752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9fa88d318a713f2023-02-07 15:15:04.347root 11241100x8000000000000000704751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2df8a35cf0a4ed32023-02-07 15:15:04.347root 11241100x8000000000000000704750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3903a38ab46a6632023-02-07 15:15:04.347root 11241100x8000000000000000704749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8745d14ca8f91dcb2023-02-07 15:15:04.347root 11241100x8000000000000000704748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c913a4d761c1dd2023-02-07 15:15:04.347root 11241100x8000000000000000704747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5bbe8d42af9062023-02-07 15:15:04.347root 11241100x8000000000000000704746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6fdd2d9d2e474d2023-02-07 15:15:04.347root 11241100x8000000000000000704762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd87ebe7636cc6a2023-02-07 15:15:04.348root 11241100x8000000000000000704761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f419f664bf83c31a2023-02-07 15:15:04.348root 11241100x8000000000000000704766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe499f8f7d6b6b9d2023-02-07 15:15:04.846root 11241100x8000000000000000704765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366de53791c6d36c2023-02-07 15:15:04.846root 11241100x8000000000000000704764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0516a0603246dc722023-02-07 15:15:04.846root 11241100x8000000000000000704763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ade5a0235042062023-02-07 15:15:04.846root 11241100x8000000000000000704780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16742949e3f73b412023-02-07 15:15:04.847root 11241100x8000000000000000704779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179958cebafabf0b2023-02-07 15:15:04.847root 11241100x8000000000000000704778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef484fde1feb0db2023-02-07 15:15:04.847root 11241100x8000000000000000704777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfbe904a4cf19a52023-02-07 15:15:04.847root 11241100x8000000000000000704776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5733729d6ba7ff082023-02-07 15:15:04.847root 11241100x8000000000000000704775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1652aa17f4a5f22023-02-07 15:15:04.847root 11241100x8000000000000000704774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97e27005b801e92023-02-07 15:15:04.847root 11241100x8000000000000000704773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e0f0a45386895d2023-02-07 15:15:04.847root 11241100x8000000000000000704772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3927c9c0d77d2f932023-02-07 15:15:04.847root 11241100x8000000000000000704771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a51700b6f2c5aa02023-02-07 15:15:04.847root 11241100x8000000000000000704770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294dac020d1c54ab2023-02-07 15:15:04.847root 11241100x8000000000000000704769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9059140adf20585c2023-02-07 15:15:04.847root 11241100x8000000000000000704768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223a2d94b8a7da022023-02-07 15:15:04.847root 11241100x8000000000000000704767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dc2b357f377ba92023-02-07 15:15:04.847root 11241100x8000000000000000704788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e9ddce7ebe47d02023-02-07 15:15:04.848root 11241100x8000000000000000704787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d07a09164c43c92023-02-07 15:15:04.848root 11241100x8000000000000000704786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eccd8519282f2422023-02-07 15:15:04.848root 11241100x8000000000000000704785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cc2229c7aac7722023-02-07 15:15:04.848root 11241100x8000000000000000704784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84aef93f5ec6bc22023-02-07 15:15:04.848root 11241100x8000000000000000704783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7320a491461f1c2023-02-07 15:15:04.848root 11241100x8000000000000000704782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596cc426a7ef90122023-02-07 15:15:04.848root 11241100x8000000000000000704781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d98ad1f287e1aea2023-02-07 15:15:04.848root 11241100x8000000000000000704792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5173d8ed0116d31b2023-02-07 15:15:05.346root 11241100x8000000000000000704791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38491ef23e979dfe2023-02-07 15:15:05.346root 11241100x8000000000000000704790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b813e928d4668d52023-02-07 15:15:05.346root 11241100x8000000000000000704789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecef0403876e9b4d2023-02-07 15:15:05.346root 11241100x8000000000000000704799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517e925c937b190d2023-02-07 15:15:05.347root 11241100x8000000000000000704798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa9820e782ba0a72023-02-07 15:15:05.347root 11241100x8000000000000000704797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95b3667f9556dad2023-02-07 15:15:05.347root 11241100x8000000000000000704796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30affcfc765542782023-02-07 15:15:05.347root 11241100x8000000000000000704795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4ddd0d4ba8d4b12023-02-07 15:15:05.347root 11241100x8000000000000000704794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36c0f3d3abd67b2023-02-07 15:15:05.347root 11241100x8000000000000000704793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44c130b47d11a4b2023-02-07 15:15:05.347root 11241100x8000000000000000704803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f0fd7f0df126682023-02-07 15:15:05.348root 11241100x8000000000000000704802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e888f89c1e17ab2023-02-07 15:15:05.348root 11241100x8000000000000000704801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e127f0bddd1d312023-02-07 15:15:05.348root 11241100x8000000000000000704800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc090269de4633c42023-02-07 15:15:05.348root 11241100x8000000000000000704811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d9e38ba644fd212023-02-07 15:15:05.349root 11241100x8000000000000000704810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cc06a237db041f2023-02-07 15:15:05.349root 11241100x8000000000000000704809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54205a471e80f752023-02-07 15:15:05.349root 11241100x8000000000000000704808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fcd642316b002e2023-02-07 15:15:05.349root 11241100x8000000000000000704807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e857350d5740e7f2023-02-07 15:15:05.349root 11241100x8000000000000000704806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad184bd728de5a72023-02-07 15:15:05.349root 11241100x8000000000000000704805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e17bfc0eabf8bf2023-02-07 15:15:05.349root 11241100x8000000000000000704804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525cce5acdc421c32023-02-07 15:15:05.349root 11241100x8000000000000000704813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81e8024dd07c9172023-02-07 15:15:05.350root 11241100x8000000000000000704812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7847e59b4ff1b7302023-02-07 15:15:05.350root 11241100x8000000000000000704814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873cf61dbdec50f62023-02-07 15:15:05.351root 11241100x8000000000000000704821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065f4f5cdf10e9a22023-02-07 15:15:05.846root 11241100x8000000000000000704820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c0115bb08de80c2023-02-07 15:15:05.846root 11241100x8000000000000000704819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b610c856dfaf3122023-02-07 15:15:05.846root 11241100x8000000000000000704818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c446ebc30effdf9a2023-02-07 15:15:05.846root 11241100x8000000000000000704817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee73f20dc1d91152023-02-07 15:15:05.846root 11241100x8000000000000000704816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebc4ffba4b5ee852023-02-07 15:15:05.846root 11241100x8000000000000000704815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b797a4d007956022023-02-07 15:15:05.846root 11241100x8000000000000000704831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a084a359ad6d99812023-02-07 15:15:05.847root 11241100x8000000000000000704830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912acbc42088e53d2023-02-07 15:15:05.847root 11241100x8000000000000000704829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e61bb74d3d4bcd2023-02-07 15:15:05.847root 11241100x8000000000000000704828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e9ae33e63757172023-02-07 15:15:05.847root 11241100x8000000000000000704827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33467872d5a852d32023-02-07 15:15:05.847root 11241100x8000000000000000704826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83971312aeb38c32023-02-07 15:15:05.847root 11241100x8000000000000000704825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6b64435319f13a2023-02-07 15:15:05.847root 11241100x8000000000000000704824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d564dd84c9b61c302023-02-07 15:15:05.847root 11241100x8000000000000000704823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79695b3dae0baf22023-02-07 15:15:05.847root 11241100x8000000000000000704822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b536e3d88b42f72023-02-07 15:15:05.847root 11241100x8000000000000000704840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682163d3e2cff2f42023-02-07 15:15:05.848root 11241100x8000000000000000704839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e0309436189dcf2023-02-07 15:15:05.848root 11241100x8000000000000000704838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe49cefe8a3cd6e2023-02-07 15:15:05.848root 11241100x8000000000000000704837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0d408c225eedb82023-02-07 15:15:05.848root 11241100x8000000000000000704836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22fa379185279c72023-02-07 15:15:05.848root 11241100x8000000000000000704835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3f367a030534a2023-02-07 15:15:05.848root 11241100x8000000000000000704834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200c238b8c093eaf2023-02-07 15:15:05.848root 11241100x8000000000000000704833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef49f2c7591f7912023-02-07 15:15:05.848root 11241100x8000000000000000704832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358fa02f6b8d5f572023-02-07 15:15:05.848root 11241100x8000000000000000704849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049fc6a9366920a22023-02-07 15:15:06.346root 11241100x8000000000000000704848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9ab060352664f02023-02-07 15:15:06.346root 11241100x8000000000000000704847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7155900498a8d682023-02-07 15:15:06.346root 11241100x8000000000000000704846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5a8388e66a82962023-02-07 15:15:06.346root 11241100x8000000000000000704845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a05c0c215a1a832023-02-07 15:15:06.346root 11241100x8000000000000000704844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39967ebd48505a422023-02-07 15:15:06.346root 11241100x8000000000000000704843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3081b258e254ea0b2023-02-07 15:15:06.346root 11241100x8000000000000000704842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c796b42f39bf762023-02-07 15:15:06.346root 11241100x8000000000000000704841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc28a9e72d7764e2023-02-07 15:15:06.346root 11241100x8000000000000000704862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8523196cad4115612023-02-07 15:15:06.347root 11241100x8000000000000000704861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9baafd0ea9f0fe2023-02-07 15:15:06.347root 11241100x8000000000000000704860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e6d3b3ebfbc7a2023-02-07 15:15:06.347root 11241100x8000000000000000704859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3178b5a31db297f62023-02-07 15:15:06.347root 11241100x8000000000000000704858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009ddb808bbb41c22023-02-07 15:15:06.347root 11241100x8000000000000000704857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438f9d803740364a2023-02-07 15:15:06.347root 11241100x8000000000000000704856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bce65c4d131aa672023-02-07 15:15:06.347root 11241100x8000000000000000704855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5c9c26533686b92023-02-07 15:15:06.347root 11241100x8000000000000000704854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e372e6c2e8f8a392023-02-07 15:15:06.347root 11241100x8000000000000000704853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3658e4e474a47ce82023-02-07 15:15:06.347root 11241100x8000000000000000704852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d03626692a1d42023-02-07 15:15:06.347root 11241100x8000000000000000704851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55255b03a42d95e2023-02-07 15:15:06.347root 11241100x8000000000000000704850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7145f260ab4417e62023-02-07 15:15:06.347root 11241100x8000000000000000704866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d9540870e192c2023-02-07 15:15:06.348root 11241100x8000000000000000704865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30fef809418af602023-02-07 15:15:06.348root 11241100x8000000000000000704864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e353c34db040152023-02-07 15:15:06.348root 11241100x8000000000000000704863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41243019f722d922023-02-07 15:15:06.348root 11241100x8000000000000000704873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e440cfe6106368e2023-02-07 15:15:06.846root 11241100x8000000000000000704872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c31d965ff6a27d2023-02-07 15:15:06.846root 11241100x8000000000000000704871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce6161a4a5c70422023-02-07 15:15:06.846root 11241100x8000000000000000704870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5772d77f678a0d12023-02-07 15:15:06.846root 11241100x8000000000000000704869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbf65a1e789b7102023-02-07 15:15:06.846root 11241100x8000000000000000704868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bd5414e4c7f38c2023-02-07 15:15:06.846root 11241100x8000000000000000704867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f6b3d9baa93c3e2023-02-07 15:15:06.846root 11241100x8000000000000000704888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070fc3e4297ef3da2023-02-07 15:15:06.847root 11241100x8000000000000000704887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0392f7838572a012023-02-07 15:15:06.847root 11241100x8000000000000000704886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89fc75523616ee52023-02-07 15:15:06.847root 11241100x8000000000000000704885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f93d7b5a56a9882023-02-07 15:15:06.847root 11241100x8000000000000000704884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247cc2a7171595552023-02-07 15:15:06.847root 11241100x8000000000000000704883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379bee7ec6662d012023-02-07 15:15:06.847root 11241100x8000000000000000704882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed569cc72d70ac82023-02-07 15:15:06.847root 11241100x8000000000000000704881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa64d19d6ce6442e2023-02-07 15:15:06.847root 11241100x8000000000000000704880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b73ba71bdc85152023-02-07 15:15:06.847root 11241100x8000000000000000704879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d28c94c11a07bea2023-02-07 15:15:06.847root 11241100x8000000000000000704878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf98dfb579ccbc2023-02-07 15:15:06.847root 11241100x8000000000000000704877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c68ab34d0121132023-02-07 15:15:06.847root 11241100x8000000000000000704876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203f6fc6f4f8f6312023-02-07 15:15:06.847root 11241100x8000000000000000704875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef9b24be0a832f2023-02-07 15:15:06.847root 11241100x8000000000000000704874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d345fec3f5ce5f9c2023-02-07 15:15:06.847root 11241100x8000000000000000704892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcb1f5f7cfb7a462023-02-07 15:15:06.848root 11241100x8000000000000000704891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57353a66287fac082023-02-07 15:15:06.848root 11241100x8000000000000000704890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262b9208c04a779a2023-02-07 15:15:06.848root 11241100x8000000000000000704889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:06.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74fd901550eb6992023-02-07 15:15:06.848root 11241100x8000000000000000704899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3c843f8fc6fd632023-02-07 15:15:07.346root 11241100x8000000000000000704898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d303d9ae5760b2e22023-02-07 15:15:07.346root 11241100x8000000000000000704897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9537d65b5f8ccb52023-02-07 15:15:07.346root 11241100x8000000000000000704896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa1953e702c810e2023-02-07 15:15:07.346root 11241100x8000000000000000704895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7491e048f2452a52023-02-07 15:15:07.346root 11241100x8000000000000000704894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac1f8b02af6383e2023-02-07 15:15:07.346root 11241100x8000000000000000704893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a9fef63bfd3f382023-02-07 15:15:07.346root 11241100x8000000000000000704911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8778c52644d752023-02-07 15:15:07.347root 11241100x8000000000000000704910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e1071fad1a1d662023-02-07 15:15:07.347root 11241100x8000000000000000704909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1fe3e167d3cedc2023-02-07 15:15:07.347root 11241100x8000000000000000704908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c5cb9a64cc49f92023-02-07 15:15:07.347root 11241100x8000000000000000704907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76da6aaa6e2794ce2023-02-07 15:15:07.347root 11241100x8000000000000000704906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc13ed936a171ebc2023-02-07 15:15:07.347root 11241100x8000000000000000704905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a20ebb03fc5b6332023-02-07 15:15:07.347root 11241100x8000000000000000704904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e832a2709071002023-02-07 15:15:07.347root 11241100x8000000000000000704903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4dd3a384ef22e52023-02-07 15:15:07.347root 11241100x8000000000000000704902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066d85886a66b94b2023-02-07 15:15:07.347root 11241100x8000000000000000704901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4660bee6ad94df9b2023-02-07 15:15:07.347root 11241100x8000000000000000704900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b72500ef23b5e52023-02-07 15:15:07.347root 11241100x8000000000000000704918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ca54287fb999d52023-02-07 15:15:07.348root 11241100x8000000000000000704917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e3452f100556f52023-02-07 15:15:07.348root 11241100x8000000000000000704916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c95089eab31b372023-02-07 15:15:07.348root 11241100x8000000000000000704915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea59229c423092aa2023-02-07 15:15:07.348root 11241100x8000000000000000704914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3ca61eacdcaaf12023-02-07 15:15:07.348root 11241100x8000000000000000704913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e194b5c1d9a8cfe2023-02-07 15:15:07.348root 11241100x8000000000000000704912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925012ad371e6a7e2023-02-07 15:15:07.348root 11241100x8000000000000000704926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147baaa9a00e8a0d2023-02-07 15:15:07.846root 11241100x8000000000000000704925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5a50a74cadc2082023-02-07 15:15:07.846root 11241100x8000000000000000704924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ede475f6b0d0d282023-02-07 15:15:07.846root 11241100x8000000000000000704923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e0540b69beed292023-02-07 15:15:07.846root 11241100x8000000000000000704922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49efb0b6309ab2792023-02-07 15:15:07.846root 11241100x8000000000000000704921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72af945b5ca36dcc2023-02-07 15:15:07.846root 11241100x8000000000000000704920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f71a8fc868da1f2023-02-07 15:15:07.846root 11241100x8000000000000000704919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d6203d24d27c152023-02-07 15:15:07.846root 11241100x8000000000000000704941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34189e24193cbc292023-02-07 15:15:07.847root 11241100x8000000000000000704940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa9d5a2db9124232023-02-07 15:15:07.847root 11241100x8000000000000000704939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02649bce8da4d1ff2023-02-07 15:15:07.847root 11241100x8000000000000000704938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0a8e05a3af4ac42023-02-07 15:15:07.847root 11241100x8000000000000000704937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a22af78a1f2dbbf2023-02-07 15:15:07.847root 11241100x8000000000000000704936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e80547ccdb52d392023-02-07 15:15:07.847root 11241100x8000000000000000704935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4902aa3c5304b76c2023-02-07 15:15:07.847root 11241100x8000000000000000704934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d8deb93f77528c2023-02-07 15:15:07.847root 11241100x8000000000000000704933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f21cdbcab6a7b52023-02-07 15:15:07.847root 11241100x8000000000000000704932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00f9f632881d65b2023-02-07 15:15:07.847root 11241100x8000000000000000704931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ba6582852049d12023-02-07 15:15:07.847root 11241100x8000000000000000704930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa018502997bd802023-02-07 15:15:07.847root 11241100x8000000000000000704929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf84539eb36bbf22023-02-07 15:15:07.847root 11241100x8000000000000000704928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a96c4078116eedd2023-02-07 15:15:07.847root 11241100x8000000000000000704927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5fe0435891ce412023-02-07 15:15:07.847root 11241100x8000000000000000704944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b67edb99b2cdb6a2023-02-07 15:15:07.848root 11241100x8000000000000000704943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2178b78628e72cd2023-02-07 15:15:07.848root 11241100x8000000000000000704942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:07.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cb62a464cf4dc92023-02-07 15:15:07.848root 11241100x8000000000000000704947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.233{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c4db63feaa935e2023-02-07 15:15:08.233root 11241100x8000000000000000704946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.233{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55d04bbb98928362023-02-07 15:15:08.233root 354300x8000000000000000704945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.233{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51790-false10.0.1.12-8000- 11241100x8000000000000000704962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136892a9c137e34b2023-02-07 15:15:08.234root 11241100x8000000000000000704961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7622ffeecb590232023-02-07 15:15:08.234root 11241100x8000000000000000704960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482d71c08795fc552023-02-07 15:15:08.234root 11241100x8000000000000000704959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b3d97a07ad93de2023-02-07 15:15:08.234root 11241100x8000000000000000704958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c22eee544a4df82023-02-07 15:15:08.234root 11241100x8000000000000000704957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3bba8c5f9733a2023-02-07 15:15:08.234root 11241100x8000000000000000704956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223c6e2b73b461782023-02-07 15:15:08.234root 11241100x8000000000000000704955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0600f9107f6a4ced2023-02-07 15:15:08.234root 11241100x8000000000000000704954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdd2239f4ec39b92023-02-07 15:15:08.234root 11241100x8000000000000000704953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979d832e98487d232023-02-07 15:15:08.234root 11241100x8000000000000000704952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60aea95e8a23c4f52023-02-07 15:15:08.234root 11241100x8000000000000000704951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03271a11fd0ff7ab2023-02-07 15:15:08.234root 11241100x8000000000000000704950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3aaabad5cc15952023-02-07 15:15:08.234root 11241100x8000000000000000704949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d76a7af3e466e972023-02-07 15:15:08.234root 11241100x8000000000000000704948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dfaf06a31cdd752023-02-07 15:15:08.234root 11241100x8000000000000000704976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaf9267e1320ffc2023-02-07 15:15:08.235root 11241100x8000000000000000704975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a03af8e4f73ebf62023-02-07 15:15:08.235root 11241100x8000000000000000704974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46702da37405127e2023-02-07 15:15:08.235root 11241100x8000000000000000704973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23eda70ad7d3a2ed2023-02-07 15:15:08.235root 11241100x8000000000000000704972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02ce2c0780b83132023-02-07 15:15:08.235root 11241100x8000000000000000704971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90c78cb8e8922bc2023-02-07 15:15:08.235root 11241100x8000000000000000704970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420be65e647830122023-02-07 15:15:08.235root 11241100x8000000000000000704969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac41027f5307caa2023-02-07 15:15:08.235root 11241100x8000000000000000704968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d083a6d5151fc0a82023-02-07 15:15:08.235root 11241100x8000000000000000704967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b2548f6f06c2382023-02-07 15:15:08.235root 11241100x8000000000000000704966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16802a8c07345642023-02-07 15:15:08.235root 11241100x8000000000000000704965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5805df34c650de5a2023-02-07 15:15:08.235root 11241100x8000000000000000704964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186d5da7b01bcb3b2023-02-07 15:15:08.235root 11241100x8000000000000000704963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af19713b3798de9c2023-02-07 15:15:08.235root 11241100x8000000000000000704983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8ecb1695f557f02023-02-07 15:15:08.595root 11241100x8000000000000000704982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c857884751e6c02023-02-07 15:15:08.595root 11241100x8000000000000000704981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8f80de8bf438bb2023-02-07 15:15:08.595root 11241100x8000000000000000704980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dca0dd894a73f62023-02-07 15:15:08.595root 11241100x8000000000000000704979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8d63807d5000172023-02-07 15:15:08.595root 11241100x8000000000000000704978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e0e5ebef452a992023-02-07 15:15:08.595root 11241100x8000000000000000704977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cacf3f46c621fa92023-02-07 15:15:08.595root 11241100x8000000000000000704989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aebf9c72d77df8f2023-02-07 15:15:08.596root 11241100x8000000000000000704988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6f11a78c1e71cf2023-02-07 15:15:08.596root 11241100x8000000000000000704987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe09acb2661f3252023-02-07 15:15:08.596root 11241100x8000000000000000704986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b6baede99362d2023-02-07 15:15:08.596root 11241100x8000000000000000704985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503a032b881ed53f2023-02-07 15:15:08.596root 11241100x8000000000000000704984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca11346b74073692023-02-07 15:15:08.596root 11241100x8000000000000000704994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613731e612d284482023-02-07 15:15:08.597root 11241100x8000000000000000704993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f5f21a980b34fd2023-02-07 15:15:08.597root 11241100x8000000000000000704992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac83931776d16c382023-02-07 15:15:08.597root 11241100x8000000000000000704991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482631397ef31332023-02-07 15:15:08.597root 11241100x8000000000000000704990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741b46657d5594a52023-02-07 15:15:08.597root 11241100x8000000000000000704998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814d28c78e3fe63b2023-02-07 15:15:08.598root 11241100x8000000000000000704997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48da488113094b3c2023-02-07 15:15:08.598root 11241100x8000000000000000704996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f7cc98464889e2023-02-07 15:15:08.598root 11241100x8000000000000000704995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bc577644c8df772023-02-07 15:15:08.598root 11241100x8000000000000000704999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf793fdc4e347712023-02-07 15:15:08.599root 11241100x8000000000000000705004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40738b644d8b25e52023-02-07 15:15:08.600root 11241100x8000000000000000705003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df30bc7f5a41aac12023-02-07 15:15:08.600root 11241100x8000000000000000705002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d338fd9e6ca7eb2023-02-07 15:15:08.600root 11241100x8000000000000000705001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ff1848eec132ab2023-02-07 15:15:08.600root 11241100x8000000000000000705000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca71a19752e636f2023-02-07 15:15:08.600root 11241100x8000000000000000705005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc3d63b753ec0952023-02-07 15:15:08.601root 11241100x8000000000000000705009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40125509e510078e2023-02-07 15:15:08.603root 11241100x8000000000000000705008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e53392347f2ab2023-02-07 15:15:08.603root 11241100x8000000000000000705007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502f2467d9b0a36e2023-02-07 15:15:08.603root 11241100x8000000000000000705006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8f47ddd288a0042023-02-07 15:15:08.603root 11241100x8000000000000000705012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6b701ea0bda8c2023-02-07 15:15:08.604root 11241100x8000000000000000705011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8ec06299b43f152023-02-07 15:15:08.604root 11241100x8000000000000000705010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:08.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990bd032c70962732023-02-07 15:15:08.604root 11241100x8000000000000000705015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845c86cd6b0a71602023-02-07 15:15:09.095root 11241100x8000000000000000705014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1048140359f4c92023-02-07 15:15:09.095root 11241100x8000000000000000705013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f548107a802b672023-02-07 15:15:09.095root 11241100x8000000000000000705019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecdd84f639416c02023-02-07 15:15:09.096root 11241100x8000000000000000705018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636e8daddcc56c8f2023-02-07 15:15:09.096root 11241100x8000000000000000705017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a509b91181a54e2023-02-07 15:15:09.096root 11241100x8000000000000000705016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0933e1ad861ee1c2023-02-07 15:15:09.096root 11241100x8000000000000000705022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b781b57d2fb75a082023-02-07 15:15:09.097root 11241100x8000000000000000705021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bfbd78e7e7b8072023-02-07 15:15:09.097root 11241100x8000000000000000705020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fc2f25bb90ea982023-02-07 15:15:09.097root 11241100x8000000000000000705026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a462f48e0057e82023-02-07 15:15:09.098root 11241100x8000000000000000705025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7892ad3ea3da7b2023-02-07 15:15:09.098root 11241100x8000000000000000705024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f51596dc48b03d2023-02-07 15:15:09.098root 11241100x8000000000000000705023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a9907d60cd88562023-02-07 15:15:09.098root 11241100x8000000000000000705030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61282ca73eadf992023-02-07 15:15:09.099root 11241100x8000000000000000705029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2880c4604e43d902023-02-07 15:15:09.099root 11241100x8000000000000000705028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc4a82b4e4065672023-02-07 15:15:09.099root 11241100x8000000000000000705027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f09942d1c9489c2023-02-07 15:15:09.099root 11241100x8000000000000000705035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43868355941434822023-02-07 15:15:09.100root 11241100x8000000000000000705034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382d3c90ea4d6a22023-02-07 15:15:09.100root 11241100x8000000000000000705033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd25e9aae417e62023-02-07 15:15:09.100root 11241100x8000000000000000705032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d7fbfc0cc871da2023-02-07 15:15:09.100root 11241100x8000000000000000705031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5c5c0652c614e12023-02-07 15:15:09.100root 11241100x8000000000000000705039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fea60927173b9812023-02-07 15:15:09.101root 11241100x8000000000000000705038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c74dea415c057d2023-02-07 15:15:09.101root 11241100x8000000000000000705037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dca884fa44154d2023-02-07 15:15:09.101root 11241100x8000000000000000705036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a13b22b4dc49402023-02-07 15:15:09.101root 11241100x8000000000000000705043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73d42d92d0bb8642023-02-07 15:15:09.102root 11241100x8000000000000000705042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2957fce77ab0c12023-02-07 15:15:09.102root 11241100x8000000000000000705041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e0fda19faf6ff52023-02-07 15:15:09.102root 11241100x8000000000000000705040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a2bddd91ba1cbf2023-02-07 15:15:09.102root 11241100x8000000000000000705044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2f20d886d615fc2023-02-07 15:15:09.103root 11241100x8000000000000000705047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b083e63b54b8dc82023-02-07 15:15:09.595root 11241100x8000000000000000705046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356deb9200284f982023-02-07 15:15:09.595root 11241100x8000000000000000705045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfa985ec6785a8c2023-02-07 15:15:09.595root 11241100x8000000000000000705051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a865b4915d1d3f12023-02-07 15:15:09.596root 11241100x8000000000000000705050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748d268771e6205f2023-02-07 15:15:09.596root 11241100x8000000000000000705049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50bb072bee4dab82023-02-07 15:15:09.596root 11241100x8000000000000000705048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6536258adf127dc2023-02-07 15:15:09.596root 11241100x8000000000000000705055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b92e9c7d2319ae2023-02-07 15:15:09.597root 11241100x8000000000000000705054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e9d54ef3f624552023-02-07 15:15:09.597root 11241100x8000000000000000705053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d70b80bc19842d62023-02-07 15:15:09.597root 11241100x8000000000000000705052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dba51f7bbf38032023-02-07 15:15:09.597root 11241100x8000000000000000705060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38479aa2e6a647fb2023-02-07 15:15:09.598root 11241100x8000000000000000705059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f82b79138d585112023-02-07 15:15:09.598root 11241100x8000000000000000705058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca54e2ca16557d92023-02-07 15:15:09.598root 11241100x8000000000000000705057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef7c1d7f7297d32023-02-07 15:15:09.598root 11241100x8000000000000000705056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd933288864a4462023-02-07 15:15:09.598root 11241100x8000000000000000705065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b058daab0f81d8f2023-02-07 15:15:09.599root 11241100x8000000000000000705064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525c7bb06b8e249d2023-02-07 15:15:09.599root 11241100x8000000000000000705063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94021cfaaf3459bb2023-02-07 15:15:09.599root 11241100x8000000000000000705062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda22bec09da91292023-02-07 15:15:09.599root 11241100x8000000000000000705061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093d9f9fae2ed4782023-02-07 15:15:09.599root 11241100x8000000000000000705071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb514c042928d42023-02-07 15:15:09.600root 11241100x8000000000000000705070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f9caae73e3a24f2023-02-07 15:15:09.600root 11241100x8000000000000000705069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9035d821549b50db2023-02-07 15:15:09.600root 11241100x8000000000000000705068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6b5c34b51362fc2023-02-07 15:15:09.600root 11241100x8000000000000000705067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b5997fe726352b2023-02-07 15:15:09.600root 11241100x8000000000000000705066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcfd16b5268b5982023-02-07 15:15:09.600root 11241100x8000000000000000705072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27919408dbc98a8f2023-02-07 15:15:09.601root 11241100x8000000000000000705074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233765a96273162c2023-02-07 15:15:09.602root 11241100x8000000000000000705073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:09.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ec0a95912f8c272023-02-07 15:15:09.602root 11241100x8000000000000000705077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db24154209119a692023-02-07 15:15:10.095root 11241100x8000000000000000705076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90dc525d560a4062023-02-07 15:15:10.095root 11241100x8000000000000000705075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b97b4e85828e0c2023-02-07 15:15:10.095root 11241100x8000000000000000705082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ecddd6a2aead572023-02-07 15:15:10.096root 11241100x8000000000000000705081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19401e1d7a45997a2023-02-07 15:15:10.096root 11241100x8000000000000000705080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff80cee8ab80ec92023-02-07 15:15:10.096root 11241100x8000000000000000705079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247634f7a3b683162023-02-07 15:15:10.096root 11241100x8000000000000000705078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e0583eab96f9982023-02-07 15:15:10.096root 11241100x8000000000000000705088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fd9a1124f051002023-02-07 15:15:10.097root 11241100x8000000000000000705087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea388d89fce607272023-02-07 15:15:10.097root 11241100x8000000000000000705086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948f3fb7a8c4ab922023-02-07 15:15:10.097root 11241100x8000000000000000705085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b1d0d7ec975f072023-02-07 15:15:10.097root 11241100x8000000000000000705084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72789ed9e1bcba162023-02-07 15:15:10.097root 11241100x8000000000000000705083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088f0477a21f25732023-02-07 15:15:10.097root 11241100x8000000000000000705094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803d485388d161d32023-02-07 15:15:10.098root 11241100x8000000000000000705093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e428ff697e612be2023-02-07 15:15:10.098root 11241100x8000000000000000705092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8baa9b51acba0152023-02-07 15:15:10.098root 11241100x8000000000000000705091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5a06b29b076d622023-02-07 15:15:10.098root 11241100x8000000000000000705090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b19be2044c3613f2023-02-07 15:15:10.098root 11241100x8000000000000000705089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a138aa01124d02023-02-07 15:15:10.098root 11241100x8000000000000000705099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d40174622c4722023-02-07 15:15:10.099root 11241100x8000000000000000705098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f317613fe1f572e42023-02-07 15:15:10.099root 11241100x8000000000000000705097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90841cc7bf97b44d2023-02-07 15:15:10.099root 11241100x8000000000000000705096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a946dcea1767bd312023-02-07 15:15:10.099root 11241100x8000000000000000705095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04bb87ccd8c97832023-02-07 15:15:10.099root 11241100x8000000000000000705102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8365189bdac262d2023-02-07 15:15:10.100root 11241100x8000000000000000705101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ce6f6da14e0be02023-02-07 15:15:10.100root 11241100x8000000000000000705100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5292389be31242842023-02-07 15:15:10.100root 11241100x8000000000000000705104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7843d3fcbb8e141c2023-02-07 15:15:10.595root 11241100x8000000000000000705103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e92bf77c4e50af12023-02-07 15:15:10.595root 11241100x8000000000000000705109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea252184aa83b242023-02-07 15:15:10.596root 11241100x8000000000000000705108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3c2c9bfbdfed702023-02-07 15:15:10.596root 11241100x8000000000000000705107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb47d8149b429a982023-02-07 15:15:10.596root 11241100x8000000000000000705106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab826350b5083962023-02-07 15:15:10.596root 11241100x8000000000000000705105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab15f0a5b0058532023-02-07 15:15:10.596root 11241100x8000000000000000705113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0c7af5d41404fa2023-02-07 15:15:10.597root 11241100x8000000000000000705112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609cb162c5fb6a9f2023-02-07 15:15:10.597root 11241100x8000000000000000705111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82da1a3d3acb47762023-02-07 15:15:10.597root 11241100x8000000000000000705110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651ba483e674d79a2023-02-07 15:15:10.597root 11241100x8000000000000000705123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee369353c3ef69522023-02-07 15:15:10.598root 11241100x8000000000000000705122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d229ff61641b27172023-02-07 15:15:10.598root 11241100x8000000000000000705121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73044509c6f38f42023-02-07 15:15:10.598root 11241100x8000000000000000705120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcf5bd2333d115c2023-02-07 15:15:10.598root 11241100x8000000000000000705119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c902583cfcc922382023-02-07 15:15:10.598root 11241100x8000000000000000705118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09964466bf1ebe822023-02-07 15:15:10.598root 11241100x8000000000000000705117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0937937cd5f33512023-02-07 15:15:10.598root 11241100x8000000000000000705116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180588a34f6321b02023-02-07 15:15:10.598root 11241100x8000000000000000705115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e231860d789da9ef2023-02-07 15:15:10.598root 11241100x8000000000000000705114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f9c4ddf6e156b2023-02-07 15:15:10.598root 11241100x8000000000000000705132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4604ee6f6c0f902023-02-07 15:15:10.599root 11241100x8000000000000000705131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90aacf7b3b63a9f2023-02-07 15:15:10.599root 11241100x8000000000000000705130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ced707c1345e322023-02-07 15:15:10.599root 11241100x8000000000000000705129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402c076b7f30f1912023-02-07 15:15:10.599root 11241100x8000000000000000705128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60effa62de935ee02023-02-07 15:15:10.599root 11241100x8000000000000000705127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8be6aa0b37e641f2023-02-07 15:15:10.599root 11241100x8000000000000000705126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaea7b20273f27b2023-02-07 15:15:10.599root 11241100x8000000000000000705125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c2d10c8c0067732023-02-07 15:15:10.599root 11241100x8000000000000000705124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b925b8bdd764ee2023-02-07 15:15:10.599root 11241100x8000000000000000705133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f0a1f50b23d1d82023-02-07 15:15:10.600root 11241100x8000000000000000705138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b846be8e877436ed2023-02-07 15:15:11.095root 11241100x8000000000000000705137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc5db7d616b72222023-02-07 15:15:11.095root 11241100x8000000000000000705136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdcbbaf17707d372023-02-07 15:15:11.095root 11241100x8000000000000000705135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f259229709b823672023-02-07 15:15:11.095root 11241100x8000000000000000705134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1d5102f34cd6442023-02-07 15:15:11.095root 11241100x8000000000000000705144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0100c8e4918647e12023-02-07 15:15:11.096root 11241100x8000000000000000705143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95995611d37263f52023-02-07 15:15:11.096root 11241100x8000000000000000705142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140322b832e0e86a2023-02-07 15:15:11.096root 11241100x8000000000000000705141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49e4d54540625822023-02-07 15:15:11.096root 11241100x8000000000000000705140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c7cb0cd19d94f42023-02-07 15:15:11.096root 11241100x8000000000000000705139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7fdc9114c2793c2023-02-07 15:15:11.096root 11241100x8000000000000000705148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed79ebee90d415e2023-02-07 15:15:11.097root 11241100x8000000000000000705147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8a03c2566ce7f42023-02-07 15:15:11.097root 11241100x8000000000000000705146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcef1e4f58e07782023-02-07 15:15:11.097root 11241100x8000000000000000705145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eedc5f42a13ff6e2023-02-07 15:15:11.097root 11241100x8000000000000000705158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e905815f4b10f92023-02-07 15:15:11.098root 11241100x8000000000000000705157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b03e9be7270e0b72023-02-07 15:15:11.098root 11241100x8000000000000000705156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f85941023e9ae8a2023-02-07 15:15:11.098root 11241100x8000000000000000705155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879aaa9d3797740d2023-02-07 15:15:11.098root 11241100x8000000000000000705154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f526783a2af55c2023-02-07 15:15:11.098root 11241100x8000000000000000705153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b906bd7aab50f12023-02-07 15:15:11.098root 11241100x8000000000000000705152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622e64a8fcc403862023-02-07 15:15:11.098root 11241100x8000000000000000705151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855ab1fdbebc32252023-02-07 15:15:11.098root 11241100x8000000000000000705150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce1c902dc64a46e2023-02-07 15:15:11.098root 11241100x8000000000000000705149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c9548db2f081da2023-02-07 15:15:11.098root 11241100x8000000000000000705161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee061a2c416f40f2023-02-07 15:15:11.099root 11241100x8000000000000000705160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbd5b53e0f549002023-02-07 15:15:11.099root 11241100x8000000000000000705159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc5894a3a21ebe22023-02-07 15:15:11.099root 11241100x8000000000000000705165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bc00726acd4f912023-02-07 15:15:11.595root 11241100x8000000000000000705164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30455f28994e1b5a2023-02-07 15:15:11.595root 11241100x8000000000000000705163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec98d6aa2be3eb72023-02-07 15:15:11.595root 11241100x8000000000000000705162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a027646ad33b1a2023-02-07 15:15:11.595root 11241100x8000000000000000705171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5129d0c7af486b1d2023-02-07 15:15:11.596root 11241100x8000000000000000705170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b15eaf8a9595ba2023-02-07 15:15:11.596root 11241100x8000000000000000705169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dcb5ea3cf270542023-02-07 15:15:11.596root 11241100x8000000000000000705168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5413eecafaccf3192023-02-07 15:15:11.596root 11241100x8000000000000000705167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21666967c70826912023-02-07 15:15:11.596root 11241100x8000000000000000705166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c908ea177a7fc52023-02-07 15:15:11.596root 11241100x8000000000000000705176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc0b941fb4c1db32023-02-07 15:15:11.597root 11241100x8000000000000000705175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef64c556107a782023-02-07 15:15:11.597root 11241100x8000000000000000705174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8961bc6b71f097c92023-02-07 15:15:11.597root 11241100x8000000000000000705173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d40346fad4c59342023-02-07 15:15:11.597root 11241100x8000000000000000705172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf3e87fa6bdff32023-02-07 15:15:11.597root 11241100x8000000000000000705188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c974809d7305c5d82023-02-07 15:15:11.598root 11241100x8000000000000000705187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45f95d02292e1df2023-02-07 15:15:11.598root 11241100x8000000000000000705186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa8d88c774972f2023-02-07 15:15:11.598root 11241100x8000000000000000705185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7308620551eb42023-02-07 15:15:11.598root 11241100x8000000000000000705184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea2135ac5df2a882023-02-07 15:15:11.598root 11241100x8000000000000000705183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7c031b0ccdd5732023-02-07 15:15:11.598root 11241100x8000000000000000705182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e17d3ca6127c0c92023-02-07 15:15:11.598root 11241100x8000000000000000705181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2a2fb4d850edcf2023-02-07 15:15:11.598root 11241100x8000000000000000705180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02023eea0bd011572023-02-07 15:15:11.598root 11241100x8000000000000000705179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d7ef0fb7f7fb22023-02-07 15:15:11.598root 11241100x8000000000000000705178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945afaff2a0ee4692023-02-07 15:15:11.598root 11241100x8000000000000000705177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8ed1c6554c43d22023-02-07 15:15:11.598root 11241100x8000000000000000705191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d7dbc052e242152023-02-07 15:15:11.599root 11241100x8000000000000000705190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcf738ee1bdb82e2023-02-07 15:15:11.599root 11241100x8000000000000000705189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae7cc935b49b82f2023-02-07 15:15:11.599root 11241100x8000000000000000705193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20880b910a25706a2023-02-07 15:15:12.096root 11241100x8000000000000000705192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93120e9d278432b2023-02-07 15:15:12.096root 11241100x8000000000000000705202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa96873f57c6ceca2023-02-07 15:15:12.097root 11241100x8000000000000000705201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b58d215ac996d32023-02-07 15:15:12.097root 11241100x8000000000000000705200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2842bb510eb4cea02023-02-07 15:15:12.097root 11241100x8000000000000000705199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72628783528c0662023-02-07 15:15:12.097root 11241100x8000000000000000705198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dd36201b681ab92023-02-07 15:15:12.097root 11241100x8000000000000000705197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453881e4d80166ab2023-02-07 15:15:12.097root 11241100x8000000000000000705196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb82f5e0decdc2b2023-02-07 15:15:12.097root 11241100x8000000000000000705195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34697c3330c125d2023-02-07 15:15:12.097root 11241100x8000000000000000705194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0f57a48792a6e12023-02-07 15:15:12.097root 11241100x8000000000000000705210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c7a347c53f8d732023-02-07 15:15:12.098root 11241100x8000000000000000705209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952040ac3b9e9b142023-02-07 15:15:12.098root 11241100x8000000000000000705208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fa46edf109e1622023-02-07 15:15:12.098root 11241100x8000000000000000705207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd200f259f58cb02023-02-07 15:15:12.098root 11241100x8000000000000000705206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc59bc473e6cad62023-02-07 15:15:12.098root 11241100x8000000000000000705205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085c5142f6c4fb572023-02-07 15:15:12.098root 11241100x8000000000000000705204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8a0157448bdd002023-02-07 15:15:12.098root 11241100x8000000000000000705203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8e110ba5852bcf2023-02-07 15:15:12.098root 11241100x8000000000000000705211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d6fc3a3a44490d2023-02-07 15:15:12.101root 11241100x8000000000000000705218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6231a067f62bac322023-02-07 15:15:12.102root 11241100x8000000000000000705217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e381f63669a7a71e2023-02-07 15:15:12.102root 11241100x8000000000000000705216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae262c3fb5b44572023-02-07 15:15:12.102root 11241100x8000000000000000705215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297a87f747bda6be2023-02-07 15:15:12.102root 11241100x8000000000000000705214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced6f8344ab710342023-02-07 15:15:12.102root 11241100x8000000000000000705213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a589ff34c04a774a2023-02-07 15:15:12.102root 11241100x8000000000000000705212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b52e1036f9ee42f2023-02-07 15:15:12.102root 11241100x8000000000000000705223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c5f58c865e81362023-02-07 15:15:12.595root 11241100x8000000000000000705222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1904f9be1e4f498c2023-02-07 15:15:12.595root 11241100x8000000000000000705221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a66f28944c87e4e2023-02-07 15:15:12.595root 11241100x8000000000000000705220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aec8bcd413efacf2023-02-07 15:15:12.595root 11241100x8000000000000000705219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badaba22bad2edf12023-02-07 15:15:12.595root 11241100x8000000000000000705233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5f7800ba60144f2023-02-07 15:15:12.596root 11241100x8000000000000000705232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f573548a2af8f3c2023-02-07 15:15:12.596root 11241100x8000000000000000705231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a43ca5123c7d5d2023-02-07 15:15:12.596root 11241100x8000000000000000705230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c932e26a6ac33e642023-02-07 15:15:12.596root 11241100x8000000000000000705229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30c7535c0320f112023-02-07 15:15:12.596root 11241100x8000000000000000705228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff82404f0c0d22b82023-02-07 15:15:12.596root 11241100x8000000000000000705227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d626a365207be82023-02-07 15:15:12.596root 11241100x8000000000000000705226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118f770e83884cca2023-02-07 15:15:12.596root 11241100x8000000000000000705225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ae1896f258477a2023-02-07 15:15:12.596root 11241100x8000000000000000705224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c6c67fea03d2b2023-02-07 15:15:12.596root 11241100x8000000000000000705236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837e4b728dec79cd2023-02-07 15:15:12.597root 11241100x8000000000000000705235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c187c064070134b72023-02-07 15:15:12.597root 11241100x8000000000000000705234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fb54a332d3803d2023-02-07 15:15:12.597root 11241100x8000000000000000705240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35840dea86051b332023-02-07 15:15:12.598root 11241100x8000000000000000705239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691fcfe3964530262023-02-07 15:15:12.598root 11241100x8000000000000000705238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6312198ec18c05b2023-02-07 15:15:12.598root 11241100x8000000000000000705237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115c5613b456803d2023-02-07 15:15:12.598root 11241100x8000000000000000705243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2ec48c069554c92023-02-07 15:15:12.599root 11241100x8000000000000000705242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14599a96d294b42f2023-02-07 15:15:12.599root 11241100x8000000000000000705241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a597f0465c2a40d2023-02-07 15:15:12.599root 11241100x8000000000000000705251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7e008ed93d2b812023-02-07 15:15:12.600root 11241100x8000000000000000705250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5933f7c8aec47bf2023-02-07 15:15:12.600root 11241100x8000000000000000705249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ed9fcb0f1762fb2023-02-07 15:15:12.600root 11241100x8000000000000000705248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc922c59b1527b62023-02-07 15:15:12.600root 11241100x8000000000000000705247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e8eb079bc979b02023-02-07 15:15:12.600root 11241100x8000000000000000705246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bbfcb07747b98f2023-02-07 15:15:12.600root 11241100x8000000000000000705245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db550a2d0ff8e6852023-02-07 15:15:12.600root 11241100x8000000000000000705244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c72c71f59743a62023-02-07 15:15:12.600root 11241100x8000000000000000705259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792355d29989f142023-02-07 15:15:12.601root 11241100x8000000000000000705258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a918bfdf1ee2ce2023-02-07 15:15:12.601root 11241100x8000000000000000705257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2564dbc5bd1ef722023-02-07 15:15:12.601root 11241100x8000000000000000705256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f113c0d137b37d382023-02-07 15:15:12.601root 11241100x8000000000000000705255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dbd5856d4cbd852023-02-07 15:15:12.601root 11241100x8000000000000000705254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92503622db2d5e6e2023-02-07 15:15:12.601root 11241100x8000000000000000705253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1e830b559ff3d72023-02-07 15:15:12.601root 11241100x8000000000000000705252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:12.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24ca52f7637136a2023-02-07 15:15:12.601root 11241100x8000000000000000705264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89ec7abe06a64dc2023-02-07 15:15:13.095root 11241100x8000000000000000705263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe2053cc5d10ba52023-02-07 15:15:13.095root 11241100x8000000000000000705262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e02ca978078c9cc2023-02-07 15:15:13.095root 11241100x8000000000000000705261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0713abc48180e492023-02-07 15:15:13.095root 11241100x8000000000000000705260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8131481926abd9d2023-02-07 15:15:13.095root 11241100x8000000000000000705270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357bf6f85caf78022023-02-07 15:15:13.096root 11241100x8000000000000000705269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e58d001f23b0d4e2023-02-07 15:15:13.096root 11241100x8000000000000000705268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810030dd858dfc402023-02-07 15:15:13.096root 11241100x8000000000000000705267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0461029627c2bbc62023-02-07 15:15:13.096root 11241100x8000000000000000705266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7978eae901a1c2942023-02-07 15:15:13.096root 11241100x8000000000000000705265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c98d8626078d5f42023-02-07 15:15:13.096root 11241100x8000000000000000705274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d03e26f11ae29a2023-02-07 15:15:13.097root 11241100x8000000000000000705273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0130e537403922023-02-07 15:15:13.097root 11241100x8000000000000000705272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f2708ec942ffff2023-02-07 15:15:13.097root 11241100x8000000000000000705271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b40acb5bab8afc2023-02-07 15:15:13.097root 11241100x8000000000000000705283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d09908443a6c4e02023-02-07 15:15:13.098root 11241100x8000000000000000705282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cd3c862cb782ba2023-02-07 15:15:13.098root 11241100x8000000000000000705281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea23421a0ea58d442023-02-07 15:15:13.098root 11241100x8000000000000000705280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cdad212ed2cba32023-02-07 15:15:13.098root 11241100x8000000000000000705279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13b8f97f4297412023-02-07 15:15:13.098root 11241100x8000000000000000705278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdb25289b78a1ca2023-02-07 15:15:13.098root 11241100x8000000000000000705277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a7ea36c413ccb92023-02-07 15:15:13.098root 11241100x8000000000000000705276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8a0f8d1cb8ecaa2023-02-07 15:15:13.098root 11241100x8000000000000000705275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4905fcf0d363662023-02-07 15:15:13.098root 11241100x8000000000000000705291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35391bbe59ddbf3e2023-02-07 15:15:13.099root 11241100x8000000000000000705290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce39ed0505d9c1a62023-02-07 15:15:13.099root 11241100x8000000000000000705289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998605878b2294f2023-02-07 15:15:13.099root 11241100x8000000000000000705288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5ab6cb223e81962023-02-07 15:15:13.099root 11241100x8000000000000000705287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c128c14b6fd67202023-02-07 15:15:13.099root 11241100x8000000000000000705286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c661f08a3b1e7342023-02-07 15:15:13.099root 11241100x8000000000000000705285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f494ccfc95efd92023-02-07 15:15:13.099root 11241100x8000000000000000705284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63f32da65d5f1872023-02-07 15:15:13.099root 354300x8000000000000000705292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.256{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51792-false10.0.1.12-8000- 11241100x8000000000000000705299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767e5c5734efd45a2023-02-07 15:15:13.595root 11241100x8000000000000000705298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fd21b1882691ed2023-02-07 15:15:13.595root 11241100x8000000000000000705297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd16289f1ba44fc42023-02-07 15:15:13.595root 11241100x8000000000000000705296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d2c513ffd84fd62023-02-07 15:15:13.595root 11241100x8000000000000000705295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afe9292613867342023-02-07 15:15:13.595root 11241100x8000000000000000705294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40e3cb6628c5edf2023-02-07 15:15:13.595root 11241100x8000000000000000705293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c5887dd446ece2023-02-07 15:15:13.595root 11241100x8000000000000000705304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e734633b5f453162023-02-07 15:15:13.596root 11241100x8000000000000000705303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0877572c3a482cc42023-02-07 15:15:13.596root 11241100x8000000000000000705302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06328f87a499839b2023-02-07 15:15:13.596root 11241100x8000000000000000705301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c2c0764661a6712023-02-07 15:15:13.596root 11241100x8000000000000000705300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06d809c8ff9c2562023-02-07 15:15:13.596root 11241100x8000000000000000705308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f9de0aea2cca52023-02-07 15:15:13.597root 11241100x8000000000000000705307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4192e771765173fa2023-02-07 15:15:13.597root 11241100x8000000000000000705306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a45af5601f5f6c2023-02-07 15:15:13.597root 11241100x8000000000000000705305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6279ea4c64426d5b2023-02-07 15:15:13.597root 11241100x8000000000000000705313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb6b9c3da56eddd2023-02-07 15:15:13.598root 11241100x8000000000000000705312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce30f7f744e36a92023-02-07 15:15:13.598root 11241100x8000000000000000705311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660e9ab915e58a042023-02-07 15:15:13.598root 11241100x8000000000000000705310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a06938aee8a7fa2023-02-07 15:15:13.598root 11241100x8000000000000000705309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e439ce4d5b1000bd2023-02-07 15:15:13.598root 11241100x8000000000000000705319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d478098e37adeb2023-02-07 15:15:13.599root 11241100x8000000000000000705318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db396d0653ec844c2023-02-07 15:15:13.599root 11241100x8000000000000000705317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20ca5840f7acd962023-02-07 15:15:13.599root 11241100x8000000000000000705316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229ed444d418bcf92023-02-07 15:15:13.599root 11241100x8000000000000000705315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e543e888f3ed124d2023-02-07 15:15:13.599root 11241100x8000000000000000705314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1ade3bb0500e0c2023-02-07 15:15:13.599root 11241100x8000000000000000705324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70502ede27f487442023-02-07 15:15:13.600root 11241100x8000000000000000705323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1004d9b3a812484d2023-02-07 15:15:13.600root 11241100x8000000000000000705322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2fb49a7a2d75d52023-02-07 15:15:13.600root 11241100x8000000000000000705321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8393118c30bbd4ec2023-02-07 15:15:13.600root 11241100x8000000000000000705320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:13.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3418eedfcb3dab2023-02-07 15:15:13.600root 11241100x8000000000000000705329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537763780c869e2b2023-02-07 15:15:14.095root 11241100x8000000000000000705328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b582c4d8fd200e2023-02-07 15:15:14.095root 11241100x8000000000000000705327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d42e7ff61ff262023-02-07 15:15:14.095root 11241100x8000000000000000705326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f95334803b45d892023-02-07 15:15:14.095root 11241100x8000000000000000705325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aea1933f009ba912023-02-07 15:15:14.095root 11241100x8000000000000000705331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d86afb86280772023-02-07 15:15:14.096root 11241100x8000000000000000705330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366c3e78262370872023-02-07 15:15:14.096root 11241100x8000000000000000705334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7565f6effc5b8e222023-02-07 15:15:14.097root 11241100x8000000000000000705333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c86c9cc9eb5d1722023-02-07 15:15:14.097root 11241100x8000000000000000705332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2ac423f93be2722023-02-07 15:15:14.097root 11241100x8000000000000000705337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975cecb316df0c1b2023-02-07 15:15:14.098root 11241100x8000000000000000705336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f1a304b81b6dcf2023-02-07 15:15:14.098root 11241100x8000000000000000705335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf25f8039034a022023-02-07 15:15:14.098root 11241100x8000000000000000705341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7cecbb432ec5552023-02-07 15:15:14.099root 11241100x8000000000000000705340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd16c4c2874150fc2023-02-07 15:15:14.099root 11241100x8000000000000000705339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdd473dc651949a2023-02-07 15:15:14.099root 11241100x8000000000000000705338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0af155438b11ec12023-02-07 15:15:14.099root 11241100x8000000000000000705354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757c7fb4857108792023-02-07 15:15:14.100root 11241100x8000000000000000705353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8092636e7ac0fa72023-02-07 15:15:14.100root 11241100x8000000000000000705352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132ee3ae40688222023-02-07 15:15:14.100root 11241100x8000000000000000705351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480fcc8e1e3d60522023-02-07 15:15:14.100root 11241100x8000000000000000705350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ee859c6e589a32023-02-07 15:15:14.100root 11241100x8000000000000000705349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7633e9b6a76804f2023-02-07 15:15:14.100root 11241100x8000000000000000705348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7da44861fb28c9a2023-02-07 15:15:14.100root 11241100x8000000000000000705347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d35f6489664bda2023-02-07 15:15:14.100root 11241100x8000000000000000705346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812c129569fc42b2023-02-07 15:15:14.100root 11241100x8000000000000000705345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737ed80d5e1cb31e2023-02-07 15:15:14.100root 11241100x8000000000000000705344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f3b2629756b2592023-02-07 15:15:14.100root 11241100x8000000000000000705343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97ce1ff35408bcb2023-02-07 15:15:14.100root 11241100x8000000000000000705342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6934765bb13d6f2023-02-07 15:15:14.100root 11241100x8000000000000000705357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66ce1b97df158e2023-02-07 15:15:14.101root 11241100x8000000000000000705356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae588333cec651b2023-02-07 15:15:14.101root 11241100x8000000000000000705355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefa6b21881d79312023-02-07 15:15:14.101root 11241100x8000000000000000705358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4636c3aee676c162023-02-07 15:15:14.103root 354300x8000000000000000705359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.554{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-51072-false10.0.1.12-8089- 11241100x8000000000000000705363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.556{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b69ff8c05825952023-02-07 15:15:14.556root 11241100x8000000000000000705362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.556{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bc35516e7328142023-02-07 15:15:14.556root 11241100x8000000000000000705361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.556{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49591854271f0082023-02-07 15:15:14.556root 11241100x8000000000000000705360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.556{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed761873b234580e2023-02-07 15:15:14.556root 11241100x8000000000000000705374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d67ea7c9637d68c2023-02-07 15:15:14.557root 11241100x8000000000000000705373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18da57ceaefe635d2023-02-07 15:15:14.557root 11241100x8000000000000000705372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376bd572e90c5cf82023-02-07 15:15:14.557root 11241100x8000000000000000705371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6df5bdacc0140ef2023-02-07 15:15:14.557root 11241100x8000000000000000705370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0619f11511b6b52023-02-07 15:15:14.557root 11241100x8000000000000000705369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67376abf381d53632023-02-07 15:15:14.557root 11241100x8000000000000000705368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35ef86cc2aaf3272023-02-07 15:15:14.557root 11241100x8000000000000000705367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1a85e34cbcfdaa2023-02-07 15:15:14.557root 11241100x8000000000000000705366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e05479797c70af12023-02-07 15:15:14.557root 11241100x8000000000000000705365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0970ecc009b01872023-02-07 15:15:14.557root 11241100x8000000000000000705364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.557{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f290965f9277bdb2023-02-07 15:15:14.557root 11241100x8000000000000000705384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedc8c84527d52a12023-02-07 15:15:14.558root 11241100x8000000000000000705383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc1d23f1f35e83a2023-02-07 15:15:14.558root 11241100x8000000000000000705382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dfca450875bb132023-02-07 15:15:14.558root 11241100x8000000000000000705381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da4618b3fc6df602023-02-07 15:15:14.558root 11241100x8000000000000000705380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb265396bf73cbf2023-02-07 15:15:14.558root 11241100x8000000000000000705379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd46892cf266302c2023-02-07 15:15:14.558root 11241100x8000000000000000705378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75beeebd2ef0100f2023-02-07 15:15:14.558root 11241100x8000000000000000705377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7187bf9148a5ed2023-02-07 15:15:14.558root 11241100x8000000000000000705376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632d9fda274886eb2023-02-07 15:15:14.558root 11241100x8000000000000000705375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.558{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1363a45ed3f176542023-02-07 15:15:14.558root 11241100x8000000000000000705388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.559{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaa79b6420908f82023-02-07 15:15:14.559root 11241100x8000000000000000705387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.559{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bc072a876c993c2023-02-07 15:15:14.559root 11241100x8000000000000000705386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.559{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919f3b7055d6c6202023-02-07 15:15:14.559root 11241100x8000000000000000705385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.559{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ab189155836b852023-02-07 15:15:14.559root 11241100x8000000000000000705390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2573ea7a709a1b2023-02-07 15:15:14.845root 11241100x8000000000000000705389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1483fd3e578c42ae2023-02-07 15:15:14.845root 11241100x8000000000000000705404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b7b4911f61e1442023-02-07 15:15:14.846root 11241100x8000000000000000705403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379efd13fa555a02023-02-07 15:15:14.846root 11241100x8000000000000000705402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1085582fdea5792023-02-07 15:15:14.846root 11241100x8000000000000000705401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74e990eed386b2c2023-02-07 15:15:14.846root 11241100x8000000000000000705400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66d8381968b5f3a2023-02-07 15:15:14.846root 11241100x8000000000000000705399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de403b0b89cb9c72023-02-07 15:15:14.846root 11241100x8000000000000000705398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d998bced0e93b62023-02-07 15:15:14.846root 11241100x8000000000000000705397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3977893dcc5f1e152023-02-07 15:15:14.846root 11241100x8000000000000000705396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec863da558c897a32023-02-07 15:15:14.846root 11241100x8000000000000000705395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fbd8451ce3bca12023-02-07 15:15:14.846root 11241100x8000000000000000705394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7028f97a64eb0a052023-02-07 15:15:14.846root 11241100x8000000000000000705393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71f1cfc2609fa212023-02-07 15:15:14.846root 11241100x8000000000000000705392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a866b97d3152350a2023-02-07 15:15:14.846root 11241100x8000000000000000705391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48516bcccaa67d02023-02-07 15:15:14.846root 11241100x8000000000000000705419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da1f9870710ffd92023-02-07 15:15:14.847root 11241100x8000000000000000705418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617f002515a67ac42023-02-07 15:15:14.847root 11241100x8000000000000000705417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96cdec674515a792023-02-07 15:15:14.847root 11241100x8000000000000000705416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d85e0bc5ec56452023-02-07 15:15:14.847root 11241100x8000000000000000705415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87e933b9daf24662023-02-07 15:15:14.847root 11241100x8000000000000000705414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f12ec7499b9bbfd2023-02-07 15:15:14.847root 11241100x8000000000000000705413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fd1dcc93980d642023-02-07 15:15:14.847root 11241100x8000000000000000705412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e189e027e8a8452023-02-07 15:15:14.847root 11241100x8000000000000000705411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad17f4708164f6f2023-02-07 15:15:14.847root 11241100x8000000000000000705410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140b8c5e369df12e2023-02-07 15:15:14.847root 11241100x8000000000000000705409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c96f5609409f22023-02-07 15:15:14.847root 11241100x8000000000000000705408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38253f78b52b73742023-02-07 15:15:14.847root 11241100x8000000000000000705407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e6ece6bd75edfe2023-02-07 15:15:14.847root 11241100x8000000000000000705406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79479903f678e342023-02-07 15:15:14.847root 11241100x8000000000000000705405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62beabbeac1b22732023-02-07 15:15:14.847root 11241100x8000000000000000705430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245a60e46569bef2023-02-07 15:15:14.848root 11241100x8000000000000000705429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca8d412d437e82b2023-02-07 15:15:14.848root 11241100x8000000000000000705428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c39177295183b82023-02-07 15:15:14.848root 11241100x8000000000000000705427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84232ba5b1144c0d2023-02-07 15:15:14.848root 11241100x8000000000000000705426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f095972ec257b2023-02-07 15:15:14.848root 11241100x8000000000000000705425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d546b0b17767c492023-02-07 15:15:14.848root 11241100x8000000000000000705424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec024a4950295f02023-02-07 15:15:14.848root 11241100x8000000000000000705423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ec457979ceb56b2023-02-07 15:15:14.848root 11241100x8000000000000000705422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f43e9517dcd2b0b2023-02-07 15:15:14.848root 11241100x8000000000000000705421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ebd0c931b940e82023-02-07 15:15:14.848root 11241100x8000000000000000705420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754608f9caf3d91d2023-02-07 15:15:14.848root 11241100x8000000000000000705440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ab269b426221a32023-02-07 15:15:15.346root 11241100x8000000000000000705439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb9da7b45d6391d2023-02-07 15:15:15.346root 11241100x8000000000000000705438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7974879060b7c0e22023-02-07 15:15:15.346root 11241100x8000000000000000705437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3a93d8ce8c00842023-02-07 15:15:15.346root 11241100x8000000000000000705436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9859c8a8580c8b6e2023-02-07 15:15:15.346root 11241100x8000000000000000705435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa969a9b3c6e9a12023-02-07 15:15:15.346root 11241100x8000000000000000705434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717220406bd86a972023-02-07 15:15:15.346root 11241100x8000000000000000705433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16da7b2a26ea948b2023-02-07 15:15:15.346root 11241100x8000000000000000705432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c3b9b2c2690b712023-02-07 15:15:15.346root 11241100x8000000000000000705431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb76e42e5e21c122023-02-07 15:15:15.346root 11241100x8000000000000000705455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c47dd79ce3340e2023-02-07 15:15:15.347root 11241100x8000000000000000705454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e138247844706592023-02-07 15:15:15.347root 11241100x8000000000000000705453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae575e1712932e2023-02-07 15:15:15.347root 11241100x8000000000000000705452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6738bbd2b73a8f5e2023-02-07 15:15:15.347root 11241100x8000000000000000705451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee687b0240eda982023-02-07 15:15:15.347root 11241100x8000000000000000705450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d5b66f43df75a32023-02-07 15:15:15.347root 11241100x8000000000000000705449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee7448b339cec192023-02-07 15:15:15.347root 11241100x8000000000000000705448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e1df05e853b5912023-02-07 15:15:15.347root 11241100x8000000000000000705447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15b4cee1a6fc6952023-02-07 15:15:15.347root 11241100x8000000000000000705446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b87a9777175cbb42023-02-07 15:15:15.347root 11241100x8000000000000000705445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f6ba0af64171342023-02-07 15:15:15.347root 11241100x8000000000000000705444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f57f5ef10d30e182023-02-07 15:15:15.347root 11241100x8000000000000000705443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae9cacdb27c198c2023-02-07 15:15:15.347root 11241100x8000000000000000705442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4397fa6d34b3dd2023-02-07 15:15:15.347root 11241100x8000000000000000705441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996f2dbfc0723e102023-02-07 15:15:15.347root 11241100x8000000000000000705456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0e10f12ac5f84a2023-02-07 15:15:15.348root 11241100x8000000000000000705459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe335a2e3ef90ef2023-02-07 15:15:15.349root 11241100x8000000000000000705458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbf8ca222d475cd2023-02-07 15:15:15.349root 11241100x8000000000000000705457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6739e4288942aea2023-02-07 15:15:15.349root 11241100x8000000000000000705461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dcd0b5329c23ec2023-02-07 15:15:15.845root 11241100x8000000000000000705460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc869103a4facb3d2023-02-07 15:15:15.845root 11241100x8000000000000000705475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1e8297bba1304f2023-02-07 15:15:15.846root 11241100x8000000000000000705474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9975b09f6eb9b52023-02-07 15:15:15.846root 11241100x8000000000000000705473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7685ed4d4e9fe5132023-02-07 15:15:15.846root 11241100x8000000000000000705472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396d0773b0f6eff52023-02-07 15:15:15.846root 11241100x8000000000000000705471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886c67bea4702b8d2023-02-07 15:15:15.846root 11241100x8000000000000000705470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac43c056b1084ac2023-02-07 15:15:15.846root 11241100x8000000000000000705469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b30bfa6e59b366b2023-02-07 15:15:15.846root 11241100x8000000000000000705468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79e03a06fbb9bb2023-02-07 15:15:15.846root 11241100x8000000000000000705467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a96e5c9e446a82023-02-07 15:15:15.846root 11241100x8000000000000000705466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ade021161541272023-02-07 15:15:15.846root 11241100x8000000000000000705465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c541387c58225a2023-02-07 15:15:15.846root 11241100x8000000000000000705464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a269b2fa723f02a2023-02-07 15:15:15.846root 11241100x8000000000000000705463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420004e4418ad4cf2023-02-07 15:15:15.846root 11241100x8000000000000000705462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12093168ea28ee52023-02-07 15:15:15.846root 11241100x8000000000000000705490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cff2e4c86e893372023-02-07 15:15:15.847root 11241100x8000000000000000705489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8430acd7d9092ee12023-02-07 15:15:15.847root 11241100x8000000000000000705488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4b0cd124036d342023-02-07 15:15:15.847root 11241100x8000000000000000705487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e7107f8e1ce17b2023-02-07 15:15:15.847root 11241100x8000000000000000705486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b64e5b092b0a1752023-02-07 15:15:15.847root 11241100x8000000000000000705485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b2cb53b7da20a92023-02-07 15:15:15.847root 11241100x8000000000000000705484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245fb300038671d82023-02-07 15:15:15.847root 11241100x8000000000000000705483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae46cdc006ff322023-02-07 15:15:15.847root 11241100x8000000000000000705482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d99c7d3317343992023-02-07 15:15:15.847root 11241100x8000000000000000705481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f261deab8e51bf632023-02-07 15:15:15.847root 11241100x8000000000000000705480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204cc274b70d16a2023-02-07 15:15:15.847root 11241100x8000000000000000705479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e5ac520f9457512023-02-07 15:15:15.847root 11241100x8000000000000000705478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859be2167f5aca6d2023-02-07 15:15:15.847root 11241100x8000000000000000705477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6407715d44ea272023-02-07 15:15:15.847root 11241100x8000000000000000705476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d379c484ccd9cf2023-02-07 15:15:15.847root 11241100x8000000000000000705502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b885d0bfbc082752023-02-07 15:15:15.848root 11241100x8000000000000000705501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1b29633049df472023-02-07 15:15:15.848root 11241100x8000000000000000705500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfd99a75564897d2023-02-07 15:15:15.848root 11241100x8000000000000000705499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc63f29c77a9942023-02-07 15:15:15.848root 11241100x8000000000000000705498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b37335d1b04613c2023-02-07 15:15:15.848root 11241100x8000000000000000705497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eb4ee2f7e4b5822023-02-07 15:15:15.848root 11241100x8000000000000000705496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fae5aa11c98c062023-02-07 15:15:15.848root 11241100x8000000000000000705495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7050d9cb685fdac02023-02-07 15:15:15.848root 11241100x8000000000000000705494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97cd393d7ab973d2023-02-07 15:15:15.848root 11241100x8000000000000000705493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de7a20e2bfa0e1f2023-02-07 15:15:15.848root 11241100x8000000000000000705492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40920f5a392a63992023-02-07 15:15:15.848root 11241100x8000000000000000705491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec3a51e0883a5e62023-02-07 15:15:15.848root 11241100x8000000000000000705513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d78503515a61e82023-02-07 15:15:15.857root 11241100x8000000000000000705512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b126b1d9afe1f72023-02-07 15:15:15.857root 11241100x8000000000000000705511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68178d0c6862618a2023-02-07 15:15:15.857root 11241100x8000000000000000705510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229df273d4d1d8662023-02-07 15:15:15.857root 11241100x8000000000000000705509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f274eef0dd65c272023-02-07 15:15:15.857root 11241100x8000000000000000705508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cb51d00fe1ab8e2023-02-07 15:15:15.857root 11241100x8000000000000000705507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521092cb86f3e71f2023-02-07 15:15:15.857root 11241100x8000000000000000705506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46f9870a5e9dc682023-02-07 15:15:15.857root 11241100x8000000000000000705505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06565b891508cb82023-02-07 15:15:15.857root 11241100x8000000000000000705504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd381dae4c12d92023-02-07 15:15:15.857root 11241100x8000000000000000705503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24284fdf26d411bb2023-02-07 15:15:15.857root 11241100x8000000000000000705525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919b9eec95d78dca2023-02-07 15:15:15.858root 11241100x8000000000000000705524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53a1760b039b1f62023-02-07 15:15:15.858root 11241100x8000000000000000705523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefa26aa4293c4bb2023-02-07 15:15:15.858root 11241100x8000000000000000705522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc29c66ff9049452023-02-07 15:15:15.858root 11241100x8000000000000000705521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa1503d30bc88d42023-02-07 15:15:15.858root 11241100x8000000000000000705520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6818e488d88ef3d22023-02-07 15:15:15.858root 11241100x8000000000000000705519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d648cbd1d111ee2023-02-07 15:15:15.858root 11241100x8000000000000000705518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c38e10907b2d84b2023-02-07 15:15:15.858root 11241100x8000000000000000705517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8308076fe981952023-02-07 15:15:15.858root 11241100x8000000000000000705516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430964ea9385f4e62023-02-07 15:15:15.858root 11241100x8000000000000000705515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8e7a2ff9b43a852023-02-07 15:15:15.858root 11241100x8000000000000000705514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afad6c01cfb8b7b62023-02-07 15:15:15.858root 11241100x8000000000000000705530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5fff1ab40ef1e62023-02-07 15:15:15.859root 11241100x8000000000000000705529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b31a7c4e41e64312023-02-07 15:15:15.859root 11241100x8000000000000000705528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0267ce530b356d2023-02-07 15:15:15.859root 11241100x8000000000000000705527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec81a7c2648d3f52023-02-07 15:15:15.859root 11241100x8000000000000000705526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edda744a694f1752023-02-07 15:15:15.859root 11241100x8000000000000000705531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:15.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b004b55548d7caca2023-02-07 15:15:15.860root 11241100x8000000000000000705543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105e4049fc47a8d42023-02-07 15:15:16.346root 11241100x8000000000000000705542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abed6aada63beb22023-02-07 15:15:16.346root 11241100x8000000000000000705541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef303c9e9f7aa82023-02-07 15:15:16.346root 11241100x8000000000000000705540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387e1a560af63d9f2023-02-07 15:15:16.346root 11241100x8000000000000000705539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf4d3c713d7972d2023-02-07 15:15:16.346root 11241100x8000000000000000705538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44465ad8ed2e90692023-02-07 15:15:16.346root 11241100x8000000000000000705537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fbc98c1272f6222023-02-07 15:15:16.346root 11241100x8000000000000000705536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7703b56652928572023-02-07 15:15:16.346root 11241100x8000000000000000705535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82537ac2d138783d2023-02-07 15:15:16.346root 11241100x8000000000000000705534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2a2467a7a02d172023-02-07 15:15:16.346root 11241100x8000000000000000705533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6051e5ef57b359e2023-02-07 15:15:16.346root 11241100x8000000000000000705532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857a8cd8991c36e2023-02-07 15:15:16.346root 11241100x8000000000000000705557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2e5668343acda82023-02-07 15:15:16.347root 11241100x8000000000000000705556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdb712a8c35dad42023-02-07 15:15:16.347root 11241100x8000000000000000705555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800daafee7a508742023-02-07 15:15:16.347root 11241100x8000000000000000705554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c0c6264f2e77292023-02-07 15:15:16.347root 11241100x8000000000000000705553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82564eb8189333382023-02-07 15:15:16.347root 11241100x8000000000000000705552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e462eb529c9a0cb12023-02-07 15:15:16.347root 11241100x8000000000000000705551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6a2ed2db02b8c22023-02-07 15:15:16.347root 11241100x8000000000000000705550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ade05ac215de30d2023-02-07 15:15:16.347root 11241100x8000000000000000705549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b797a10d6cac21ba2023-02-07 15:15:16.347root 11241100x8000000000000000705548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218d7b6e7ca4d5ba2023-02-07 15:15:16.347root 11241100x8000000000000000705547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96506ca61f92ceb32023-02-07 15:15:16.347root 11241100x8000000000000000705546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2156afa9364fd852023-02-07 15:15:16.347root 11241100x8000000000000000705545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091801fcb46fd9592023-02-07 15:15:16.347root 11241100x8000000000000000705544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d67954f5a7ecc02023-02-07 15:15:16.347root 11241100x8000000000000000705560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30df8e61b7e013ea2023-02-07 15:15:16.348root 11241100x8000000000000000705559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f876ae3524a1841b2023-02-07 15:15:16.348root 11241100x8000000000000000705558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2250a953e663b32023-02-07 15:15:16.348root 11241100x8000000000000000705569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb2525a6a7c029a2023-02-07 15:15:16.846root 11241100x8000000000000000705568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44118d552fb75b72023-02-07 15:15:16.846root 11241100x8000000000000000705567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadd38298f6f819f2023-02-07 15:15:16.846root 11241100x8000000000000000705566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502d7ffab4ea43082023-02-07 15:15:16.846root 11241100x8000000000000000705565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d439eda7e61817aa2023-02-07 15:15:16.846root 11241100x8000000000000000705564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf4e98cb899a4132023-02-07 15:15:16.846root 11241100x8000000000000000705563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc76f2c60377a45d2023-02-07 15:15:16.846root 11241100x8000000000000000705562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbad0759e1733252023-02-07 15:15:16.846root 11241100x8000000000000000705561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044ba527f2b151af2023-02-07 15:15:16.846root 11241100x8000000000000000705584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5a1d4f918056fd2023-02-07 15:15:16.847root 11241100x8000000000000000705583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370971ca1560278b2023-02-07 15:15:16.847root 11241100x8000000000000000705582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d5b0856d5029c72023-02-07 15:15:16.847root 11241100x8000000000000000705581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c73ddb259aef2252023-02-07 15:15:16.847root 11241100x8000000000000000705580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b643fb012f342792023-02-07 15:15:16.847root 11241100x8000000000000000705579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510224c3c78bf4bf2023-02-07 15:15:16.847root 11241100x8000000000000000705578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d438443a3b769212023-02-07 15:15:16.847root 11241100x8000000000000000705577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6503985b6677aa2023-02-07 15:15:16.847root 11241100x8000000000000000705576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57821aad09b7e4ab2023-02-07 15:15:16.847root 11241100x8000000000000000705575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedb2e55c719b73a2023-02-07 15:15:16.847root 11241100x8000000000000000705574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8532895c78f2b7032023-02-07 15:15:16.847root 11241100x8000000000000000705573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69656a97e1af5a9f2023-02-07 15:15:16.847root 11241100x8000000000000000705572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035c822899c895dd2023-02-07 15:15:16.847root 11241100x8000000000000000705571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5ff4fe37ca25a02023-02-07 15:15:16.847root 11241100x8000000000000000705570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01f5299fa8070882023-02-07 15:15:16.847root 11241100x8000000000000000705589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3471030b6e6d8e642023-02-07 15:15:16.848root 11241100x8000000000000000705588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccfe27c166fbb132023-02-07 15:15:16.848root 11241100x8000000000000000705587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c499d824111914222023-02-07 15:15:16.848root 11241100x8000000000000000705586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591c219f595bf9d52023-02-07 15:15:16.848root 11241100x8000000000000000705585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:16.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9284e44452662cc2023-02-07 15:15:16.848root 11241100x8000000000000000705595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d6e06d943e1a9e2023-02-07 15:15:17.345root 11241100x8000000000000000705594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77145c8b8a97fb762023-02-07 15:15:17.345root 11241100x8000000000000000705593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c55aeb024e3742023-02-07 15:15:17.345root 11241100x8000000000000000705592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83162233da4415e2023-02-07 15:15:17.345root 11241100x8000000000000000705591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7ebd4f14eb508e2023-02-07 15:15:17.345root 11241100x8000000000000000705590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9e62276e87e0022023-02-07 15:15:17.345root 11241100x8000000000000000705605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef7803a41358cf82023-02-07 15:15:17.346root 11241100x8000000000000000705604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c116a3159a5b38382023-02-07 15:15:17.346root 11241100x8000000000000000705603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d016edb514f855d2023-02-07 15:15:17.346root 11241100x8000000000000000705602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf2167233db2c382023-02-07 15:15:17.346root 11241100x8000000000000000705601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e9a39774815b802023-02-07 15:15:17.346root 11241100x8000000000000000705600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c10df3abeffb63e2023-02-07 15:15:17.346root 11241100x8000000000000000705599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e8184da3c9a1452023-02-07 15:15:17.346root 11241100x8000000000000000705598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25116dfd88d4e4ce2023-02-07 15:15:17.346root 11241100x8000000000000000705597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0a52c7739152db2023-02-07 15:15:17.346root 11241100x8000000000000000705596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df948658a51f98332023-02-07 15:15:17.346root 11241100x8000000000000000705617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e302660ff48ba6a2023-02-07 15:15:17.347root 11241100x8000000000000000705616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8627761a7ee072ca2023-02-07 15:15:17.347root 11241100x8000000000000000705615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79684e48e8d74132023-02-07 15:15:17.347root 11241100x8000000000000000705614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da03f09b44b53d862023-02-07 15:15:17.347root 11241100x8000000000000000705613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab0b59c9f0625702023-02-07 15:15:17.347root 11241100x8000000000000000705612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733cc7cb2317c6762023-02-07 15:15:17.347root 11241100x8000000000000000705611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cea5f77a74dac972023-02-07 15:15:17.347root 11241100x8000000000000000705610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dfc78747a9c9802023-02-07 15:15:17.347root 11241100x8000000000000000705609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a5f9b7ee5ea1462023-02-07 15:15:17.347root 11241100x8000000000000000705608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ddae1f6ef0f9a82023-02-07 15:15:17.347root 11241100x8000000000000000705607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ca967ae03538e2023-02-07 15:15:17.347root 11241100x8000000000000000705606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a84797d8d580f82023-02-07 15:15:17.347root 11241100x8000000000000000705632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f282e7bf9b6dc9e72023-02-07 15:15:17.348root 11241100x8000000000000000705631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce76bf18846201e2023-02-07 15:15:17.348root 11241100x8000000000000000705630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf72140ae4e1a1e2023-02-07 15:15:17.348root 11241100x8000000000000000705629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c34970e5a20e58e2023-02-07 15:15:17.348root 11241100x8000000000000000705628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5609f72ddd46949b2023-02-07 15:15:17.348root 11241100x8000000000000000705627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1685ead6b483712023-02-07 15:15:17.348root 11241100x8000000000000000705626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce10f45ab6afc212023-02-07 15:15:17.348root 11241100x8000000000000000705625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a98246c5cbf94e22023-02-07 15:15:17.348root 11241100x8000000000000000705624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75d0fd37de952d62023-02-07 15:15:17.348root 11241100x8000000000000000705623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f616aaffc9909232023-02-07 15:15:17.348root 11241100x8000000000000000705622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ecef4793ba71972023-02-07 15:15:17.348root 11241100x8000000000000000705621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e73485fbafc153b2023-02-07 15:15:17.348root 11241100x8000000000000000705620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee95e736c143f7652023-02-07 15:15:17.348root 11241100x8000000000000000705619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43bb603908451bf2023-02-07 15:15:17.348root 11241100x8000000000000000705618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e27c0a1c50eb55d2023-02-07 15:15:17.348root 11241100x8000000000000000705637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedeccef65318ee52023-02-07 15:15:17.349root 11241100x8000000000000000705636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abb66d5e497e56f2023-02-07 15:15:17.349root 11241100x8000000000000000705635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac639f13057873142023-02-07 15:15:17.349root 11241100x8000000000000000705634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3d6d9be72652452023-02-07 15:15:17.349root 11241100x8000000000000000705633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd265d5b6a9feab12023-02-07 15:15:17.349root 11241100x8000000000000000705640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b7d8b2be21fb92023-02-07 15:15:17.350root 11241100x8000000000000000705639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3301dfc0f672222023-02-07 15:15:17.350root 11241100x8000000000000000705638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda26afe86df83b2023-02-07 15:15:17.350root 11241100x8000000000000000705643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39c77ef3af6cf092023-02-07 15:15:17.351root 11241100x8000000000000000705642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d7dd2de4b862182023-02-07 15:15:17.351root 11241100x8000000000000000705641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa53fa8eabc1edd2023-02-07 15:15:17.351root 11241100x8000000000000000705648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a9bd41c32244c82023-02-07 15:15:17.352root 11241100x8000000000000000705647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e547e27d77406df2023-02-07 15:15:17.352root 11241100x8000000000000000705646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e3d8d0d21367662023-02-07 15:15:17.352root 11241100x8000000000000000705645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ce09cdf1de60a42023-02-07 15:15:17.352root 11241100x8000000000000000705644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af7141743879062023-02-07 15:15:17.352root 11241100x8000000000000000705661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07457389db8b65632023-02-07 15:15:17.846root 11241100x8000000000000000705660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fa104fe7b956112023-02-07 15:15:17.846root 11241100x8000000000000000705659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd17fc7bec9f74242023-02-07 15:15:17.846root 11241100x8000000000000000705658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cd4a75adae5b052023-02-07 15:15:17.846root 11241100x8000000000000000705657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30306d5fe4cd98d2023-02-07 15:15:17.846root 11241100x8000000000000000705656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7bdae326c5faf12023-02-07 15:15:17.846root 11241100x8000000000000000705655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7e4c2835a1fb142023-02-07 15:15:17.846root 11241100x8000000000000000705654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ed5c24f9eb19932023-02-07 15:15:17.846root 11241100x8000000000000000705653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf272fc574de8052023-02-07 15:15:17.846root 11241100x8000000000000000705652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12dd31e9dde1f8b2023-02-07 15:15:17.846root 11241100x8000000000000000705651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f000d35f1eafaa2023-02-07 15:15:17.846root 11241100x8000000000000000705650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e52bf5a3f072802023-02-07 15:15:17.846root 11241100x8000000000000000705649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7068e6249c2805652023-02-07 15:15:17.846root 11241100x8000000000000000705675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc24cd75a5ef660a2023-02-07 15:15:17.847root 11241100x8000000000000000705674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bed1e643c1fc062023-02-07 15:15:17.847root 11241100x8000000000000000705673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e143cff15bd8eb2023-02-07 15:15:17.847root 11241100x8000000000000000705672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724153f71f038ce92023-02-07 15:15:17.847root 11241100x8000000000000000705671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeccc2688327d64f2023-02-07 15:15:17.847root 11241100x8000000000000000705670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0befbf107d4ff432023-02-07 15:15:17.847root 11241100x8000000000000000705669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c0ecfa3d7102552023-02-07 15:15:17.847root 11241100x8000000000000000705668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad473a0ee6fdfa182023-02-07 15:15:17.847root 11241100x8000000000000000705667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a1060cef777082023-02-07 15:15:17.847root 11241100x8000000000000000705666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab05b8d6847aa79f2023-02-07 15:15:17.847root 11241100x8000000000000000705665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aa85403feb785d2023-02-07 15:15:17.847root 11241100x8000000000000000705664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5643b45dc8565a552023-02-07 15:15:17.847root 11241100x8000000000000000705663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5773f753d9abb9282023-02-07 15:15:17.847root 11241100x8000000000000000705662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf236fcfb6090fb2023-02-07 15:15:17.847root 11241100x8000000000000000705677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66119412257201b72023-02-07 15:15:17.848root 11241100x8000000000000000705676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b8bc1667c42d2c2023-02-07 15:15:17.848root 11241100x8000000000000000705685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f2c55ea7c8b8de2023-02-07 15:15:18.346root 11241100x8000000000000000705684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97972ebe9c0549182023-02-07 15:15:18.346root 11241100x8000000000000000705683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d20b681f5b7380a2023-02-07 15:15:18.346root 11241100x8000000000000000705682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b66e659eaa9e832023-02-07 15:15:18.346root 11241100x8000000000000000705681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7653f365d5c1b48f2023-02-07 15:15:18.346root 11241100x8000000000000000705680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115a0fef10f1cf232023-02-07 15:15:18.346root 11241100x8000000000000000705679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb55433e836153a2023-02-07 15:15:18.346root 11241100x8000000000000000705678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008a077200b60462023-02-07 15:15:18.346root 11241100x8000000000000000705700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7d8de71199f0d2023-02-07 15:15:18.347root 11241100x8000000000000000705699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf6c3e398d31a922023-02-07 15:15:18.347root 11241100x8000000000000000705698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9861fd2ea0e04c22023-02-07 15:15:18.347root 11241100x8000000000000000705697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84e472423bb67282023-02-07 15:15:18.347root 11241100x8000000000000000705696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a0e464b4d84adf2023-02-07 15:15:18.347root 11241100x8000000000000000705695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a4521d8cd6c3982023-02-07 15:15:18.347root 11241100x8000000000000000705694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b6fad31dc4c9832023-02-07 15:15:18.347root 11241100x8000000000000000705693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bac0a1744d1ef32023-02-07 15:15:18.347root 11241100x8000000000000000705692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7366c54fa067f82023-02-07 15:15:18.347root 11241100x8000000000000000705691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665e6a10a69c51632023-02-07 15:15:18.347root 11241100x8000000000000000705690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814753cff495aeb52023-02-07 15:15:18.347root 11241100x8000000000000000705689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391afc7b008cb2ba2023-02-07 15:15:18.347root 11241100x8000000000000000705688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef706f5ceda722e2023-02-07 15:15:18.347root 11241100x8000000000000000705687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544998a12076831d2023-02-07 15:15:18.347root 11241100x8000000000000000705686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3995b1b90b873ac2023-02-07 15:15:18.347root 11241100x8000000000000000705706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711a674ed3b996d32023-02-07 15:15:18.348root 11241100x8000000000000000705705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f159837c7851a532023-02-07 15:15:18.348root 11241100x8000000000000000705704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40a2a6ce8c089b2023-02-07 15:15:18.348root 11241100x8000000000000000705703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e63dc1147525e082023-02-07 15:15:18.348root 11241100x8000000000000000705702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32ca0028c73a25a2023-02-07 15:15:18.348root 11241100x8000000000000000705701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96b9948ced9283e2023-02-07 15:15:18.348root 11241100x8000000000000000705710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a9a4ceaa4d824d2023-02-07 15:15:18.845root 11241100x8000000000000000705709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdd6f829b0035bf2023-02-07 15:15:18.845root 11241100x8000000000000000705708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44ec663c8006172023-02-07 15:15:18.845root 11241100x8000000000000000705707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b70e6b8e2c3a752023-02-07 15:15:18.845root 11241100x8000000000000000705723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3864b288499fde512023-02-07 15:15:18.846root 11241100x8000000000000000705722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7637b94c99de9062023-02-07 15:15:18.846root 11241100x8000000000000000705721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922f8760a5f795032023-02-07 15:15:18.846root 11241100x8000000000000000705720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da6925e12c0e6342023-02-07 15:15:18.846root 11241100x8000000000000000705719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bb54b47c63dc2f2023-02-07 15:15:18.846root 11241100x8000000000000000705718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa73cb72b91edb0d2023-02-07 15:15:18.846root 11241100x8000000000000000705717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee45b36c893b8ce2023-02-07 15:15:18.846root 11241100x8000000000000000705716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b2ed95b78ef3582023-02-07 15:15:18.846root 11241100x8000000000000000705715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deff5206ebdae7a2023-02-07 15:15:18.846root 11241100x8000000000000000705714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d5a2d3925ec6262023-02-07 15:15:18.846root 11241100x8000000000000000705713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8582c84d27d98e2023-02-07 15:15:18.846root 11241100x8000000000000000705712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182270b643ba1a0f2023-02-07 15:15:18.846root 11241100x8000000000000000705711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744029ce9b2cd9c32023-02-07 15:15:18.846root 11241100x8000000000000000705737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08217882839851942023-02-07 15:15:18.847root 11241100x8000000000000000705736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6486c5afa0e7a8342023-02-07 15:15:18.847root 11241100x8000000000000000705735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538fc53c97a8a4202023-02-07 15:15:18.847root 11241100x8000000000000000705734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faffcbd35006c8042023-02-07 15:15:18.847root 11241100x8000000000000000705733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d864dd238b0d7092023-02-07 15:15:18.847root 11241100x8000000000000000705732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f87f409ed5060612023-02-07 15:15:18.847root 11241100x8000000000000000705731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78161a5f3d495b62023-02-07 15:15:18.847root 11241100x8000000000000000705730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b97158f4097b5c2023-02-07 15:15:18.847root 11241100x8000000000000000705729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4821e3c2b9257e322023-02-07 15:15:18.847root 11241100x8000000000000000705728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd64da242633b622023-02-07 15:15:18.847root 11241100x8000000000000000705727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8693cd6b75a754892023-02-07 15:15:18.847root 11241100x8000000000000000705726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb148eac7601d232023-02-07 15:15:18.847root 11241100x8000000000000000705725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1599cd9304972f32023-02-07 15:15:18.847root 11241100x8000000000000000705724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d42c0fd8d6618e2023-02-07 15:15:18.847root 11241100x8000000000000000705745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9d1b14ef5fa35d2023-02-07 15:15:18.848root 11241100x8000000000000000705744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bc042596e1efd52023-02-07 15:15:18.848root 11241100x8000000000000000705743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf57cc85707048f2023-02-07 15:15:18.848root 11241100x8000000000000000705742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38244370c6a3c3e92023-02-07 15:15:18.848root 11241100x8000000000000000705741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269b418bcd2bcb3a2023-02-07 15:15:18.848root 11241100x8000000000000000705740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f371c961604cace52023-02-07 15:15:18.848root 11241100x8000000000000000705739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde402977d046fac2023-02-07 15:15:18.848root 11241100x8000000000000000705738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b9519cd39a361d2023-02-07 15:15:18.848root 11241100x8000000000000000705750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88b9dfcf4c7795c2023-02-07 15:15:18.849root 11241100x8000000000000000705749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b128bad4bcd39462023-02-07 15:15:18.849root 11241100x8000000000000000705748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a03112ca424e4a62023-02-07 15:15:18.849root 11241100x8000000000000000705747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae00ff507bb9bae82023-02-07 15:15:18.849root 11241100x8000000000000000705746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a5ba21969b34ea2023-02-07 15:15:18.849root 11241100x8000000000000000705758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7413169dfeed41472023-02-07 15:15:18.850root 11241100x8000000000000000705757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e56fa26b36888692023-02-07 15:15:18.850root 11241100x8000000000000000705756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d2cb05de1180d02023-02-07 15:15:18.850root 11241100x8000000000000000705755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0442f4e6fbdaca2023-02-07 15:15:18.850root 11241100x8000000000000000705754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00259feba770aec32023-02-07 15:15:18.850root 11241100x8000000000000000705753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beda536e3dbfbc102023-02-07 15:15:18.850root 11241100x8000000000000000705752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6dd2ae5fd16c532023-02-07 15:15:18.850root 11241100x8000000000000000705751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb82b8a03639ac2023-02-07 15:15:18.850root 11241100x8000000000000000705765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698807d9849d51f62023-02-07 15:15:18.851root 11241100x8000000000000000705764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec3963d87cb74c62023-02-07 15:15:18.851root 11241100x8000000000000000705763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99e0fc0b6dcc8842023-02-07 15:15:18.851root 11241100x8000000000000000705762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5005c2ab5e3cc0d72023-02-07 15:15:18.851root 11241100x8000000000000000705761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52d3835be1169fa2023-02-07 15:15:18.851root 11241100x8000000000000000705760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9215f1c0ea4beee2023-02-07 15:15:18.851root 11241100x8000000000000000705759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e60b4fc39759ed2023-02-07 15:15:18.851root 11241100x8000000000000000705771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7987a8024fb320522023-02-07 15:15:18.852root 11241100x8000000000000000705770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16c97bde8bd3842023-02-07 15:15:18.852root 11241100x8000000000000000705769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9035cb0d06ac386c2023-02-07 15:15:18.852root 11241100x8000000000000000705768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3424f59e53a9e9f2023-02-07 15:15:18.852root 11241100x8000000000000000705767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656097114a86c0cc2023-02-07 15:15:18.852root 11241100x8000000000000000705766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5fb4d90e5dd0122023-02-07 15:15:18.852root 11241100x8000000000000000705777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b62f4dad52886f2023-02-07 15:15:18.854root 11241100x8000000000000000705776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9440b208a4e6102023-02-07 15:15:18.854root 11241100x8000000000000000705775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c898cdc81ba9b2023-02-07 15:15:18.854root 11241100x8000000000000000705774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe9dc68986dcd5f2023-02-07 15:15:18.854root 11241100x8000000000000000705773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59067c93e4b596b2023-02-07 15:15:18.854root 11241100x8000000000000000705772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a1d38bc3a3d0f52023-02-07 15:15:18.854root 11241100x8000000000000000705784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e23d265ac8a0742023-02-07 15:15:18.855root 11241100x8000000000000000705783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7f3fe1658bf1502023-02-07 15:15:18.855root 11241100x8000000000000000705782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee379f855688bee2023-02-07 15:15:18.855root 11241100x8000000000000000705781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b2ec9c08cfc3032023-02-07 15:15:18.855root 11241100x8000000000000000705780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaff392e8771032a2023-02-07 15:15:18.855root 11241100x8000000000000000705779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e951e885f26a3f72023-02-07 15:15:18.855root 11241100x8000000000000000705778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e197b234ffc9002023-02-07 15:15:18.855root 11241100x8000000000000000705785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c280bf07282ce312023-02-07 15:15:18.856root 11241100x8000000000000000705789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a44816f495d02f62023-02-07 15:15:18.858root 11241100x8000000000000000705788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae65aa4d49bf86b52023-02-07 15:15:18.858root 11241100x8000000000000000705787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8143d8b624d87c2023-02-07 15:15:18.858root 11241100x8000000000000000705786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759381afd060d0a62023-02-07 15:15:18.858root 11241100x8000000000000000705795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e418d96459b2efe02023-02-07 15:15:18.859root 11241100x8000000000000000705794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d0f97bf246273f2023-02-07 15:15:18.859root 11241100x8000000000000000705793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7354ae08aa87d912023-02-07 15:15:18.859root 11241100x8000000000000000705792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca86a113f34331952023-02-07 15:15:18.859root 11241100x8000000000000000705791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd138b3006cda762023-02-07 15:15:18.859root 11241100x8000000000000000705790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b73b03428abdea2023-02-07 15:15:18.859root 11241100x8000000000000000705797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78ece6b07827dc32023-02-07 15:15:18.860root 11241100x8000000000000000705796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db52c5845a7d3cc82023-02-07 15:15:18.860root 11241100x8000000000000000705799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d321f1472f3d122023-02-07 15:15:18.861root 11241100x8000000000000000705798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99691a7b573f8eac2023-02-07 15:15:18.861root 11241100x8000000000000000705801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a480f9c064d20982023-02-07 15:15:18.862root 11241100x8000000000000000705800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9105b6334290a7012023-02-07 15:15:18.862root 11241100x8000000000000000705806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbb39be8d74d0832023-02-07 15:15:18.863root 11241100x8000000000000000705805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7907196ab3cff71d2023-02-07 15:15:18.863root 11241100x8000000000000000705804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7da4e873dba6982023-02-07 15:15:18.863root 11241100x8000000000000000705803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05d4b410bf0a50d2023-02-07 15:15:18.863root 11241100x8000000000000000705802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5d1e6fce94cd602023-02-07 15:15:18.863root 11241100x8000000000000000705812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7bc6214edbfba72023-02-07 15:15:18.864root 11241100x8000000000000000705811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe6d1f5a5540072023-02-07 15:15:18.864root 11241100x8000000000000000705810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251a4732604465c02023-02-07 15:15:18.864root 11241100x8000000000000000705809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7073a0c64bee72023-02-07 15:15:18.864root 11241100x8000000000000000705808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ee8b83074a31a52023-02-07 15:15:18.864root 11241100x8000000000000000705807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771b6322b1f601812023-02-07 15:15:18.864root 11241100x8000000000000000705813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:18.865{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e75fa0cba7f2e632023-02-07 15:15:18.865root 354300x8000000000000000705814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.088{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49342-false10.0.1.12-8000- 11241100x8000000000000000705822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe9f1f86fbbbe1d2023-02-07 15:15:19.346root 11241100x8000000000000000705821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1368b25ed46a18432023-02-07 15:15:19.346root 11241100x8000000000000000705820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730ea927ffa365b72023-02-07 15:15:19.346root 11241100x8000000000000000705819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b93aaadc6f01dbb2023-02-07 15:15:19.346root 11241100x8000000000000000705818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b567c95d26dc832023-02-07 15:15:19.346root 11241100x8000000000000000705817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23268bf70ce3dee12023-02-07 15:15:19.346root 11241100x8000000000000000705816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8509613e606ead42023-02-07 15:15:19.346root 11241100x8000000000000000705815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cca94874160d47b2023-02-07 15:15:19.346root 11241100x8000000000000000705834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e397254976317dd72023-02-07 15:15:19.347root 11241100x8000000000000000705833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf80f263b8e34cab2023-02-07 15:15:19.347root 11241100x8000000000000000705832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d2a114f75a31f52023-02-07 15:15:19.347root 11241100x8000000000000000705831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e97c6c9ed3e15052023-02-07 15:15:19.347root 11241100x8000000000000000705830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd1f0cacd9b73ec2023-02-07 15:15:19.347root 11241100x8000000000000000705829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501716470bf4d33c2023-02-07 15:15:19.347root 11241100x8000000000000000705828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c5fc36678284012023-02-07 15:15:19.347root 11241100x8000000000000000705827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52fa85d0adf053c2023-02-07 15:15:19.347root 11241100x8000000000000000705826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e715f454e53563ff2023-02-07 15:15:19.347root 11241100x8000000000000000705825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13af6f74a40d52012023-02-07 15:15:19.347root 11241100x8000000000000000705824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9096a7963572532023-02-07 15:15:19.347root 11241100x8000000000000000705823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939c376bd497c3572023-02-07 15:15:19.347root 11241100x8000000000000000705844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3074f351ba1b10652023-02-07 15:15:19.348root 11241100x8000000000000000705843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebebda0f968cb192023-02-07 15:15:19.348root 11241100x8000000000000000705842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf3671375b054a82023-02-07 15:15:19.348root 11241100x8000000000000000705841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4253dbe1b24a45c02023-02-07 15:15:19.348root 11241100x8000000000000000705840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc09af7b570939342023-02-07 15:15:19.348root 11241100x8000000000000000705839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e85baef826c76e72023-02-07 15:15:19.348root 11241100x8000000000000000705838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253b98d5a41856d12023-02-07 15:15:19.348root 11241100x8000000000000000705837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfa7a9f99bb1d9a2023-02-07 15:15:19.348root 11241100x8000000000000000705836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d68d34baa20415d2023-02-07 15:15:19.348root 11241100x8000000000000000705835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de13208fb404a3422023-02-07 15:15:19.348root 11241100x8000000000000000705846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798f7d910eec38b22023-02-07 15:15:19.845root 11241100x8000000000000000705845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575caa342fab0a0c2023-02-07 15:15:19.845root 11241100x8000000000000000705850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c48166b48e400042023-02-07 15:15:19.846root 11241100x8000000000000000705849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f1467dca1ff4df2023-02-07 15:15:19.846root 11241100x8000000000000000705848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157e42101ddb6c992023-02-07 15:15:19.846root 11241100x8000000000000000705847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cadfe25d09ddbe2023-02-07 15:15:19.846root 11241100x8000000000000000705854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ddc359bbee3d3f2023-02-07 15:15:19.847root 11241100x8000000000000000705853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bccbfd11ea544ac2023-02-07 15:15:19.847root 11241100x8000000000000000705852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71485f110e9fd122023-02-07 15:15:19.847root 11241100x8000000000000000705851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6acad9df032e5302023-02-07 15:15:19.847root 11241100x8000000000000000705857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31148e92950022812023-02-07 15:15:19.848root 11241100x8000000000000000705856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb2b2d8adeb0b262023-02-07 15:15:19.848root 11241100x8000000000000000705855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f0d1985028d5e22023-02-07 15:15:19.848root 11241100x8000000000000000705861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a04723b11f090b2023-02-07 15:15:19.849root 11241100x8000000000000000705860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522fd62ffc04dd2e2023-02-07 15:15:19.849root 11241100x8000000000000000705859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f91f200281930942023-02-07 15:15:19.849root 11241100x8000000000000000705858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8df304daf7a3092023-02-07 15:15:19.849root 11241100x8000000000000000705866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92bce3f9a923fc42023-02-07 15:15:19.850root 11241100x8000000000000000705865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659a7ec9151e3b522023-02-07 15:15:19.850root 11241100x8000000000000000705864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a5d3388ca94bba2023-02-07 15:15:19.850root 11241100x8000000000000000705863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ff7c986a529e012023-02-07 15:15:19.850root 11241100x8000000000000000705862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81da98b9293ecf7c2023-02-07 15:15:19.850root 11241100x8000000000000000705869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27fbd1a4f37052b2023-02-07 15:15:19.851root 11241100x8000000000000000705868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1851f2a1b7b50b862023-02-07 15:15:19.851root 11241100x8000000000000000705867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f0a35dccd8b38d2023-02-07 15:15:19.851root 11241100x8000000000000000705873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5fff5333542c22023-02-07 15:15:19.852root 11241100x8000000000000000705872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d49f8d7963ea692023-02-07 15:15:19.852root 11241100x8000000000000000705871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6d4ce58bfcc4c42023-02-07 15:15:19.852root 11241100x8000000000000000705870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88877bb17787c84a2023-02-07 15:15:19.852root 11241100x8000000000000000705878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6415399002b8b3d02023-02-07 15:15:19.853root 11241100x8000000000000000705877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65020ba07bbc5842023-02-07 15:15:19.853root 11241100x8000000000000000705876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd301cc6272f9eef2023-02-07 15:15:19.853root 11241100x8000000000000000705875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4f80a8117a3cec2023-02-07 15:15:19.853root 11241100x8000000000000000705874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5c5ff689b3bee82023-02-07 15:15:19.853root 11241100x8000000000000000705879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:19.854{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e93e9cb1fbc0a72023-02-07 15:15:19.854root 11241100x8000000000000000705882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05e2a5b691dd3032023-02-07 15:15:20.345root 11241100x8000000000000000705881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc6c0d11d2e9a1d2023-02-07 15:15:20.345root 11241100x8000000000000000705880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb5d8e66dcad5b32023-02-07 15:15:20.345root 11241100x8000000000000000705891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967905cfae5e4e0c2023-02-07 15:15:20.346root 11241100x8000000000000000705890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f984b2c795d10232023-02-07 15:15:20.346root 11241100x8000000000000000705889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adbaaa8033b2f682023-02-07 15:15:20.346root 11241100x8000000000000000705888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89537b86621cd0e42023-02-07 15:15:20.346root 11241100x8000000000000000705887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc00a0682cc1e3a2023-02-07 15:15:20.346root 11241100x8000000000000000705886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2183cad468aade2023-02-07 15:15:20.346root 11241100x8000000000000000705885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd699dd414c6e232023-02-07 15:15:20.346root 11241100x8000000000000000705884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02810e581114d8032023-02-07 15:15:20.346root 11241100x8000000000000000705883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5238eeda22b0845e2023-02-07 15:15:20.346root 11241100x8000000000000000705903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc4856b9c25e4082023-02-07 15:15:20.347root 11241100x8000000000000000705902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b06c8f0e6cd985a2023-02-07 15:15:20.347root 11241100x8000000000000000705901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9fc56f3401ba0c2023-02-07 15:15:20.347root 11241100x8000000000000000705900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bb14e45884b40d2023-02-07 15:15:20.347root 11241100x8000000000000000705899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56c7c055272f4762023-02-07 15:15:20.347root 11241100x8000000000000000705898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bfcafe9b57417c2023-02-07 15:15:20.347root 11241100x8000000000000000705897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21baf91a3869a71f2023-02-07 15:15:20.347root 11241100x8000000000000000705896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f892e6b3a677490a2023-02-07 15:15:20.347root 11241100x8000000000000000705895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828b39568abeb70c2023-02-07 15:15:20.347root 11241100x8000000000000000705894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6dd57820c2187a2023-02-07 15:15:20.347root 11241100x8000000000000000705893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292ceece6ff1741e2023-02-07 15:15:20.347root 11241100x8000000000000000705892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71c145202e323692023-02-07 15:15:20.347root 11241100x8000000000000000705912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b23ac1d359d48682023-02-07 15:15:20.348root 11241100x8000000000000000705911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cada6f52b196e82023-02-07 15:15:20.348root 11241100x8000000000000000705910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1887ce3e522242962023-02-07 15:15:20.348root 11241100x8000000000000000705909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514902496f8e48272023-02-07 15:15:20.348root 11241100x8000000000000000705908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c28796299f9ee822023-02-07 15:15:20.348root 11241100x8000000000000000705907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1282c5c56dfc056e2023-02-07 15:15:20.348root 11241100x8000000000000000705906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d40afeed42ae702023-02-07 15:15:20.348root 11241100x8000000000000000705905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f375b65e76f1c2612023-02-07 15:15:20.348root 11241100x8000000000000000705904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94afb0fae016cc6f2023-02-07 15:15:20.348root 11241100x8000000000000000705913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855d86e6e17a1e202023-02-07 15:15:20.349root 11241100x8000000000000000705916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357b7384b4f0252e2023-02-07 15:15:20.846root 11241100x8000000000000000705915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ed8c76c57bb9e92023-02-07 15:15:20.846root 11241100x8000000000000000705914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2f7018fd3151db2023-02-07 15:15:20.846root 11241100x8000000000000000705921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fed4993ea475c9f2023-02-07 15:15:20.847root 11241100x8000000000000000705920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4692bafda755e12023-02-07 15:15:20.847root 11241100x8000000000000000705919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ef0d663026b442023-02-07 15:15:20.847root 11241100x8000000000000000705918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d2ac17ada7848c2023-02-07 15:15:20.847root 11241100x8000000000000000705917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19e4a18ce9236e2023-02-07 15:15:20.847root 11241100x8000000000000000705924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270a984449d7ed4d2023-02-07 15:15:20.848root 11241100x8000000000000000705923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb75f36285d5efb2023-02-07 15:15:20.848root 11241100x8000000000000000705922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796960d22fadde5a2023-02-07 15:15:20.848root 11241100x8000000000000000705927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5a57c22b077aab2023-02-07 15:15:20.849root 11241100x8000000000000000705926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354f96a60f55f092023-02-07 15:15:20.849root 11241100x8000000000000000705925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fdcd6bde1175e82023-02-07 15:15:20.849root 11241100x8000000000000000705933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551ee0a86b7b3d9d2023-02-07 15:15:20.850root 11241100x8000000000000000705932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f2e8b64f84400a2023-02-07 15:15:20.850root 11241100x8000000000000000705931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db596558219c35f2023-02-07 15:15:20.850root 11241100x8000000000000000705930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1293ef52eea4512a2023-02-07 15:15:20.850root 11241100x8000000000000000705929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3746231d5ec9eca2023-02-07 15:15:20.850root 11241100x8000000000000000705928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291ae1ed263aeee82023-02-07 15:15:20.850root 11241100x8000000000000000705943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548f9442e1340ad02023-02-07 15:15:20.851root 11241100x8000000000000000705942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011ae2f06b658052023-02-07 15:15:20.851root 11241100x8000000000000000705941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643bd93c67c757c2023-02-07 15:15:20.851root 11241100x8000000000000000705940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04b3fda1abf34d82023-02-07 15:15:20.851root 11241100x8000000000000000705939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e38d7acc64fefb62023-02-07 15:15:20.851root 11241100x8000000000000000705938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b554f93e89ae2ff2023-02-07 15:15:20.851root 11241100x8000000000000000705937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f703348023878432023-02-07 15:15:20.851root 11241100x8000000000000000705936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa963dccfa5e6512023-02-07 15:15:20.851root 11241100x8000000000000000705935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aebe1cfeec20042023-02-07 15:15:20.851root 11241100x8000000000000000705934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:20.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af9d8daf54c92f62023-02-07 15:15:20.851root 11241100x8000000000000000705952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7bbd6c1db73b782023-02-07 15:15:21.346root 11241100x8000000000000000705951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2507b4b6ab32aa2023-02-07 15:15:21.346root 11241100x8000000000000000705950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c30ac69bff289a2023-02-07 15:15:21.346root 11241100x8000000000000000705949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ff50fdcc0608b12023-02-07 15:15:21.346root 11241100x8000000000000000705948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ac19086b1f49c62023-02-07 15:15:21.346root 11241100x8000000000000000705947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c6ccdfed478032023-02-07 15:15:21.346root 11241100x8000000000000000705946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08571b132a37f5502023-02-07 15:15:21.346root 11241100x8000000000000000705945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596391d63822d97d2023-02-07 15:15:21.346root 11241100x8000000000000000705944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f056a83b54b6672023-02-07 15:15:21.346root 11241100x8000000000000000705963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c9f83bfd56aa7f2023-02-07 15:15:21.347root 11241100x8000000000000000705962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a654e282e3d2f42023-02-07 15:15:21.347root 11241100x8000000000000000705961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d454edbdfd4a422023-02-07 15:15:21.347root 11241100x8000000000000000705960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799ac6703f5cf4c72023-02-07 15:15:21.347root 11241100x8000000000000000705959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f79fc50754f3b272023-02-07 15:15:21.347root 11241100x8000000000000000705958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f956b886e6ed612023-02-07 15:15:21.347root 11241100x8000000000000000705957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4189d4a0d8713b342023-02-07 15:15:21.347root 11241100x8000000000000000705956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2753e30fffb7a6fa2023-02-07 15:15:21.347root 11241100x8000000000000000705955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2305a3c0319b82c72023-02-07 15:15:21.347root 11241100x8000000000000000705954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc975ba3c6fd8512023-02-07 15:15:21.347root 11241100x8000000000000000705953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e47640c465504a82023-02-07 15:15:21.347root 11241100x8000000000000000705973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f838845c11f9222023-02-07 15:15:21.348root 11241100x8000000000000000705972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329eaae512d4452c2023-02-07 15:15:21.348root 11241100x8000000000000000705971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f50d6bf61741812023-02-07 15:15:21.348root 11241100x8000000000000000705970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e822bdc429526ee82023-02-07 15:15:21.348root 11241100x8000000000000000705969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e95782a0068d942023-02-07 15:15:21.348root 11241100x8000000000000000705968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe43f98e87c82012023-02-07 15:15:21.348root 11241100x8000000000000000705967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eacc3992abbe7802023-02-07 15:15:21.348root 11241100x8000000000000000705966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f219b8e983beecf82023-02-07 15:15:21.348root 11241100x8000000000000000705965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dab76179159d9e22023-02-07 15:15:21.348root 11241100x8000000000000000705964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62468a389cd4fd72023-02-07 15:15:21.348root 11241100x8000000000000000705974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d73fdf308e2a612023-02-07 15:15:21.845root 11241100x8000000000000000705987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c691b891918d86a2023-02-07 15:15:21.846root 11241100x8000000000000000705986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9108cd6caaab342023-02-07 15:15:21.846root 11241100x8000000000000000705985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6a6c2807ea326a2023-02-07 15:15:21.846root 11241100x8000000000000000705984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d80428f19006d432023-02-07 15:15:21.846root 11241100x8000000000000000705983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d7da8fbf1552df2023-02-07 15:15:21.846root 11241100x8000000000000000705982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15fc6a489b9353b2023-02-07 15:15:21.846root 11241100x8000000000000000705981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e77f97ad88f73f72023-02-07 15:15:21.846root 11241100x8000000000000000705980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c07a6e120202d82023-02-07 15:15:21.846root 11241100x8000000000000000705979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95fcfb3be982c0e2023-02-07 15:15:21.846root 11241100x8000000000000000705978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b091933cb3c3f1e2023-02-07 15:15:21.846root 11241100x8000000000000000705977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7629f50755840242023-02-07 15:15:21.846root 11241100x8000000000000000705976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1cafac716661892023-02-07 15:15:21.846root 11241100x8000000000000000705975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfda6c07f8b3d92023-02-07 15:15:21.846root 11241100x8000000000000000705999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce79bd05425d76c12023-02-07 15:15:21.847root 11241100x8000000000000000705998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f096309ee2105d62023-02-07 15:15:21.847root 11241100x8000000000000000705997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885d54bae1e946042023-02-07 15:15:21.847root 11241100x8000000000000000705996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8d9f7e2a94dd762023-02-07 15:15:21.847root 11241100x8000000000000000705995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9390304e824d4422023-02-07 15:15:21.847root 11241100x8000000000000000705994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069fcf8103a09aa22023-02-07 15:15:21.847root 11241100x8000000000000000705993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b3dc0fc91b8e712023-02-07 15:15:21.847root 11241100x8000000000000000705992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56b22d09de912232023-02-07 15:15:21.847root 11241100x8000000000000000705991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a5b1f2593721792023-02-07 15:15:21.847root 11241100x8000000000000000705990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43495073509688122023-02-07 15:15:21.847root 11241100x8000000000000000705989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc52ce8cd020ad2023-02-07 15:15:21.847root 11241100x8000000000000000705988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64875b1c3c10109c2023-02-07 15:15:21.847root 11241100x8000000000000000706003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0758a7e1d44538f32023-02-07 15:15:21.848root 11241100x8000000000000000706002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e7ef117f959f472023-02-07 15:15:21.848root 11241100x8000000000000000706001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4995b943ccbf412023-02-07 15:15:21.848root 11241100x8000000000000000706000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:21.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a477be7611e83e1b2023-02-07 15:15:21.848root 11241100x8000000000000000706004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455df3d1e01352962023-02-07 15:15:22.345root 11241100x8000000000000000706019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e4504f23844c062023-02-07 15:15:22.346root 11241100x8000000000000000706018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f74c88550f5c372023-02-07 15:15:22.346root 11241100x8000000000000000706017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c723996684b67282023-02-07 15:15:22.346root 11241100x8000000000000000706016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa3c696d6108e82023-02-07 15:15:22.346root 11241100x8000000000000000706015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dd88b5456319fa2023-02-07 15:15:22.346root 11241100x8000000000000000706014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66154873f8c96b372023-02-07 15:15:22.346root 11241100x8000000000000000706013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b743c45961024002023-02-07 15:15:22.346root 11241100x8000000000000000706012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedf05f8d1270f9e2023-02-07 15:15:22.346root 11241100x8000000000000000706011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e417bf83e3e362023-02-07 15:15:22.346root 11241100x8000000000000000706010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bded63478dee8a42023-02-07 15:15:22.346root 11241100x8000000000000000706009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0b9d9787c8de062023-02-07 15:15:22.346root 11241100x8000000000000000706008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356a36110fcb2eb42023-02-07 15:15:22.346root 11241100x8000000000000000706007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44333188633af592023-02-07 15:15:22.346root 11241100x8000000000000000706006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebce22d363e987fb2023-02-07 15:15:22.346root 11241100x8000000000000000706005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825646cface519a02023-02-07 15:15:22.346root 11241100x8000000000000000706034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9260333ed9afefe62023-02-07 15:15:22.347root 11241100x8000000000000000706033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c567ee2ae55588b82023-02-07 15:15:22.347root 11241100x8000000000000000706032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f26b50078cf89262023-02-07 15:15:22.347root 11241100x8000000000000000706031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb2f90347677f0d2023-02-07 15:15:22.347root 11241100x8000000000000000706030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e841bf22406dfc2023-02-07 15:15:22.347root 11241100x8000000000000000706029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecbfe6fae8d10782023-02-07 15:15:22.347root 11241100x8000000000000000706028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46124cfd1746cbde2023-02-07 15:15:22.347root 11241100x8000000000000000706027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b887b7cb46d6c92023-02-07 15:15:22.347root 11241100x8000000000000000706026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4a4f705068adc82023-02-07 15:15:22.347root 11241100x8000000000000000706025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f9f8ac05743fe32023-02-07 15:15:22.347root 11241100x8000000000000000706024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2bf61d496881f22023-02-07 15:15:22.347root 11241100x8000000000000000706023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e3dc6d9ae75c6d2023-02-07 15:15:22.347root 11241100x8000000000000000706022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6605ba74f75287d12023-02-07 15:15:22.347root 11241100x8000000000000000706021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d76655ede4ac852023-02-07 15:15:22.347root 11241100x8000000000000000706020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035b5293ac7f8e012023-02-07 15:15:22.347root 11241100x8000000000000000706050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72e988004a9c14c2023-02-07 15:15:22.348root 11241100x8000000000000000706049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8e72e7f1c4af2f2023-02-07 15:15:22.348root 11241100x8000000000000000706048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d93f9157405f0eb2023-02-07 15:15:22.348root 11241100x8000000000000000706047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c1fee85be6296e2023-02-07 15:15:22.348root 11241100x8000000000000000706046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b2a39e597eee52023-02-07 15:15:22.348root 11241100x8000000000000000706045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef5fd134472eabf2023-02-07 15:15:22.348root 11241100x8000000000000000706044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf7e8e2061971c02023-02-07 15:15:22.348root 11241100x8000000000000000706043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0365b4ff252d8e2023-02-07 15:15:22.348root 11241100x8000000000000000706042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e8babf6f69a4382023-02-07 15:15:22.348root 11241100x8000000000000000706041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470f76de14e371ee2023-02-07 15:15:22.348root 11241100x8000000000000000706040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4b246be7dce02e2023-02-07 15:15:22.348root 11241100x8000000000000000706039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9b924a183185c42023-02-07 15:15:22.348root 11241100x8000000000000000706038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9287967e3404a7862023-02-07 15:15:22.348root 11241100x8000000000000000706037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9ebfb9373c1ea52023-02-07 15:15:22.348root 11241100x8000000000000000706036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e6f567225a99662023-02-07 15:15:22.348root 11241100x8000000000000000706035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a899e87824a2d95a2023-02-07 15:15:22.348root 11241100x8000000000000000706060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1976db225098d5d2023-02-07 15:15:22.349root 11241100x8000000000000000706059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81232e1527d08ec2023-02-07 15:15:22.349root 11241100x8000000000000000706058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a2f21037b3a5582023-02-07 15:15:22.349root 11241100x8000000000000000706057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85791261685b9be32023-02-07 15:15:22.349root 11241100x8000000000000000706056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377e4fd0d8f823a82023-02-07 15:15:22.349root 11241100x8000000000000000706055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa3f61866dd9e2b2023-02-07 15:15:22.349root 11241100x8000000000000000706054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cff253d9c2e70672023-02-07 15:15:22.349root 11241100x8000000000000000706053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d75677d7e1c04af2023-02-07 15:15:22.349root 11241100x8000000000000000706052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c61131d6b9d4e82023-02-07 15:15:22.349root 11241100x8000000000000000706051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56123c93b0acacb22023-02-07 15:15:22.349root 11241100x8000000000000000706063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4684f25c28ebbcc2023-02-07 15:15:22.350root 11241100x8000000000000000706062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a75b3099c8afabd2023-02-07 15:15:22.350root 11241100x8000000000000000706061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eb2a1debfb2a492023-02-07 15:15:22.350root 11241100x8000000000000000706065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2238443936f0f7d2023-02-07 15:15:22.845root 11241100x8000000000000000706064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cf41592badb78b2023-02-07 15:15:22.845root 11241100x8000000000000000706080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0a3ca3eaa66b872023-02-07 15:15:22.846root 11241100x8000000000000000706079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b4e960b722e6072023-02-07 15:15:22.846root 11241100x8000000000000000706078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462506e1de2918212023-02-07 15:15:22.846root 11241100x8000000000000000706077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1341c227d046caf2023-02-07 15:15:22.846root 11241100x8000000000000000706076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c06e3b6625ee522023-02-07 15:15:22.846root 11241100x8000000000000000706075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce14fecd610ff8b2023-02-07 15:15:22.846root 11241100x8000000000000000706074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2182cace950b41822023-02-07 15:15:22.846root 11241100x8000000000000000706073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b21f84bef63e722023-02-07 15:15:22.846root 11241100x8000000000000000706072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4678fcf0348166e2023-02-07 15:15:22.846root 11241100x8000000000000000706071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9f3438ca09ba6d2023-02-07 15:15:22.846root 11241100x8000000000000000706070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4d96b7d66cef782023-02-07 15:15:22.846root 11241100x8000000000000000706069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f42805a94d8b72023-02-07 15:15:22.846root 11241100x8000000000000000706068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b66b1f6a2caa532023-02-07 15:15:22.846root 11241100x8000000000000000706067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2288e30816d7ecf2023-02-07 15:15:22.846root 11241100x8000000000000000706066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8996eac79b4632023-02-07 15:15:22.846root 11241100x8000000000000000706095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8081686d828409c2023-02-07 15:15:22.847root 11241100x8000000000000000706094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f9642a393ca0922023-02-07 15:15:22.847root 11241100x8000000000000000706093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811baf391e0d982a2023-02-07 15:15:22.847root 11241100x8000000000000000706092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc975648661a8b62023-02-07 15:15:22.847root 11241100x8000000000000000706091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb46435091075ef2023-02-07 15:15:22.847root 11241100x8000000000000000706090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8868f2e546bc8f02023-02-07 15:15:22.847root 11241100x8000000000000000706089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c92949c907f0752023-02-07 15:15:22.847root 11241100x8000000000000000706088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c0a4bab2d7d50e2023-02-07 15:15:22.847root 11241100x8000000000000000706087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4b512bc3db35352023-02-07 15:15:22.847root 11241100x8000000000000000706086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e426433cf85267d52023-02-07 15:15:22.847root 11241100x8000000000000000706085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616210751e90887f2023-02-07 15:15:22.847root 11241100x8000000000000000706084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1027646572d24ace2023-02-07 15:15:22.847root 11241100x8000000000000000706083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2dcb0deed88cf82023-02-07 15:15:22.847root 11241100x8000000000000000706082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e95a821a3b91c592023-02-07 15:15:22.847root 11241100x8000000000000000706081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:22.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91f2ae97413a0342023-02-07 15:15:22.847root 11241100x8000000000000000706096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a116dce06170bcf2023-02-07 15:15:23.345root 11241100x8000000000000000706110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a8dcc9006cf0952023-02-07 15:15:23.346root 11241100x8000000000000000706109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d663ab7b3098b2023-02-07 15:15:23.346root 11241100x8000000000000000706108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d5711a7426d46f2023-02-07 15:15:23.346root 11241100x8000000000000000706107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b968344d6ac8681b2023-02-07 15:15:23.346root 11241100x8000000000000000706106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a808450f7ba6e32023-02-07 15:15:23.346root 11241100x8000000000000000706105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e911c7104594d52023-02-07 15:15:23.346root 11241100x8000000000000000706104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9b5dca7cb163672023-02-07 15:15:23.346root 11241100x8000000000000000706103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136139df9cb048462023-02-07 15:15:23.346root 11241100x8000000000000000706102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38d1fb6386cfc662023-02-07 15:15:23.346root 11241100x8000000000000000706101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46716a56768a46732023-02-07 15:15:23.346root 11241100x8000000000000000706100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc10dc3e9dff7702023-02-07 15:15:23.346root 11241100x8000000000000000706099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa0802bb5840f142023-02-07 15:15:23.346root 11241100x8000000000000000706098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365bde472ba60ef52023-02-07 15:15:23.346root 11241100x8000000000000000706097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f58dc057a98de02023-02-07 15:15:23.346root 11241100x8000000000000000706125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049ee452ca63fc2d2023-02-07 15:15:23.347root 11241100x8000000000000000706124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e59c4ef71be7202023-02-07 15:15:23.347root 11241100x8000000000000000706123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b89634e5d192da2023-02-07 15:15:23.347root 11241100x8000000000000000706122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128af6ce3d8b04922023-02-07 15:15:23.347root 11241100x8000000000000000706121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3800e9832b93d5cf2023-02-07 15:15:23.347root 11241100x8000000000000000706120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c03e1ae6bdad252023-02-07 15:15:23.347root 11241100x8000000000000000706119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910a8ec8daeb6e82023-02-07 15:15:23.347root 11241100x8000000000000000706118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4c6004dec73fe02023-02-07 15:15:23.347root 11241100x8000000000000000706117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71324c4b4ba13042023-02-07 15:15:23.347root 11241100x8000000000000000706116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8534937f92c1df922023-02-07 15:15:23.347root 11241100x8000000000000000706115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb81b567960a112023-02-07 15:15:23.347root 11241100x8000000000000000706114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa5e5a69494f4222023-02-07 15:15:23.347root 11241100x8000000000000000706113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dde9fd5b17b6292023-02-07 15:15:23.347root 11241100x8000000000000000706112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc463001a0fe3fc2023-02-07 15:15:23.347root 11241100x8000000000000000706111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1371f21162afa6aa2023-02-07 15:15:23.347root 11241100x8000000000000000706127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b32db23b07b152023-02-07 15:15:23.348root 11241100x8000000000000000706126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da2fca5a92eed72023-02-07 15:15:23.348root 11241100x8000000000000000706136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab39868cb779b162023-02-07 15:15:23.846root 11241100x8000000000000000706135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ffa9468e9ad2d22023-02-07 15:15:23.846root 11241100x8000000000000000706134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9d184b591bf2782023-02-07 15:15:23.846root 11241100x8000000000000000706133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca89c4ae2a78e0d62023-02-07 15:15:23.846root 11241100x8000000000000000706132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea6cd91d164c07b2023-02-07 15:15:23.846root 11241100x8000000000000000706131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdff33e78e73b1862023-02-07 15:15:23.846root 11241100x8000000000000000706130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083ca8e3600da9302023-02-07 15:15:23.846root 11241100x8000000000000000706129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d116fe0e72b28cd2023-02-07 15:15:23.846root 11241100x8000000000000000706128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e070cb4f7e8931592023-02-07 15:15:23.846root 11241100x8000000000000000706145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5869ed3a16c69b2023-02-07 15:15:23.847root 11241100x8000000000000000706144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79358fa53dafec9c2023-02-07 15:15:23.847root 11241100x8000000000000000706143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9640d1f38624eae52023-02-07 15:15:23.847root 11241100x8000000000000000706142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e71708ca7af9d22023-02-07 15:15:23.847root 11241100x8000000000000000706141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cce739b66e61d52023-02-07 15:15:23.847root 11241100x8000000000000000706140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc6c606054e70462023-02-07 15:15:23.847root 11241100x8000000000000000706139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9709721a63d38d2023-02-07 15:15:23.847root 11241100x8000000000000000706138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770909088e98a5872023-02-07 15:15:23.847root 11241100x8000000000000000706137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b41cf09eefe1352023-02-07 15:15:23.847root 11241100x8000000000000000706157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ebc036bfa62dc82023-02-07 15:15:23.848root 11241100x8000000000000000706156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546e1c85b48330112023-02-07 15:15:23.848root 11241100x8000000000000000706155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93222d4197c660142023-02-07 15:15:23.848root 11241100x8000000000000000706154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e73ce4ee0dfd22023-02-07 15:15:23.848root 11241100x8000000000000000706153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593fae9dd5f7c3b12023-02-07 15:15:23.848root 11241100x8000000000000000706152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ab06e24d9fdde62023-02-07 15:15:23.848root 11241100x8000000000000000706151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40748abd6c53c392023-02-07 15:15:23.848root 11241100x8000000000000000706150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c61b1d79b2c1072023-02-07 15:15:23.848root 11241100x8000000000000000706149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6605656e4b6dc22023-02-07 15:15:23.848root 11241100x8000000000000000706148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a489724a7e7c08f2023-02-07 15:15:23.848root 11241100x8000000000000000706147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcee80f06cb7cd6d2023-02-07 15:15:23.848root 11241100x8000000000000000706146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:23.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a224aeb74a29202023-02-07 15:15:23.848root 11241100x8000000000000000706158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0340012468aecc2023-02-07 15:15:24.345root 11241100x8000000000000000706169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951890b0e0e725362023-02-07 15:15:24.346root 11241100x8000000000000000706168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825c6cb6d41ef8792023-02-07 15:15:24.346root 11241100x8000000000000000706167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d10d08ebdd5522c2023-02-07 15:15:24.346root 11241100x8000000000000000706166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4528549ddf814ba2023-02-07 15:15:24.346root 11241100x8000000000000000706165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc6ac55494dd4f12023-02-07 15:15:24.346root 11241100x8000000000000000706164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0b3faa0d0c6872023-02-07 15:15:24.346root 11241100x8000000000000000706163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4a685006e985f72023-02-07 15:15:24.346root 11241100x8000000000000000706162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9aa4bfb46b3ab82023-02-07 15:15:24.346root 11241100x8000000000000000706161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534b7923282561702023-02-07 15:15:24.346root 11241100x8000000000000000706160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c69d02b2fd77e92023-02-07 15:15:24.346root 11241100x8000000000000000706159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c475e7284d1d68ad2023-02-07 15:15:24.346root 11241100x8000000000000000706175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d88583070a76972023-02-07 15:15:24.347root 11241100x8000000000000000706174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43949f400022f54c2023-02-07 15:15:24.347root 11241100x8000000000000000706173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c122134071d358e2023-02-07 15:15:24.347root 11241100x8000000000000000706172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77ecca2e6641af52023-02-07 15:15:24.347root 11241100x8000000000000000706171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6863cc1bdc9bf1f42023-02-07 15:15:24.347root 11241100x8000000000000000706170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22721b351e1ddd502023-02-07 15:15:24.347root 11241100x8000000000000000706189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd138386167623532023-02-07 15:15:24.348root 11241100x8000000000000000706188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b057fce40c3211a2023-02-07 15:15:24.348root 11241100x8000000000000000706187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605264d7b47fc3202023-02-07 15:15:24.348root 11241100x8000000000000000706186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660e559cc6f049772023-02-07 15:15:24.348root 11241100x8000000000000000706185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea641e2f59b313742023-02-07 15:15:24.348root 11241100x8000000000000000706184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8a50ef7967995e2023-02-07 15:15:24.348root 11241100x8000000000000000706183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82abe29296a1f7332023-02-07 15:15:24.348root 11241100x8000000000000000706182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6392d28c50c4fb132023-02-07 15:15:24.348root 11241100x8000000000000000706181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51be76596f0dbae62023-02-07 15:15:24.348root 11241100x8000000000000000706180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d024ddb1325ea72023-02-07 15:15:24.348root 11241100x8000000000000000706179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8420cd8ba0ab772023-02-07 15:15:24.348root 11241100x8000000000000000706178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580196f68131c492023-02-07 15:15:24.348root 11241100x8000000000000000706177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbe22b51eced8a32023-02-07 15:15:24.348root 11241100x8000000000000000706176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9883d7006d21acf62023-02-07 15:15:24.348root 11241100x8000000000000000706190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be29bee6b31d47d2023-02-07 15:15:24.349root 11241100x8000000000000000706191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.729{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:15:24.729root 11241100x8000000000000000706193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5d17eccabd7cc22023-02-07 15:15:24.730root 11241100x8000000000000000706192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba22c6658a5cf602023-02-07 15:15:24.730root 11241100x8000000000000000706201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d6aa8e369c4c392023-02-07 15:15:24.731root 11241100x8000000000000000706200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077c2807f54851552023-02-07 15:15:24.731root 11241100x8000000000000000706199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ea25f6b797e32f2023-02-07 15:15:24.731root 11241100x8000000000000000706198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048c1fd29bee595b2023-02-07 15:15:24.731root 11241100x8000000000000000706197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fe1e8bb113dce92023-02-07 15:15:24.731root 11241100x8000000000000000706196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec97c4173421763a2023-02-07 15:15:24.731root 11241100x8000000000000000706195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec99283ed39f27d2023-02-07 15:15:24.731root 11241100x8000000000000000706194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916fa782a30bd8722023-02-07 15:15:24.731root 11241100x8000000000000000706208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7da19f5e3c69582023-02-07 15:15:24.733root 11241100x8000000000000000706207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cbed0fcfbc28fb2023-02-07 15:15:24.733root 11241100x8000000000000000706206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3895ba23cf8c7362023-02-07 15:15:24.733root 11241100x8000000000000000706205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1794580cd9c23f2023-02-07 15:15:24.733root 11241100x8000000000000000706204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef633b5cd004b462023-02-07 15:15:24.733root 11241100x8000000000000000706203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbf188ba6ee318b2023-02-07 15:15:24.733root 11241100x8000000000000000706202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6b46ee2d1bcf382023-02-07 15:15:24.733root 11241100x8000000000000000706220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaac50f79e9a64f2023-02-07 15:15:24.734root 11241100x8000000000000000706219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adc0d18f094ef052023-02-07 15:15:24.734root 11241100x8000000000000000706218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bb5e576fd017392023-02-07 15:15:24.734root 11241100x8000000000000000706217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657092c3874f92022023-02-07 15:15:24.734root 11241100x8000000000000000706216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94615ac9e9d332a2023-02-07 15:15:24.734root 11241100x8000000000000000706215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4733dba0507ca6892023-02-07 15:15:24.734root 11241100x8000000000000000706214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d306b5062a49732023-02-07 15:15:24.734root 11241100x8000000000000000706213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb1de55ce2790532023-02-07 15:15:24.734root 11241100x8000000000000000706212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a6539faedd9b472023-02-07 15:15:24.734root 11241100x8000000000000000706211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa4e8273b415a7f2023-02-07 15:15:24.734root 11241100x8000000000000000706210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fdb80f57c76b692023-02-07 15:15:24.734root 11241100x8000000000000000706209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dd0d39fc6120282023-02-07 15:15:24.734root 11241100x8000000000000000706227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c48c0f7af4873b2023-02-07 15:15:24.735root 11241100x8000000000000000706226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3e09cc1ee0bedd2023-02-07 15:15:24.735root 11241100x8000000000000000706225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8fba647523fb422023-02-07 15:15:24.735root 11241100x8000000000000000706224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d509052a1d4d622023-02-07 15:15:24.735root 11241100x8000000000000000706223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0370f233ab082bd2023-02-07 15:15:24.735root 11241100x8000000000000000706222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d32629ee55efb62023-02-07 15:15:24.735root 11241100x8000000000000000706221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6868f706fbcba7ed2023-02-07 15:15:24.735root 11241100x8000000000000000706232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3c34e76696759f2023-02-07 15:15:24.736root 11241100x8000000000000000706231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668c957f485edbe52023-02-07 15:15:24.736root 11241100x8000000000000000706230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8615c4d35f1fb72023-02-07 15:15:24.736root 11241100x8000000000000000706229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024f8bd8fe69ce82023-02-07 15:15:24.736root 11241100x8000000000000000706228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:24.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1ad5305438e4cc2023-02-07 15:15:24.736root 354300x8000000000000000706233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.077{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44728-false10.0.1.12-8000- 11241100x8000000000000000706235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b5555750ee0822023-02-07 15:15:25.078root 11241100x8000000000000000706234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b7468a3b8271fc2023-02-07 15:15:25.078root 11241100x8000000000000000706244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877b0fcab3d84fda2023-02-07 15:15:25.079root 11241100x8000000000000000706243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bba6ddfc3af19b2023-02-07 15:15:25.079root 11241100x8000000000000000706242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003998402df4b0432023-02-07 15:15:25.079root 11241100x8000000000000000706241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690bd64895ae57eb2023-02-07 15:15:25.079root 11241100x8000000000000000706240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cb13325d13886b2023-02-07 15:15:25.079root 11241100x8000000000000000706239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aabed7fdbfa9b392023-02-07 15:15:25.079root 11241100x8000000000000000706238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcbf7ecfa1ad5582023-02-07 15:15:25.079root 11241100x8000000000000000706237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b1d9d65300ab502023-02-07 15:15:25.079root 11241100x8000000000000000706236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.079{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031e20ca67ba51b12023-02-07 15:15:25.079root 11241100x8000000000000000706255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e076ebc3c4f3a9302023-02-07 15:15:25.080root 11241100x8000000000000000706254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0598ec7c84aad0822023-02-07 15:15:25.080root 11241100x8000000000000000706253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab880637bb206272023-02-07 15:15:25.080root 11241100x8000000000000000706252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f05fcbc9e75e4e2023-02-07 15:15:25.080root 11241100x8000000000000000706251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3332cdf7413dd4022023-02-07 15:15:25.080root 11241100x8000000000000000706250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a8eeb5733b0d0a2023-02-07 15:15:25.080root 11241100x8000000000000000706249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ff7eb7eedcc20a2023-02-07 15:15:25.080root 11241100x8000000000000000706248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6292cda1f7458c12023-02-07 15:15:25.080root 11241100x8000000000000000706247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2870b34d960329a12023-02-07 15:15:25.080root 11241100x8000000000000000706246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c24d49fbf8e54af2023-02-07 15:15:25.080root 11241100x8000000000000000706245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b9e965b4fb3412023-02-07 15:15:25.080root 11241100x8000000000000000706265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0baa86a95c175362023-02-07 15:15:25.081root 11241100x8000000000000000706264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bd15bd4d5045052023-02-07 15:15:25.081root 11241100x8000000000000000706263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8965701d82095c1d2023-02-07 15:15:25.081root 11241100x8000000000000000706262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeefd4225e2772dc2023-02-07 15:15:25.081root 11241100x8000000000000000706261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291e640110655ca02023-02-07 15:15:25.081root 11241100x8000000000000000706260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9603122727be61382023-02-07 15:15:25.081root 11241100x8000000000000000706259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a89d6f343952e882023-02-07 15:15:25.081root 11241100x8000000000000000706258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d06ca3f95a219242023-02-07 15:15:25.081root 11241100x8000000000000000706257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb4b8c551d1c02a2023-02-07 15:15:25.081root 11241100x8000000000000000706256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744d5d2b80b164f72023-02-07 15:15:25.081root 11241100x8000000000000000706272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89708471becc37832023-02-07 15:15:25.082root 11241100x8000000000000000706271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fd3f5de9585d8c2023-02-07 15:15:25.082root 11241100x8000000000000000706270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecc85954563a92d2023-02-07 15:15:25.082root 11241100x8000000000000000706269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170057070e726bd62023-02-07 15:15:25.082root 11241100x8000000000000000706268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abb8507349bacb02023-02-07 15:15:25.082root 11241100x8000000000000000706267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c6ceff1a7399b92023-02-07 15:15:25.082root 11241100x8000000000000000706266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2940c4ba5a189d2e2023-02-07 15:15:25.082root 11241100x8000000000000000706276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491bb04c9cf356612023-02-07 15:15:25.083root 11241100x8000000000000000706275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766dec41c594eac72023-02-07 15:15:25.083root 11241100x8000000000000000706274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d8f5548053bbef2023-02-07 15:15:25.083root 11241100x8000000000000000706273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696ac976a7c96c452023-02-07 15:15:25.083root 11241100x8000000000000000706282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.087{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dfbfebb07adeab2023-02-07 15:15:25.087root 11241100x8000000000000000706281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.087{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea42b89ae1afc1732023-02-07 15:15:25.087root 11241100x8000000000000000706280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.087{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab18e3cfc050568d2023-02-07 15:15:25.087root 11241100x8000000000000000706279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.087{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f80a7d5ce52cef2023-02-07 15:15:25.087root 11241100x8000000000000000706278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.087{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa18bb7af7547a92023-02-07 15:15:25.087root 11241100x8000000000000000706277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.087{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba479d8dd0e18dd2023-02-07 15:15:25.087root 11241100x8000000000000000706290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13616d9d2dd0d7632023-02-07 15:15:25.088root 11241100x8000000000000000706289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fe5ecb85c5165c2023-02-07 15:15:25.088root 11241100x8000000000000000706288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a9ff240c1b0b0d2023-02-07 15:15:25.088root 11241100x8000000000000000706287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c9eaa76e481102023-02-07 15:15:25.088root 11241100x8000000000000000706286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff898cab51d40e2023-02-07 15:15:25.088root 11241100x8000000000000000706285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7effea192102db2023-02-07 15:15:25.088root 11241100x8000000000000000706284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64888a089acb655e2023-02-07 15:15:25.088root 11241100x8000000000000000706283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a974e7602b0b3572023-02-07 15:15:25.088root 11241100x8000000000000000706299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2976d796e96e12682023-02-07 15:15:25.089root 11241100x8000000000000000706298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f069fcc7f8e55922023-02-07 15:15:25.089root 11241100x8000000000000000706297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6d82b72a6ddc42023-02-07 15:15:25.089root 11241100x8000000000000000706296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b800a371d29f52023-02-07 15:15:25.089root 11241100x8000000000000000706295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75efd618e7d61cdb2023-02-07 15:15:25.089root 11241100x8000000000000000706294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca429631cde4610d2023-02-07 15:15:25.089root 11241100x8000000000000000706293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5369ac50b0fd672023-02-07 15:15:25.089root 11241100x8000000000000000706292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f57e049b96ca542023-02-07 15:15:25.089root 11241100x8000000000000000706291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b35a38a03419972023-02-07 15:15:25.089root 11241100x8000000000000000706301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4035c4e95a746e4d2023-02-07 15:15:25.346root 11241100x8000000000000000706300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a99f0cb3963c062023-02-07 15:15:25.346root 11241100x8000000000000000706305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f734072bd9f2ff362023-02-07 15:15:25.347root 11241100x8000000000000000706304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377416ca75cd42622023-02-07 15:15:25.347root 11241100x8000000000000000706303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb4fd9725e08e7e2023-02-07 15:15:25.347root 11241100x8000000000000000706302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc821dcbe5fbf352023-02-07 15:15:25.347root 11241100x8000000000000000706308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f412d52c5a7714a2023-02-07 15:15:25.348root 11241100x8000000000000000706307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1fc926c8ff91af2023-02-07 15:15:25.348root 11241100x8000000000000000706306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfc8af34dc541f2023-02-07 15:15:25.348root 11241100x8000000000000000706319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100927f5fed882a82023-02-07 15:15:25.349root 11241100x8000000000000000706318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5108edfada8e9c2023-02-07 15:15:25.349root 11241100x8000000000000000706317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6a2846b3dd48a92023-02-07 15:15:25.349root 11241100x8000000000000000706316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4778e97b578bd64c2023-02-07 15:15:25.349root 11241100x8000000000000000706315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a74e9532e2486b2023-02-07 15:15:25.349root 11241100x8000000000000000706314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ad9ee0508b8bc02023-02-07 15:15:25.349root 11241100x8000000000000000706313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3002f8372ef63f2023-02-07 15:15:25.349root 11241100x8000000000000000706312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a2aa2563ad1b6c2023-02-07 15:15:25.349root 11241100x8000000000000000706311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cfe8522917757c2023-02-07 15:15:25.349root 11241100x8000000000000000706310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762ca75ea076ed2c2023-02-07 15:15:25.349root 11241100x8000000000000000706309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf1b139df59e3052023-02-07 15:15:25.349root 11241100x8000000000000000706328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fefb7abbadba782023-02-07 15:15:25.350root 11241100x8000000000000000706327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5da5fe2c757e3e2023-02-07 15:15:25.350root 11241100x8000000000000000706326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8f4cdd29cbfec72023-02-07 15:15:25.350root 11241100x8000000000000000706325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88a7905e3f054152023-02-07 15:15:25.350root 11241100x8000000000000000706324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fab75c5dd35f73e2023-02-07 15:15:25.350root 11241100x8000000000000000706323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce380bc35f60632c2023-02-07 15:15:25.350root 11241100x8000000000000000706322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de456f47e9661b552023-02-07 15:15:25.350root 11241100x8000000000000000706321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ecccb2d3e66c4d2023-02-07 15:15:25.350root 11241100x8000000000000000706320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9431b8a1db37590c2023-02-07 15:15:25.350root 11241100x8000000000000000706331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9757e69973cd40182023-02-07 15:15:25.351root 11241100x8000000000000000706330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8622db9126a9e1712023-02-07 15:15:25.351root 11241100x8000000000000000706329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff132ee09281bb2023-02-07 15:15:25.351root 11241100x8000000000000000706332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc0fcd5353f229d2023-02-07 15:15:25.845root 11241100x8000000000000000706336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e650e859a102f632023-02-07 15:15:25.846root 11241100x8000000000000000706335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257e51f5f67c3872023-02-07 15:15:25.846root 11241100x8000000000000000706334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc69673cbc2969e92023-02-07 15:15:25.846root 11241100x8000000000000000706333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a265e29ef1a7c1072023-02-07 15:15:25.846root 11241100x8000000000000000706345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf702165491bcf52023-02-07 15:15:25.847root 11241100x8000000000000000706344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcbfa768400d35d2023-02-07 15:15:25.847root 11241100x8000000000000000706343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddc86e65e45ee7d2023-02-07 15:15:25.847root 11241100x8000000000000000706342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ee12116d6cbfd62023-02-07 15:15:25.847root 11241100x8000000000000000706341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab53ea593b9b25d72023-02-07 15:15:25.847root 11241100x8000000000000000706340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda25cd5ce1c8e2b2023-02-07 15:15:25.847root 11241100x8000000000000000706339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0e14397b8397eb2023-02-07 15:15:25.847root 11241100x8000000000000000706338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1617baeadda7c2023-02-07 15:15:25.847root 11241100x8000000000000000706337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d4b97b8a40fb1c2023-02-07 15:15:25.847root 11241100x8000000000000000706357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602a6250067bb3192023-02-07 15:15:25.848root 11241100x8000000000000000706356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9582a46ba483a32023-02-07 15:15:25.848root 11241100x8000000000000000706355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5c9acd0257f1792023-02-07 15:15:25.848root 11241100x8000000000000000706354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19241771b801aa012023-02-07 15:15:25.848root 11241100x8000000000000000706353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441567e44f7a3abe2023-02-07 15:15:25.848root 11241100x8000000000000000706352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e464cd54d5fa10d2023-02-07 15:15:25.848root 11241100x8000000000000000706351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a386f5d5fdf8bf4e2023-02-07 15:15:25.848root 11241100x8000000000000000706350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b955f56d58ef372023-02-07 15:15:25.848root 11241100x8000000000000000706349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f53229fe8cd3ab2023-02-07 15:15:25.848root 11241100x8000000000000000706348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07365481af5b4842023-02-07 15:15:25.848root 11241100x8000000000000000706347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485ef761f2681632023-02-07 15:15:25.848root 11241100x8000000000000000706346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f993f62c60845a2023-02-07 15:15:25.848root 11241100x8000000000000000706364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18f42e3b1034c582023-02-07 15:15:25.849root 11241100x8000000000000000706363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e96452eceb9d0912023-02-07 15:15:25.849root 11241100x8000000000000000706362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23f49bcc8b0b7842023-02-07 15:15:25.849root 11241100x8000000000000000706361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0dc3bdc8ea710c92023-02-07 15:15:25.849root 11241100x8000000000000000706360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0e60609f195ba62023-02-07 15:15:25.849root 11241100x8000000000000000706359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7667e49a6a67db492023-02-07 15:15:25.849root 11241100x8000000000000000706358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21001f094f66ef32023-02-07 15:15:25.849root 11241100x8000000000000000706369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7af5ad198e9f1c2023-02-07 15:15:25.850root 11241100x8000000000000000706368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f387e16746ca07d52023-02-07 15:15:25.850root 11241100x8000000000000000706367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd219370bf016892023-02-07 15:15:25.850root 11241100x8000000000000000706366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b29890af9a6f7d2023-02-07 15:15:25.850root 11241100x8000000000000000706365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:25.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da2647206cedf632023-02-07 15:15:25.850root 11241100x8000000000000000706380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d17aea158e44c72023-02-07 15:15:26.346root 11241100x8000000000000000706379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb590e742e3565462023-02-07 15:15:26.346root 11241100x8000000000000000706378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0533edd4adfdea062023-02-07 15:15:26.346root 11241100x8000000000000000706377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25ab37f4f9722592023-02-07 15:15:26.346root 11241100x8000000000000000706376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e2bd3ed15fd8032023-02-07 15:15:26.346root 11241100x8000000000000000706375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95284db0ab41e1a52023-02-07 15:15:26.346root 11241100x8000000000000000706374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487737c8460f59082023-02-07 15:15:26.346root 11241100x8000000000000000706373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57bcd24f30250dd2023-02-07 15:15:26.346root 11241100x8000000000000000706372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b445ab199ad67e2023-02-07 15:15:26.346root 11241100x8000000000000000706371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5e56064d9cd09f2023-02-07 15:15:26.346root 11241100x8000000000000000706370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a8d9dcdaaecbda2023-02-07 15:15:26.346root 11241100x8000000000000000706394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c359fd3bdf1b0a212023-02-07 15:15:26.347root 11241100x8000000000000000706393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6972b0c3d3120caf2023-02-07 15:15:26.347root 11241100x8000000000000000706392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3291bc782c0df6872023-02-07 15:15:26.347root 11241100x8000000000000000706391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039a05fd84f8e3a82023-02-07 15:15:26.347root 11241100x8000000000000000706390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a63e525f70efcf42023-02-07 15:15:26.347root 11241100x8000000000000000706389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950b08242a29170c2023-02-07 15:15:26.347root 11241100x8000000000000000706388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79520583352614f2023-02-07 15:15:26.347root 11241100x8000000000000000706387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6fa6cd7fd1dd872023-02-07 15:15:26.347root 11241100x8000000000000000706386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530bb3392e82da522023-02-07 15:15:26.347root 11241100x8000000000000000706385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1d3e3cb3bb34292023-02-07 15:15:26.347root 11241100x8000000000000000706384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd21222c99f4e2a02023-02-07 15:15:26.347root 11241100x8000000000000000706383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ee1208252078cf2023-02-07 15:15:26.347root 11241100x8000000000000000706382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95203f30255ffc622023-02-07 15:15:26.347root 11241100x8000000000000000706381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53513cf3fe8d54a2023-02-07 15:15:26.347root 11241100x8000000000000000706401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10e1742d7a37f932023-02-07 15:15:26.348root 11241100x8000000000000000706400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b13896316db00d2023-02-07 15:15:26.348root 11241100x8000000000000000706399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884fd68ba395082d2023-02-07 15:15:26.348root 11241100x8000000000000000706398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61520f6b3bfc5db2023-02-07 15:15:26.348root 11241100x8000000000000000706397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061023030b82e2392023-02-07 15:15:26.348root 11241100x8000000000000000706396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeec30ed1d653ca2023-02-07 15:15:26.348root 11241100x8000000000000000706395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4268107ac0b97e72023-02-07 15:15:26.348root 11241100x8000000000000000706406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d7e5c2f815afa92023-02-07 15:15:26.845root 11241100x8000000000000000706405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80fd31d66b140cd2023-02-07 15:15:26.845root 11241100x8000000000000000706404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24162898f2117cd52023-02-07 15:15:26.845root 11241100x8000000000000000706403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26286c8ca0ce28242023-02-07 15:15:26.845root 11241100x8000000000000000706402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450a12bbff3b8cb72023-02-07 15:15:26.845root 11241100x8000000000000000706415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751d53571339929b2023-02-07 15:15:26.846root 11241100x8000000000000000706414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27f2da4b52493432023-02-07 15:15:26.846root 11241100x8000000000000000706413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7839aaa4bd26e84a2023-02-07 15:15:26.846root 11241100x8000000000000000706412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12ff197ce34719c2023-02-07 15:15:26.846root 11241100x8000000000000000706411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f804d5d6dd83c6a2023-02-07 15:15:26.846root 11241100x8000000000000000706410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1bc4b4713e51d82023-02-07 15:15:26.846root 11241100x8000000000000000706409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5fd2d9414476aa2023-02-07 15:15:26.846root 11241100x8000000000000000706408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5afb2ca8187cbf2023-02-07 15:15:26.846root 11241100x8000000000000000706407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ae6decefda28682023-02-07 15:15:26.846root 11241100x8000000000000000706427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c96758aa60ee732023-02-07 15:15:26.847root 11241100x8000000000000000706426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da31b8a3f3711ea2023-02-07 15:15:26.847root 11241100x8000000000000000706425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26c584acf1afa352023-02-07 15:15:26.847root 11241100x8000000000000000706424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd99ca11d7358eb12023-02-07 15:15:26.847root 11241100x8000000000000000706423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916d19d996cf073c2023-02-07 15:15:26.847root 11241100x8000000000000000706422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c538f9f5eb0d96f2023-02-07 15:15:26.847root 11241100x8000000000000000706421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2f03088dfd75be2023-02-07 15:15:26.847root 11241100x8000000000000000706420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f856d544b477cae2023-02-07 15:15:26.847root 11241100x8000000000000000706419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d459d7797a8cc9032023-02-07 15:15:26.847root 11241100x8000000000000000706418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5f0b0f131c1ef42023-02-07 15:15:26.847root 11241100x8000000000000000706417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea5368f0f91e0892023-02-07 15:15:26.847root 11241100x8000000000000000706416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8937112d726ee7382023-02-07 15:15:26.847root 11241100x8000000000000000706441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae54f548c8b68f2023-02-07 15:15:26.848root 11241100x8000000000000000706440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375cbe1fd274a26d2023-02-07 15:15:26.848root 11241100x8000000000000000706439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5417cf758eb9eb282023-02-07 15:15:26.848root 11241100x8000000000000000706438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7094a57be0034162023-02-07 15:15:26.848root 11241100x8000000000000000706437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062b6400698097632023-02-07 15:15:26.848root 11241100x8000000000000000706436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2889ddb912c23af2023-02-07 15:15:26.848root 11241100x8000000000000000706435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2de898d6072ac62023-02-07 15:15:26.848root 11241100x8000000000000000706434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1c2c3cd46a0f882023-02-07 15:15:26.848root 11241100x8000000000000000706433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3738814036915852023-02-07 15:15:26.848root 11241100x8000000000000000706432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e81650388a4f9b12023-02-07 15:15:26.848root 11241100x8000000000000000706431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7e8844bef18b0f2023-02-07 15:15:26.848root 11241100x8000000000000000706430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64d9efb9984a24d2023-02-07 15:15:26.848root 11241100x8000000000000000706429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94c8d4e2cbc932a2023-02-07 15:15:26.848root 11241100x8000000000000000706428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5516b5344dba5d532023-02-07 15:15:26.848root 11241100x8000000000000000706444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ae3aed0b98a6b02023-02-07 15:15:26.849root 11241100x8000000000000000706443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad960f78e470b89a2023-02-07 15:15:26.849root 11241100x8000000000000000706442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:26.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cca6846d065ca2b2023-02-07 15:15:26.849root 11241100x8000000000000000706447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0907259ced45f6d72023-02-07 15:15:27.345root 11241100x8000000000000000706446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4221d6f959128ec82023-02-07 15:15:27.345root 11241100x8000000000000000706445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c3c4e71af7f1e42023-02-07 15:15:27.345root 11241100x8000000000000000706462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8680abd39a4c172023-02-07 15:15:27.346root 11241100x8000000000000000706461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f7728567c4aff22023-02-07 15:15:27.346root 11241100x8000000000000000706460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0564cc7347a478ab2023-02-07 15:15:27.346root 11241100x8000000000000000706459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb95de91f9ef578e2023-02-07 15:15:27.346root 11241100x8000000000000000706458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b54f8c7087d76b2023-02-07 15:15:27.346root 11241100x8000000000000000706457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8782da165655f22023-02-07 15:15:27.346root 11241100x8000000000000000706456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e268b0bb32603ea2023-02-07 15:15:27.346root 11241100x8000000000000000706455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73593d79739359d2023-02-07 15:15:27.346root 11241100x8000000000000000706454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652b6203ee73f7fa2023-02-07 15:15:27.346root 11241100x8000000000000000706453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cda2e0e82b38ab2023-02-07 15:15:27.346root 11241100x8000000000000000706452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67771763bc49e522023-02-07 15:15:27.346root 11241100x8000000000000000706451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ae44126605cfb62023-02-07 15:15:27.346root 11241100x8000000000000000706450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb2a3557714aad52023-02-07 15:15:27.346root 11241100x8000000000000000706449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4b94476c2e25c82023-02-07 15:15:27.346root 11241100x8000000000000000706448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b32791e92d2f7f2023-02-07 15:15:27.346root 11241100x8000000000000000706470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da60dbfe2bbde92023-02-07 15:15:27.347root 11241100x8000000000000000706469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0c839337fb5b822023-02-07 15:15:27.347root 11241100x8000000000000000706468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e19bc77f39d1e92023-02-07 15:15:27.347root 11241100x8000000000000000706467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f52676588e7f2c2023-02-07 15:15:27.347root 11241100x8000000000000000706466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a905f4a27215c1382023-02-07 15:15:27.347root 11241100x8000000000000000706465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea0769177c317d2023-02-07 15:15:27.347root 11241100x8000000000000000706464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10868d33624e034d2023-02-07 15:15:27.347root 11241100x8000000000000000706463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f95c5523dac77252023-02-07 15:15:27.347root 11241100x8000000000000000706475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0f56c5bdea49172023-02-07 15:15:27.348root 11241100x8000000000000000706474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e35c5e9804ba3d2023-02-07 15:15:27.348root 11241100x8000000000000000706473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b3af122d6171422023-02-07 15:15:27.348root 11241100x8000000000000000706472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0c96a6f33115fa2023-02-07 15:15:27.348root 11241100x8000000000000000706471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc564e127bca7702023-02-07 15:15:27.348root 11241100x8000000000000000706479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63760e452b97fa862023-02-07 15:15:27.349root 11241100x8000000000000000706478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac338a5990a3a592023-02-07 15:15:27.349root 11241100x8000000000000000706477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42574d73449423552023-02-07 15:15:27.349root 11241100x8000000000000000706476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4f5a16b0c331622023-02-07 15:15:27.349root 23542300x8000000000000000706480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000706485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcf429a36d914282023-02-07 15:15:27.732root 11241100x8000000000000000706484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc15c17299aa51f2023-02-07 15:15:27.732root 11241100x8000000000000000706483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d69eee502dc652b2023-02-07 15:15:27.732root 11241100x8000000000000000706482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0030a8443c00dcdd2023-02-07 15:15:27.732root 11241100x8000000000000000706481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecd9aa6b22bb7f52023-02-07 15:15:27.732root 11241100x8000000000000000706493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79334c951163be02023-02-07 15:15:27.733root 11241100x8000000000000000706492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fe4e3b3a88e19b2023-02-07 15:15:27.733root 11241100x8000000000000000706491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563f391b7cd6ac5e2023-02-07 15:15:27.733root 11241100x8000000000000000706490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04fa7ce024a3eb62023-02-07 15:15:27.733root 11241100x8000000000000000706489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bece843eda27ca382023-02-07 15:15:27.733root 11241100x8000000000000000706488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13a960083a3f19b2023-02-07 15:15:27.733root 11241100x8000000000000000706487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261953aeacda1752023-02-07 15:15:27.733root 11241100x8000000000000000706486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbf3e915e8f95502023-02-07 15:15:27.733root 11241100x8000000000000000706500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc20ddfe08af4312023-02-07 15:15:27.734root 11241100x8000000000000000706499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cc429b05db0d0d2023-02-07 15:15:27.734root 11241100x8000000000000000706498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ec65b2590202632023-02-07 15:15:27.734root 11241100x8000000000000000706497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e924e7122c0a7232023-02-07 15:15:27.734root 11241100x8000000000000000706496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ee7d84e1e384312023-02-07 15:15:27.734root 11241100x8000000000000000706495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511d73143455c50e2023-02-07 15:15:27.734root 11241100x8000000000000000706494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa772e5c9098eb692023-02-07 15:15:27.734root 11241100x8000000000000000706502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6aaf917c1367c42023-02-07 15:15:27.735root 11241100x8000000000000000706501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7164cbf85c32f72023-02-07 15:15:27.735root 11241100x8000000000000000706505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4183ca702b9d2a52023-02-07 15:15:27.736root 11241100x8000000000000000706504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd5670ef46c9ee32023-02-07 15:15:27.736root 11241100x8000000000000000706503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c3e6e0bd17f6362023-02-07 15:15:27.736root 11241100x8000000000000000706509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58632df3648b05a2023-02-07 15:15:27.737root 11241100x8000000000000000706508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a049e1f28cd0ca392023-02-07 15:15:27.737root 11241100x8000000000000000706507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9668273f2d2f65d2023-02-07 15:15:27.737root 11241100x8000000000000000706506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b91da72ce189bf92023-02-07 15:15:27.737root 11241100x8000000000000000706514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b954cb1748e3a4712023-02-07 15:15:27.738root 11241100x8000000000000000706513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a38d5741838e2c2023-02-07 15:15:27.738root 11241100x8000000000000000706512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702656788c9482fb2023-02-07 15:15:27.738root 11241100x8000000000000000706511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034a37991128d4112023-02-07 15:15:27.738root 11241100x8000000000000000706510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f08bd33b9dbea72023-02-07 15:15:27.738root 11241100x8000000000000000706519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d213f218c5274c2023-02-07 15:15:27.740root 11241100x8000000000000000706518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d1682043fe4a4e2023-02-07 15:15:27.740root 11241100x8000000000000000706517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2d96fe45223ea02023-02-07 15:15:27.740root 11241100x8000000000000000706516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b782f15fefd6d02023-02-07 15:15:27.740root 11241100x8000000000000000706515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998325fcb1c154392023-02-07 15:15:27.740root 11241100x8000000000000000706521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c621cd2e1bb8a5ed2023-02-07 15:15:27.741root 11241100x8000000000000000706520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0710b0309138af82023-02-07 15:15:27.741root 11241100x8000000000000000706525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc777d2b9faaab02023-02-07 15:15:27.742root 11241100x8000000000000000706524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a17ac9adf37e762023-02-07 15:15:27.742root 11241100x8000000000000000706523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d56d6759ec6ab2023-02-07 15:15:27.742root 11241100x8000000000000000706522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15435d8e410c8a3a2023-02-07 15:15:27.742root 11241100x8000000000000000706527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeac2d0fa9058c92023-02-07 15:15:27.743root 11241100x8000000000000000706526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d29d21ee97d71bd2023-02-07 15:15:27.743root 11241100x8000000000000000706530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.744{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de312dd83eb510b2023-02-07 15:15:27.744root 11241100x8000000000000000706529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.744{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a425b337331a922023-02-07 15:15:27.744root 11241100x8000000000000000706528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.744{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4e8c4d93e7dc282023-02-07 15:15:27.744root 11241100x8000000000000000706531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538e97c9c82ad0802023-02-07 15:15:27.745root 11241100x8000000000000000706536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ff7e4ffd9da2d2023-02-07 15:15:27.746root 11241100x8000000000000000706535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf73055627d4c41d2023-02-07 15:15:27.746root 11241100x8000000000000000706534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bd2fa810d1c2da2023-02-07 15:15:27.746root 11241100x8000000000000000706533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f428af8bd33e81252023-02-07 15:15:27.746root 11241100x8000000000000000706532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af34c5f4a23dd64c2023-02-07 15:15:27.746root 11241100x8000000000000000706540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fb4966f8237ad72023-02-07 15:15:27.747root 11241100x8000000000000000706539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c04d75d193b50e2023-02-07 15:15:27.747root 11241100x8000000000000000706538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5262d09f1a03b2023-02-07 15:15:27.747root 11241100x8000000000000000706537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abebdb29aea5bb2d2023-02-07 15:15:27.747root 11241100x8000000000000000706546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ada37dff3fef242023-02-07 15:15:27.748root 11241100x8000000000000000706545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0e82c4cd2b54142023-02-07 15:15:27.748root 11241100x8000000000000000706544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e29f8c576fcad2023-02-07 15:15:27.748root 11241100x8000000000000000706543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6ee7825570f25e2023-02-07 15:15:27.748root 11241100x8000000000000000706542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6090fcc243b7edfe2023-02-07 15:15:27.748root 11241100x8000000000000000706541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633997f022d276202023-02-07 15:15:27.748root 11241100x8000000000000000706559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d26d1f8fd046072023-02-07 15:15:27.749root 11241100x8000000000000000706558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879df8531a1f66c92023-02-07 15:15:27.749root 11241100x8000000000000000706557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bab76018639e162023-02-07 15:15:27.749root 11241100x8000000000000000706556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039fa9b9d2efa0562023-02-07 15:15:27.749root 11241100x8000000000000000706555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae615c20d5778c532023-02-07 15:15:27.749root 11241100x8000000000000000706554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a611281428100b722023-02-07 15:15:27.749root 11241100x8000000000000000706553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01513db61a1bef0f2023-02-07 15:15:27.749root 11241100x8000000000000000706552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be2d98a797cd3122023-02-07 15:15:27.749root 11241100x8000000000000000706551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02c1f828bf2fe842023-02-07 15:15:27.749root 11241100x8000000000000000706550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e751d77770f3ea022023-02-07 15:15:27.749root 11241100x8000000000000000706549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e13181dc3859162023-02-07 15:15:27.749root 11241100x8000000000000000706548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9abf98e4c14fd92023-02-07 15:15:27.749root 11241100x8000000000000000706547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755af5b8185d40772023-02-07 15:15:27.749root 11241100x8000000000000000706565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92f81af08065312023-02-07 15:15:27.750root 11241100x8000000000000000706564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4d333421e9ffa2023-02-07 15:15:27.750root 11241100x8000000000000000706563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aee97320647ebf12023-02-07 15:15:27.750root 11241100x8000000000000000706562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475905b0ad8633a72023-02-07 15:15:27.750root 11241100x8000000000000000706561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db7a4f3db6a190a2023-02-07 15:15:27.750root 11241100x8000000000000000706560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:27.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a70d9ff142240ca2023-02-07 15:15:27.750root 11241100x8000000000000000706570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55568f42d2a48b22023-02-07 15:15:28.095root 11241100x8000000000000000706569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b83eef435a679ed2023-02-07 15:15:28.095root 11241100x8000000000000000706568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2a0650c512baf72023-02-07 15:15:28.095root 11241100x8000000000000000706567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe791cbe7d7a70c32023-02-07 15:15:28.095root 11241100x8000000000000000706566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecf1b537c5c34792023-02-07 15:15:28.095root 11241100x8000000000000000706579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948105919e150c9b2023-02-07 15:15:28.096root 11241100x8000000000000000706578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935ae371688e6c382023-02-07 15:15:28.096root 11241100x8000000000000000706577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53151f18efc3104e2023-02-07 15:15:28.096root 11241100x8000000000000000706576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0a2ebc040605f22023-02-07 15:15:28.096root 11241100x8000000000000000706575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff7f26fa7c5ba282023-02-07 15:15:28.096root 11241100x8000000000000000706574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6277c17448e905e2023-02-07 15:15:28.096root 11241100x8000000000000000706573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7cb0ad8b2305ff2023-02-07 15:15:28.096root 11241100x8000000000000000706572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff04b1b750a7d85a2023-02-07 15:15:28.096root 11241100x8000000000000000706571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adb66a5d694a9bd2023-02-07 15:15:28.096root 11241100x8000000000000000706589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5693512be63bfbb12023-02-07 15:15:28.097root 11241100x8000000000000000706588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301092ef48a306d22023-02-07 15:15:28.097root 11241100x8000000000000000706587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00acc6d3e428b3002023-02-07 15:15:28.097root 11241100x8000000000000000706586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454b62534901fe822023-02-07 15:15:28.097root 11241100x8000000000000000706585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76200913f6e26bc62023-02-07 15:15:28.097root 11241100x8000000000000000706584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d58c61cda7b1052023-02-07 15:15:28.097root 11241100x8000000000000000706583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7a8f02169078ec2023-02-07 15:15:28.097root 11241100x8000000000000000706582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a262640dc24b792023-02-07 15:15:28.097root 11241100x8000000000000000706581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2cb0411fd0c66e2023-02-07 15:15:28.097root 11241100x8000000000000000706580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b844fac28f9c5fd2023-02-07 15:15:28.097root 11241100x8000000000000000706600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2f98247e6de5722023-02-07 15:15:28.098root 11241100x8000000000000000706599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c167d2af3829ab2023-02-07 15:15:28.098root 11241100x8000000000000000706598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cebdeaa2013f892023-02-07 15:15:28.098root 11241100x8000000000000000706597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c96b6e098fc2732023-02-07 15:15:28.098root 11241100x8000000000000000706596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd040c0261b474162023-02-07 15:15:28.098root 11241100x8000000000000000706595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b275a8d212490dc2023-02-07 15:15:28.098root 11241100x8000000000000000706594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897156b39a10e06c2023-02-07 15:15:28.098root 11241100x8000000000000000706593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea9caa900eb14f12023-02-07 15:15:28.098root 11241100x8000000000000000706592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8a236fb1ba47a22023-02-07 15:15:28.098root 11241100x8000000000000000706591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29efebf00afa968d2023-02-07 15:15:28.098root 11241100x8000000000000000706590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f154548bb2df0752023-02-07 15:15:28.098root 11241100x8000000000000000706610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad37c58259137072023-02-07 15:15:28.099root 11241100x8000000000000000706609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda6b41e5f1535582023-02-07 15:15:28.099root 11241100x8000000000000000706608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90da425e96d82c12023-02-07 15:15:28.099root 11241100x8000000000000000706607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a14c5f48b367ad2023-02-07 15:15:28.099root 11241100x8000000000000000706606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d6ccebbde105012023-02-07 15:15:28.099root 11241100x8000000000000000706605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfa2103bfa2e0a02023-02-07 15:15:28.099root 11241100x8000000000000000706604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327ee25e05e68bfc2023-02-07 15:15:28.099root 11241100x8000000000000000706603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d613caf2f00d7b3d2023-02-07 15:15:28.099root 11241100x8000000000000000706602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6567a143362dec2023-02-07 15:15:28.099root 11241100x8000000000000000706601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59c8e4ef5f9b8372023-02-07 15:15:28.099root 11241100x8000000000000000706620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599fb391917654902023-02-07 15:15:28.100root 11241100x8000000000000000706619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d64a5ba096fd3e2023-02-07 15:15:28.100root 11241100x8000000000000000706618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed632137bfcd5fc2023-02-07 15:15:28.100root 11241100x8000000000000000706617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581c35190988fbaa2023-02-07 15:15:28.100root 11241100x8000000000000000706616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1052018e3a527fe2023-02-07 15:15:28.100root 11241100x8000000000000000706615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604103e8f377a6ca2023-02-07 15:15:28.100root 11241100x8000000000000000706614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a157d7edb12322023-02-07 15:15:28.100root 11241100x8000000000000000706613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c878982fee643f2023-02-07 15:15:28.100root 11241100x8000000000000000706612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1470d3b90aff072023-02-07 15:15:28.100root 11241100x8000000000000000706611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f566e5710e4c9bb2023-02-07 15:15:28.100root 11241100x8000000000000000706628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51263bf04c3d34932023-02-07 15:15:28.101root 11241100x8000000000000000706627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cf98745a70b0822023-02-07 15:15:28.101root 11241100x8000000000000000706626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bc0ddccb8a1d8f2023-02-07 15:15:28.101root 11241100x8000000000000000706625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd9827b597a3e0b2023-02-07 15:15:28.101root 11241100x8000000000000000706624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aadadbc5b2bd742023-02-07 15:15:28.101root 11241100x8000000000000000706623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef3f0d879a52c92023-02-07 15:15:28.101root 11241100x8000000000000000706622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f156d0d3ebbb572023-02-07 15:15:28.101root 11241100x8000000000000000706621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c223db1d7641f3302023-02-07 15:15:28.101root 11241100x8000000000000000706632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b4bf0ada29bbc2023-02-07 15:15:28.595root 11241100x8000000000000000706631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c5faa30e26c5922023-02-07 15:15:28.595root 11241100x8000000000000000706630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7607da007992d2023-02-07 15:15:28.595root 11241100x8000000000000000706629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17402fc318862fa62023-02-07 15:15:28.595root 11241100x8000000000000000706642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d28cf2a1d62c8ac2023-02-07 15:15:28.596root 11241100x8000000000000000706641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949e3f6cb9e60ed22023-02-07 15:15:28.596root 11241100x8000000000000000706640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a36be2ec1f0046c2023-02-07 15:15:28.596root 11241100x8000000000000000706639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a96894be8f49c82023-02-07 15:15:28.596root 11241100x8000000000000000706638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45af716575958062023-02-07 15:15:28.596root 11241100x8000000000000000706637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b3ac2f081a30a2023-02-07 15:15:28.596root 11241100x8000000000000000706636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dcab35fad9efd12023-02-07 15:15:28.596root 11241100x8000000000000000706635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c581d3eed59de62023-02-07 15:15:28.596root 11241100x8000000000000000706634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d0a0dd512142362023-02-07 15:15:28.596root 11241100x8000000000000000706633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b517cb66f8b0f2023-02-07 15:15:28.596root 11241100x8000000000000000706653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfbd0434530cbd82023-02-07 15:15:28.597root 11241100x8000000000000000706652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be25bd0441526902023-02-07 15:15:28.597root 11241100x8000000000000000706651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873c88d02aad9fd92023-02-07 15:15:28.597root 11241100x8000000000000000706650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598334a3d30fffc42023-02-07 15:15:28.597root 11241100x8000000000000000706649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c65c3fa8c8a73d2023-02-07 15:15:28.597root 11241100x8000000000000000706648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3d3be4832bbfa22023-02-07 15:15:28.597root 11241100x8000000000000000706647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa6de884cc720c02023-02-07 15:15:28.597root 11241100x8000000000000000706646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12618bef34070162023-02-07 15:15:28.597root 11241100x8000000000000000706645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f626611910f3922023-02-07 15:15:28.597root 11241100x8000000000000000706644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b52771bb996ce4c2023-02-07 15:15:28.597root 11241100x8000000000000000706643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109cf8f141b7d7fb2023-02-07 15:15:28.597root 11241100x8000000000000000706661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e8b1d82a32e14f2023-02-07 15:15:28.598root 11241100x8000000000000000706660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6459886dd2ee7b52023-02-07 15:15:28.598root 11241100x8000000000000000706659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04424e2b5d1e9b152023-02-07 15:15:28.598root 11241100x8000000000000000706658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3f9f42bf9d31382023-02-07 15:15:28.598root 11241100x8000000000000000706657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a0b471d2b44a752023-02-07 15:15:28.598root 11241100x8000000000000000706656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33d5149922d4c9b2023-02-07 15:15:28.598root 11241100x8000000000000000706655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60f42da9ef303c02023-02-07 15:15:28.598root 11241100x8000000000000000706654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bdd5d85f8ad18a2023-02-07 15:15:28.598root 11241100x8000000000000000706671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed13663eb5f916382023-02-07 15:15:28.599root 11241100x8000000000000000706670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec21d145d0fa90482023-02-07 15:15:28.599root 11241100x8000000000000000706669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab05c93e90f3f2bd2023-02-07 15:15:28.599root 11241100x8000000000000000706668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0424f4dd87a18822023-02-07 15:15:28.599root 11241100x8000000000000000706667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914819b892cd0a002023-02-07 15:15:28.599root 11241100x8000000000000000706666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9853df7a074ccc212023-02-07 15:15:28.599root 11241100x8000000000000000706665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94427da5da4fe1292023-02-07 15:15:28.599root 11241100x8000000000000000706664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f28ab3d618b18392023-02-07 15:15:28.599root 11241100x8000000000000000706663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b11cc8b9605c532023-02-07 15:15:28.599root 11241100x8000000000000000706662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa951af63cec4842023-02-07 15:15:28.599root 11241100x8000000000000000706679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e10bde67589e442023-02-07 15:15:28.600root 11241100x8000000000000000706678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ba9f20195360402023-02-07 15:15:28.600root 11241100x8000000000000000706677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6095894fa10d6f7d2023-02-07 15:15:28.600root 11241100x8000000000000000706676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34448b602772a3482023-02-07 15:15:28.600root 11241100x8000000000000000706675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea86785ad41b2cdc2023-02-07 15:15:28.600root 11241100x8000000000000000706674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae0a312b2c62d52023-02-07 15:15:28.600root 11241100x8000000000000000706673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56eac96be4c1cf2023-02-07 15:15:28.600root 11241100x8000000000000000706672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ad75cb965d62b12023-02-07 15:15:28.600root 11241100x8000000000000000706683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873186708b664e4f2023-02-07 15:15:28.601root 11241100x8000000000000000706682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f250c671fe8191a2023-02-07 15:15:28.601root 11241100x8000000000000000706681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dacf9160db879a2023-02-07 15:15:28.601root 11241100x8000000000000000706680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de9f5b5379ea83b2023-02-07 15:15:28.601root 11241100x8000000000000000706684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:28.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fd748417f8b77c2023-02-07 15:15:28.602root 11241100x8000000000000000706686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aea7823a634da62023-02-07 15:15:29.095root 11241100x8000000000000000706685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb7b3a584ff18502023-02-07 15:15:29.095root 11241100x8000000000000000706690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef49976b1002ec862023-02-07 15:15:29.096root 11241100x8000000000000000706689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d179defd5f78f7e2023-02-07 15:15:29.096root 11241100x8000000000000000706688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040fa46c41edb6122023-02-07 15:15:29.096root 11241100x8000000000000000706687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1e47a62a2a82312023-02-07 15:15:29.096root 11241100x8000000000000000706692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17057c88ceed23dd2023-02-07 15:15:29.097root 11241100x8000000000000000706691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbcd3cf3957f9182023-02-07 15:15:29.097root 11241100x8000000000000000706699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3571e3a36015c872023-02-07 15:15:29.098root 11241100x8000000000000000706698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bddfa820e1f49d32023-02-07 15:15:29.098root 11241100x8000000000000000706697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e4de7569610c282023-02-07 15:15:29.098root 11241100x8000000000000000706696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f0dcfb063830342023-02-07 15:15:29.098root 11241100x8000000000000000706695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fccc03a272ad762023-02-07 15:15:29.098root 11241100x8000000000000000706694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61430e5d0ccf1de42023-02-07 15:15:29.098root 11241100x8000000000000000706693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba36450043f1eaf2023-02-07 15:15:29.098root 11241100x8000000000000000706706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360502d78464fda62023-02-07 15:15:29.099root 11241100x8000000000000000706705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5be3e9bf2869bf2023-02-07 15:15:29.099root 11241100x8000000000000000706704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c896315853e2d912023-02-07 15:15:29.099root 11241100x8000000000000000706703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efb1248aed695d22023-02-07 15:15:29.099root 11241100x8000000000000000706702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1872a65302bf0c92023-02-07 15:15:29.099root 11241100x8000000000000000706701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6368aca4434fd1b32023-02-07 15:15:29.099root 11241100x8000000000000000706700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11999e8383a2a2192023-02-07 15:15:29.099root 11241100x8000000000000000706716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a165b3d1110b919f2023-02-07 15:15:29.100root 11241100x8000000000000000706715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a240036fce41ed8f2023-02-07 15:15:29.100root 11241100x8000000000000000706714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e385721e8912a92023-02-07 15:15:29.100root 11241100x8000000000000000706713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab951b1c385811b2023-02-07 15:15:29.100root 11241100x8000000000000000706712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c56c9b53ed018702023-02-07 15:15:29.100root 11241100x8000000000000000706711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65681c74035467892023-02-07 15:15:29.100root 11241100x8000000000000000706710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303efce4fa275ee32023-02-07 15:15:29.100root 11241100x8000000000000000706709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e81f5bd4fdef62023-02-07 15:15:29.100root 11241100x8000000000000000706708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67edc27bc34037bd2023-02-07 15:15:29.100root 11241100x8000000000000000706707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192d241b0fd978582023-02-07 15:15:29.100root 11241100x8000000000000000706722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c051eb16d797e0492023-02-07 15:15:29.101root 11241100x8000000000000000706721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3fecf21e5773d32023-02-07 15:15:29.101root 11241100x8000000000000000706720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148d1be1f11a88202023-02-07 15:15:29.101root 11241100x8000000000000000706719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bee8809d6a0d5b2023-02-07 15:15:29.101root 11241100x8000000000000000706718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb875148552538212023-02-07 15:15:29.101root 11241100x8000000000000000706717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b7afe4b2243dbf2023-02-07 15:15:29.101root 11241100x8000000000000000706727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b556ca5653b7b3752023-02-07 15:15:29.595root 11241100x8000000000000000706726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bd96963f1e26fc2023-02-07 15:15:29.595root 11241100x8000000000000000706725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285423fdbb42f8742023-02-07 15:15:29.595root 11241100x8000000000000000706724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fab27239df4d8dd2023-02-07 15:15:29.595root 11241100x8000000000000000706723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3605026d2a3f430e2023-02-07 15:15:29.595root 11241100x8000000000000000706737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656778f32a343a9e2023-02-07 15:15:29.596root 11241100x8000000000000000706736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eb05fe863810cd2023-02-07 15:15:29.596root 11241100x8000000000000000706735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2e9a45701582e22023-02-07 15:15:29.596root 11241100x8000000000000000706734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f04474e634f449c2023-02-07 15:15:29.596root 11241100x8000000000000000706733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc932b0afbc182b62023-02-07 15:15:29.596root 11241100x8000000000000000706732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d99cf1d0ba9ba22023-02-07 15:15:29.596root 11241100x8000000000000000706731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f96aa6c23edf152023-02-07 15:15:29.596root 11241100x8000000000000000706730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108a3e6cfb0461ad2023-02-07 15:15:29.596root 11241100x8000000000000000706729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc1548674f6cf642023-02-07 15:15:29.596root 11241100x8000000000000000706728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c95a9a386ee90352023-02-07 15:15:29.596root 11241100x8000000000000000706743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdebe79ad2aca4e2023-02-07 15:15:29.597root 11241100x8000000000000000706742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd20b05b40b1b45e2023-02-07 15:15:29.597root 11241100x8000000000000000706741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7d243496d8df1d2023-02-07 15:15:29.597root 11241100x8000000000000000706740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5951ad9e1a035f12023-02-07 15:15:29.597root 11241100x8000000000000000706739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc35857580e3a462023-02-07 15:15:29.597root 11241100x8000000000000000706738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1228b8d2865567a32023-02-07 15:15:29.597root 11241100x8000000000000000706751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b12ee7369b643f22023-02-07 15:15:29.598root 11241100x8000000000000000706750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b6a015a96f4c42023-02-07 15:15:29.598root 11241100x8000000000000000706749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77139d475355ea012023-02-07 15:15:29.598root 11241100x8000000000000000706748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927f5b702fbef752023-02-07 15:15:29.598root 11241100x8000000000000000706747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa32f27875ebb6102023-02-07 15:15:29.598root 11241100x8000000000000000706746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647a332140fa2ff2023-02-07 15:15:29.598root 11241100x8000000000000000706745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be525888dbea8fec2023-02-07 15:15:29.598root 11241100x8000000000000000706744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a3774b2936ed672023-02-07 15:15:29.598root 11241100x8000000000000000706758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a913cf4bf45902023-02-07 15:15:29.599root 11241100x8000000000000000706757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488d0597f1fdbb162023-02-07 15:15:29.599root 11241100x8000000000000000706756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845d6a2328765d992023-02-07 15:15:29.599root 11241100x8000000000000000706755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d5255f7d572262023-02-07 15:15:29.599root 11241100x8000000000000000706754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219f35e5030a1b5c2023-02-07 15:15:29.599root 11241100x8000000000000000706753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd6d0c6e84d9a542023-02-07 15:15:29.599root 11241100x8000000000000000706752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f0dc9cbd692ae2023-02-07 15:15:29.599root 11241100x8000000000000000706765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9764e7f7361eff9b2023-02-07 15:15:29.600root 11241100x8000000000000000706764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080b22e199bd63e32023-02-07 15:15:29.600root 11241100x8000000000000000706763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8d2b7c9c86020c2023-02-07 15:15:29.600root 11241100x8000000000000000706762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e348e403f5f5ee862023-02-07 15:15:29.600root 11241100x8000000000000000706761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98669ebd22a9335d2023-02-07 15:15:29.600root 11241100x8000000000000000706760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a710f50addb9282023-02-07 15:15:29.600root 11241100x8000000000000000706759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18bdba58430ac672023-02-07 15:15:29.600root 11241100x8000000000000000706768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8ca401b9ba06092023-02-07 15:15:29.601root 11241100x8000000000000000706767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03ab4c9c9f464f82023-02-07 15:15:29.601root 11241100x8000000000000000706766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2fa1cd1465f8692023-02-07 15:15:29.601root 11241100x8000000000000000706773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82081dcb34f7f7882023-02-07 15:15:29.602root 11241100x8000000000000000706772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b26ffcce6c64be2023-02-07 15:15:29.602root 11241100x8000000000000000706771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4ea44907935b022023-02-07 15:15:29.602root 11241100x8000000000000000706770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4356dbb239d3f2f22023-02-07 15:15:29.602root 11241100x8000000000000000706769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:29.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58ecdf8fd5ad5d12023-02-07 15:15:29.602root 11241100x8000000000000000706778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57798361e9ff1ae2023-02-07 15:15:30.095root 11241100x8000000000000000706777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9f7c74aaf2ba092023-02-07 15:15:30.095root 11241100x8000000000000000706776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651dd49bd69080962023-02-07 15:15:30.095root 11241100x8000000000000000706775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d563a934a1b3c26f2023-02-07 15:15:30.095root 11241100x8000000000000000706774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69582377fc9a205d2023-02-07 15:15:30.095root 11241100x8000000000000000706786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c7179ba9dad0e32023-02-07 15:15:30.096root 11241100x8000000000000000706785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067501a39e0dacce2023-02-07 15:15:30.096root 11241100x8000000000000000706784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293b64ef986f3d482023-02-07 15:15:30.096root 11241100x8000000000000000706783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e4c46c396d4e2b2023-02-07 15:15:30.096root 11241100x8000000000000000706782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5694ea46af542ad2023-02-07 15:15:30.096root 11241100x8000000000000000706781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348a623fd952ce262023-02-07 15:15:30.096root 11241100x8000000000000000706780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2378e785575d61a32023-02-07 15:15:30.096root 11241100x8000000000000000706779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e166f10442d3085f2023-02-07 15:15:30.096root 11241100x8000000000000000706788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6100f2c240f7282023-02-07 15:15:30.097root 11241100x8000000000000000706787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1043e4eed7e2d57f2023-02-07 15:15:30.097root 11241100x8000000000000000706791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a685e6784a9d7e2023-02-07 15:15:30.098root 11241100x8000000000000000706790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8481e4537e87b0fa2023-02-07 15:15:30.098root 11241100x8000000000000000706789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d9386996d0adfc2023-02-07 15:15:30.098root 11241100x8000000000000000706794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152025fe321867422023-02-07 15:15:30.099root 11241100x8000000000000000706793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6449246dad266a3f2023-02-07 15:15:30.099root 11241100x8000000000000000706792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92889df95a308b7a2023-02-07 15:15:30.099root 11241100x8000000000000000706802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33f7f5c6549e1702023-02-07 15:15:30.100root 11241100x8000000000000000706801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86386bf50492352023-02-07 15:15:30.100root 11241100x8000000000000000706800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d45cf09563efd32023-02-07 15:15:30.100root 11241100x8000000000000000706799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d9d1bdf77fc51a2023-02-07 15:15:30.100root 11241100x8000000000000000706798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8602305a18526732023-02-07 15:15:30.100root 11241100x8000000000000000706797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca286bc30a521e2023-02-07 15:15:30.100root 11241100x8000000000000000706796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75df0b4d99045bed2023-02-07 15:15:30.100root 11241100x8000000000000000706795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5637d11fb5efbfd2023-02-07 15:15:30.100root 11241100x8000000000000000706809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6cba91248f44022023-02-07 15:15:30.101root 11241100x8000000000000000706808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeed50a67800ab802023-02-07 15:15:30.101root 11241100x8000000000000000706807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083205139757489b2023-02-07 15:15:30.101root 11241100x8000000000000000706806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f728876d1977812023-02-07 15:15:30.101root 11241100x8000000000000000706805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e0b6495f452ad42023-02-07 15:15:30.101root 11241100x8000000000000000706804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdae9bb7303345f2023-02-07 15:15:30.101root 11241100x8000000000000000706803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7993389a451b1eca2023-02-07 15:15:30.101root 11241100x8000000000000000706818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392e00891d6e8c852023-02-07 15:15:30.102root 11241100x8000000000000000706817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd46f18790b5c17c2023-02-07 15:15:30.102root 11241100x8000000000000000706816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6857c30dd0350c2023-02-07 15:15:30.102root 11241100x8000000000000000706815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee1c7f8515c73d82023-02-07 15:15:30.102root 11241100x8000000000000000706814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027e1178176d23102023-02-07 15:15:30.102root 11241100x8000000000000000706813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bdecc25d4b7a652023-02-07 15:15:30.102root 11241100x8000000000000000706812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7edeb1e11af8872023-02-07 15:15:30.102root 11241100x8000000000000000706811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5598e1ba05c02e752023-02-07 15:15:30.102root 11241100x8000000000000000706810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e94a64c44eff372023-02-07 15:15:30.102root 11241100x8000000000000000706824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986d22a5f317266d2023-02-07 15:15:30.103root 11241100x8000000000000000706823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd1892e4058d1552023-02-07 15:15:30.103root 11241100x8000000000000000706822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c0c51c7d7e5d262023-02-07 15:15:30.103root 11241100x8000000000000000706821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8a9cbecc3d7fd02023-02-07 15:15:30.103root 11241100x8000000000000000706820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21465dde59c634f72023-02-07 15:15:30.103root 11241100x8000000000000000706819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9da173052abadf2023-02-07 15:15:30.103root 11241100x8000000000000000706825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd979e12341d53b2023-02-07 15:15:30.104root 11241100x8000000000000000706828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e173ddafb4bde5a22023-02-07 15:15:30.105root 11241100x8000000000000000706827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d178893fac1d25a92023-02-07 15:15:30.105root 11241100x8000000000000000706826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6872615543f2db2023-02-07 15:15:30.105root 11241100x8000000000000000706834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b327d606c60280322023-02-07 15:15:30.595root 11241100x8000000000000000706833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a1e5af325647722023-02-07 15:15:30.595root 11241100x8000000000000000706832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0484a8bbadb60cdc2023-02-07 15:15:30.595root 11241100x8000000000000000706831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba4d1e1dce49fcf2023-02-07 15:15:30.595root 11241100x8000000000000000706830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544c4771774ef94c2023-02-07 15:15:30.595root 11241100x8000000000000000706829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f3da0326c2cfe42023-02-07 15:15:30.595root 11241100x8000000000000000706844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d46864991a9bcce2023-02-07 15:15:30.596root 11241100x8000000000000000706843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84f1a641ecba3b72023-02-07 15:15:30.596root 11241100x8000000000000000706842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c04280ab95e7ace2023-02-07 15:15:30.596root 11241100x8000000000000000706841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d9a7341940ef902023-02-07 15:15:30.596root 11241100x8000000000000000706840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037721bc234ed6852023-02-07 15:15:30.596root 11241100x8000000000000000706839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddea29961a5015542023-02-07 15:15:30.596root 11241100x8000000000000000706838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d6705a52095ef2023-02-07 15:15:30.596root 11241100x8000000000000000706837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1ea6a35711c6342023-02-07 15:15:30.596root 11241100x8000000000000000706836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518024f50ad8618c2023-02-07 15:15:30.596root 11241100x8000000000000000706835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1582ed454988fae92023-02-07 15:15:30.596root 11241100x8000000000000000706854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbca15d054963322023-02-07 15:15:30.597root 11241100x8000000000000000706853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e23610bd80200192023-02-07 15:15:30.597root 11241100x8000000000000000706852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44d9b2aae837da52023-02-07 15:15:30.597root 11241100x8000000000000000706851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e1fc3738c28e4f2023-02-07 15:15:30.597root 11241100x8000000000000000706850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34faa0af334232e82023-02-07 15:15:30.597root 11241100x8000000000000000706849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc1335decb3ccfe2023-02-07 15:15:30.597root 11241100x8000000000000000706848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3e65308e91a3782023-02-07 15:15:30.597root 11241100x8000000000000000706847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5a35f9e227e5cb2023-02-07 15:15:30.597root 11241100x8000000000000000706846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c25ac7903231fb82023-02-07 15:15:30.597root 11241100x8000000000000000706845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4bb9f277b577ac2023-02-07 15:15:30.597root 11241100x8000000000000000706861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe563830067bb112023-02-07 15:15:30.598root 11241100x8000000000000000706860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d8500a9c09c68a2023-02-07 15:15:30.598root 11241100x8000000000000000706859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913687049698ebff2023-02-07 15:15:30.598root 11241100x8000000000000000706858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3ee522d07c473a2023-02-07 15:15:30.598root 11241100x8000000000000000706857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b197444176e77d8b2023-02-07 15:15:30.598root 11241100x8000000000000000706856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc1053aeb3e86302023-02-07 15:15:30.598root 11241100x8000000000000000706855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df95666c22fede22023-02-07 15:15:30.598root 354300x8000000000000000706862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.043{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44742-false10.0.1.12-8000- 11241100x8000000000000000706863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.044{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541a5698363dda2b2023-02-07 15:15:31.044root 11241100x8000000000000000706869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e02920d03e7bcf2023-02-07 15:15:31.045root 11241100x8000000000000000706868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f070d558016c334b2023-02-07 15:15:31.045root 11241100x8000000000000000706867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca722f784bef81862023-02-07 15:15:31.045root 11241100x8000000000000000706866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40d0c94b7a320e52023-02-07 15:15:31.045root 11241100x8000000000000000706865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7136f23061aa0b172023-02-07 15:15:31.045root 11241100x8000000000000000706864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.045{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea9d47f8a49dbe82023-02-07 15:15:31.045root 11241100x8000000000000000706873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cf8b6c109c8e1d2023-02-07 15:15:31.046root 11241100x8000000000000000706872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0256dfbf0aa7fba22023-02-07 15:15:31.046root 11241100x8000000000000000706871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5124f760cca72f42023-02-07 15:15:31.046root 11241100x8000000000000000706870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ead9114735542d2023-02-07 15:15:31.046root 11241100x8000000000000000706875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7280b89dbc52bc2023-02-07 15:15:31.048root 11241100x8000000000000000706874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8530c426cd09962023-02-07 15:15:31.048root 11241100x8000000000000000706879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4165b4f4b18bcd512023-02-07 15:15:31.049root 11241100x8000000000000000706878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768e309da8bd18b32023-02-07 15:15:31.049root 11241100x8000000000000000706877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b416cfb01ad63b42023-02-07 15:15:31.049root 11241100x8000000000000000706876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfd215c45d3aa7c2023-02-07 15:15:31.049root 11241100x8000000000000000706891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47277e5c55469c262023-02-07 15:15:31.050root 11241100x8000000000000000706890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642489358d344f172023-02-07 15:15:31.050root 11241100x8000000000000000706889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33d75b3b26dd4f62023-02-07 15:15:31.050root 11241100x8000000000000000706888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd54ee33169a91d52023-02-07 15:15:31.050root 11241100x8000000000000000706887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07baac4aeb209962023-02-07 15:15:31.050root 11241100x8000000000000000706886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2f5ebc3d9a53562023-02-07 15:15:31.050root 11241100x8000000000000000706885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a75d5dab61177a2023-02-07 15:15:31.050root 11241100x8000000000000000706884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e76861847ef92d2023-02-07 15:15:31.050root 11241100x8000000000000000706883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fb5436304071be2023-02-07 15:15:31.050root 11241100x8000000000000000706882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d81e401428709a82023-02-07 15:15:31.050root 11241100x8000000000000000706881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da44877fdd0f6bc2023-02-07 15:15:31.050root 11241100x8000000000000000706880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3d87377dd594182023-02-07 15:15:31.050root 11241100x8000000000000000706892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2579d239c6b368312023-02-07 15:15:31.051root 11241100x8000000000000000706895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dd0315ca0eae322023-02-07 15:15:31.052root 11241100x8000000000000000706894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c28afd8b3dbad2023-02-07 15:15:31.052root 11241100x8000000000000000706893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b12700cf5353b42023-02-07 15:15:31.052root 11241100x8000000000000000706901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c187f7f05b2da2023-02-07 15:15:31.053root 11241100x8000000000000000706900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5af8e420d28a962023-02-07 15:15:31.053root 11241100x8000000000000000706899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea4a322ff4145932023-02-07 15:15:31.053root 11241100x8000000000000000706898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfc01b45a109c542023-02-07 15:15:31.053root 11241100x8000000000000000706897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25312586da30128c2023-02-07 15:15:31.053root 11241100x8000000000000000706896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1d91aefb789f5d2023-02-07 15:15:31.053root 11241100x8000000000000000706909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254a530b2f0be1d72023-02-07 15:15:31.054root 11241100x8000000000000000706908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b3a111416f28a92023-02-07 15:15:31.054root 11241100x8000000000000000706907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a473ef563831ef92023-02-07 15:15:31.054root 11241100x8000000000000000706906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6ebcdbe3af81c2023-02-07 15:15:31.054root 11241100x8000000000000000706905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330949bb6f6af71c2023-02-07 15:15:31.054root 11241100x8000000000000000706904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4bf73168440e2e2023-02-07 15:15:31.054root 11241100x8000000000000000706903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aae2af3a37dbcf92023-02-07 15:15:31.054root 11241100x8000000000000000706902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf8d9190aad36562023-02-07 15:15:31.054root 11241100x8000000000000000706914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badbdf05113356462023-02-07 15:15:31.055root 11241100x8000000000000000706913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716209d4343967232023-02-07 15:15:31.055root 11241100x8000000000000000706912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a069aa856c25bb2023-02-07 15:15:31.055root 11241100x8000000000000000706911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08cf4efc64c473a2023-02-07 15:15:31.055root 11241100x8000000000000000706910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b257a59b75a6a592023-02-07 15:15:31.055root 11241100x8000000000000000706920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f486b9ee143b1be42023-02-07 15:15:31.056root 11241100x8000000000000000706919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61be8af5fa7c0e412023-02-07 15:15:31.056root 11241100x8000000000000000706918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756c2c4aa24c9b8e2023-02-07 15:15:31.056root 11241100x8000000000000000706917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e12a46d95bdb4e2023-02-07 15:15:31.056root 11241100x8000000000000000706916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f1149f26b1acdf2023-02-07 15:15:31.056root 11241100x8000000000000000706915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f03ffbc7630e002023-02-07 15:15:31.056root 11241100x8000000000000000706921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b66b317a8cee32023-02-07 15:15:31.345root 11241100x8000000000000000706933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d69206957a16ae22023-02-07 15:15:31.346root 11241100x8000000000000000706932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf78248e2c3c2d32023-02-07 15:15:31.346root 11241100x8000000000000000706931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d523b22adfbd8a9b2023-02-07 15:15:31.346root 11241100x8000000000000000706930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc16b16e54e81e32023-02-07 15:15:31.346root 11241100x8000000000000000706929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de97fb19703835cd2023-02-07 15:15:31.346root 11241100x8000000000000000706928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78bd79178723ee42023-02-07 15:15:31.346root 11241100x8000000000000000706927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caedab3692a9c5f2023-02-07 15:15:31.346root 11241100x8000000000000000706926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b995ebb62837d2672023-02-07 15:15:31.346root 11241100x8000000000000000706925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca08d91003f357582023-02-07 15:15:31.346root 11241100x8000000000000000706924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a0b97084d9c9d32023-02-07 15:15:31.346root 11241100x8000000000000000706923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e876832b61da7222023-02-07 15:15:31.346root 11241100x8000000000000000706922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4aae2eee28af77c2023-02-07 15:15:31.346root 11241100x8000000000000000706946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d00c8266620a7852023-02-07 15:15:31.347root 11241100x8000000000000000706945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eaa09213de08da2023-02-07 15:15:31.347root 11241100x8000000000000000706944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c5a8a3e053449b2023-02-07 15:15:31.347root 11241100x8000000000000000706943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480786d1283699552023-02-07 15:15:31.347root 11241100x8000000000000000706942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6327f39a3d5d81c72023-02-07 15:15:31.347root 11241100x8000000000000000706941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adccbcb261c40bb22023-02-07 15:15:31.347root 11241100x8000000000000000706940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5327874f3328f6082023-02-07 15:15:31.347root 11241100x8000000000000000706939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59067d3915d6e8f52023-02-07 15:15:31.347root 11241100x8000000000000000706938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc59d215aa044f722023-02-07 15:15:31.347root 11241100x8000000000000000706937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92589400ff606e12023-02-07 15:15:31.347root 11241100x8000000000000000706936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c33436cf2ab13fe2023-02-07 15:15:31.347root 11241100x8000000000000000706935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f576db96051086782023-02-07 15:15:31.347root 11241100x8000000000000000706934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5478ae078b66fb12023-02-07 15:15:31.347root 11241100x8000000000000000706957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905247bef0386bd02023-02-07 15:15:31.348root 11241100x8000000000000000706956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0078e5f47d7f2f7d2023-02-07 15:15:31.348root 11241100x8000000000000000706955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f643ce49bed4b6052023-02-07 15:15:31.348root 11241100x8000000000000000706954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ee632d383d96a12023-02-07 15:15:31.348root 11241100x8000000000000000706953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a11cceba4479c92023-02-07 15:15:31.348root 11241100x8000000000000000706952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd20ce5adcfd37a22023-02-07 15:15:31.348root 11241100x8000000000000000706951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28558ecc5fec6b92023-02-07 15:15:31.348root 11241100x8000000000000000706950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c9e8e7c2ac4d982023-02-07 15:15:31.348root 11241100x8000000000000000706949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b9241086b8cde82023-02-07 15:15:31.348root 11241100x8000000000000000706948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd5309ba294eb322023-02-07 15:15:31.348root 11241100x8000000000000000706947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe193cfe658e272023-02-07 15:15:31.348root 11241100x8000000000000000706964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049913b2ac9aaa862023-02-07 15:15:31.845root 11241100x8000000000000000706963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f958854cfbb99c652023-02-07 15:15:31.845root 11241100x8000000000000000706962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded006081dc26bbb2023-02-07 15:15:31.845root 11241100x8000000000000000706961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb3bfc3f22184a72023-02-07 15:15:31.845root 11241100x8000000000000000706960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf813954d4b10a3b2023-02-07 15:15:31.845root 11241100x8000000000000000706959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ab3989cc24ab012023-02-07 15:15:31.845root 11241100x8000000000000000706958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314684c98d4cd4592023-02-07 15:15:31.845root 11241100x8000000000000000706970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2732d6aba65918082023-02-07 15:15:31.846root 11241100x8000000000000000706969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4530f3399fd414e82023-02-07 15:15:31.846root 11241100x8000000000000000706968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90209eacb4db7afe2023-02-07 15:15:31.846root 11241100x8000000000000000706967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580cbc2f583360b92023-02-07 15:15:31.846root 11241100x8000000000000000706966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c0dd4996948342023-02-07 15:15:31.846root 11241100x8000000000000000706965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498ea9fe75171b2d2023-02-07 15:15:31.846root 11241100x8000000000000000706982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0a30d15f94c7f32023-02-07 15:15:31.847root 11241100x8000000000000000706981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e529d047a453c0482023-02-07 15:15:31.847root 11241100x8000000000000000706980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a6da18622ff3202023-02-07 15:15:31.847root 11241100x8000000000000000706979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e40043159d73052023-02-07 15:15:31.847root 11241100x8000000000000000706978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe0017f9302a9112023-02-07 15:15:31.847root 11241100x8000000000000000706977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8d96e0c7e47ef92023-02-07 15:15:31.847root 11241100x8000000000000000706976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba3888052263f6e2023-02-07 15:15:31.847root 11241100x8000000000000000706975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7463ebfbd6e5f8f2023-02-07 15:15:31.847root 11241100x8000000000000000706974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d58f0d920e2f33b2023-02-07 15:15:31.847root 11241100x8000000000000000706973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5393d808156865672023-02-07 15:15:31.847root 11241100x8000000000000000706972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d7801d1a19e2012023-02-07 15:15:31.847root 11241100x8000000000000000706971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb3763997fdcc182023-02-07 15:15:31.847root 11241100x8000000000000000706994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c682b6d9b8fa26e2023-02-07 15:15:31.848root 11241100x8000000000000000706993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7084597954d7c1a62023-02-07 15:15:31.848root 11241100x8000000000000000706992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2990788b7e046592023-02-07 15:15:31.848root 11241100x8000000000000000706991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1edff5f570c16e2023-02-07 15:15:31.848root 11241100x8000000000000000706990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5084da9ad9f4b642023-02-07 15:15:31.848root 11241100x8000000000000000706989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda240cfbc9279d2023-02-07 15:15:31.848root 11241100x8000000000000000706988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1841bfad3d569f2023-02-07 15:15:31.848root 11241100x8000000000000000706987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e950d162e32ba9c2023-02-07 15:15:31.848root 11241100x8000000000000000706986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a727d64abcd9f92023-02-07 15:15:31.848root 11241100x8000000000000000706985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da39aac885034ffd2023-02-07 15:15:31.848root 11241100x8000000000000000706984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba14562126938f2023-02-07 15:15:31.848root 11241100x8000000000000000706983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788e63bc8e2b5e642023-02-07 15:15:31.848root 11241100x8000000000000000707003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535b4834bc768bf32023-02-07 15:15:31.849root 11241100x8000000000000000707002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd6fd524c372e232023-02-07 15:15:31.849root 11241100x8000000000000000707001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb431c38bb22f9c2023-02-07 15:15:31.849root 11241100x8000000000000000707000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a642403d0f41a62023-02-07 15:15:31.849root 11241100x8000000000000000706999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7c8da9ab4466122023-02-07 15:15:31.849root 11241100x8000000000000000706998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748814a98ddb987a2023-02-07 15:15:31.849root 11241100x8000000000000000706997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649e7145b1e21fcf2023-02-07 15:15:31.849root 11241100x8000000000000000706996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c397f5a7f30e3de2023-02-07 15:15:31.849root 11241100x8000000000000000706995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:31.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf29d52d8a740b92023-02-07 15:15:31.849root 11241100x8000000000000000707016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e973c76265b77eba2023-02-07 15:15:32.346root 11241100x8000000000000000707015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699c688ae4736e762023-02-07 15:15:32.346root 11241100x8000000000000000707014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77119434d9dd23972023-02-07 15:15:32.346root 11241100x8000000000000000707013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac1e7d0620bab502023-02-07 15:15:32.346root 11241100x8000000000000000707012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8292ed3053f9c72023-02-07 15:15:32.346root 11241100x8000000000000000707011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedfa88f35b3f84e2023-02-07 15:15:32.346root 11241100x8000000000000000707010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206db7342b567b772023-02-07 15:15:32.346root 11241100x8000000000000000707009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f81d8c62d4947f2023-02-07 15:15:32.346root 11241100x8000000000000000707008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e784ce7ce55a01dc2023-02-07 15:15:32.346root 11241100x8000000000000000707007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f263ab6f6feb33352023-02-07 15:15:32.346root 11241100x8000000000000000707006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a615588e39be32023-02-07 15:15:32.346root 11241100x8000000000000000707005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b7eb5292a19cf62023-02-07 15:15:32.346root 11241100x8000000000000000707004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae736d07f9072cd2023-02-07 15:15:32.346root 11241100x8000000000000000707031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6083b15fa27f3a402023-02-07 15:15:32.347root 11241100x8000000000000000707030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e8cdbbb09367db2023-02-07 15:15:32.347root 11241100x8000000000000000707029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de86afcb56a363a2023-02-07 15:15:32.347root 11241100x8000000000000000707028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411ac1e9e00935682023-02-07 15:15:32.347root 11241100x8000000000000000707027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22fab19aed480c12023-02-07 15:15:32.347root 11241100x8000000000000000707026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedae01979fd16192023-02-07 15:15:32.347root 11241100x8000000000000000707025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2cfb5182575df92023-02-07 15:15:32.347root 11241100x8000000000000000707024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6663a2f8e59677a62023-02-07 15:15:32.347root 11241100x8000000000000000707023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abe62384fbd13af2023-02-07 15:15:32.347root 11241100x8000000000000000707022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0c6ff07b537a8a2023-02-07 15:15:32.347root 11241100x8000000000000000707021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ed0a821afee3712023-02-07 15:15:32.347root 11241100x8000000000000000707020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b497466351f3d732023-02-07 15:15:32.347root 11241100x8000000000000000707019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9db125c740ba072023-02-07 15:15:32.347root 11241100x8000000000000000707018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33a5dce25b24edc2023-02-07 15:15:32.347root 11241100x8000000000000000707017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0b94f582d352b92023-02-07 15:15:32.347root 11241100x8000000000000000707042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35583a7d5e7b2782023-02-07 15:15:32.348root 11241100x8000000000000000707041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230d0b9594bb64002023-02-07 15:15:32.348root 11241100x8000000000000000707040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c001a1fd75c4c72023-02-07 15:15:32.348root 11241100x8000000000000000707039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb888492ca33d4a2023-02-07 15:15:32.348root 11241100x8000000000000000707038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1735aae324e07272023-02-07 15:15:32.348root 11241100x8000000000000000707037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804fa1be90b603c02023-02-07 15:15:32.348root 11241100x8000000000000000707036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b286239ff085c972023-02-07 15:15:32.348root 11241100x8000000000000000707035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9942b01027532c2023-02-07 15:15:32.348root 11241100x8000000000000000707034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd56817aa33db0c2023-02-07 15:15:32.348root 11241100x8000000000000000707033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1803eab08a8735442023-02-07 15:15:32.348root 11241100x8000000000000000707032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df13c89037c429052023-02-07 15:15:32.348root 11241100x8000000000000000707050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c3d2b47e09ca02023-02-07 15:15:32.846root 11241100x8000000000000000707049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d40412140208152023-02-07 15:15:32.846root 11241100x8000000000000000707048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e365a948be99c2023-02-07 15:15:32.846root 11241100x8000000000000000707047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78061d726e28aaf72023-02-07 15:15:32.846root 11241100x8000000000000000707046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65259cc546bf63052023-02-07 15:15:32.846root 11241100x8000000000000000707045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c440c4481dc765b2023-02-07 15:15:32.846root 11241100x8000000000000000707044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531d61f4e9a4a1292023-02-07 15:15:32.846root 11241100x8000000000000000707043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b35da934cfbbad2023-02-07 15:15:32.846root 11241100x8000000000000000707064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae83c8aa2b3d3aa52023-02-07 15:15:32.847root 11241100x8000000000000000707063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9780c3bd7c1c4e642023-02-07 15:15:32.847root 11241100x8000000000000000707062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c005aab9b230f66b2023-02-07 15:15:32.847root 11241100x8000000000000000707061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c8e411c4f216fa2023-02-07 15:15:32.847root 11241100x8000000000000000707060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbace4652983db12023-02-07 15:15:32.847root 11241100x8000000000000000707059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a61618519e60772023-02-07 15:15:32.847root 11241100x8000000000000000707058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af818429e33cc32023-02-07 15:15:32.847root 11241100x8000000000000000707057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbcda5b3c83465d2023-02-07 15:15:32.847root 11241100x8000000000000000707056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92318d197c70ebc12023-02-07 15:15:32.847root 11241100x8000000000000000707055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d896995107684012023-02-07 15:15:32.847root 11241100x8000000000000000707054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039088d26c18d57d2023-02-07 15:15:32.847root 11241100x8000000000000000707053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e116f1e864746ac82023-02-07 15:15:32.847root 11241100x8000000000000000707052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f6c142e1f78b682023-02-07 15:15:32.847root 11241100x8000000000000000707051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b85c8fae21c90d72023-02-07 15:15:32.847root 11241100x8000000000000000707076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a9228142a482b52023-02-07 15:15:32.848root 11241100x8000000000000000707075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fc42af842b5bbc2023-02-07 15:15:32.848root 11241100x8000000000000000707074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d27adbc4b298d0c2023-02-07 15:15:32.848root 11241100x8000000000000000707073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febfc3a80aad92a52023-02-07 15:15:32.848root 11241100x8000000000000000707072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc21c7c13a0d68cb2023-02-07 15:15:32.848root 11241100x8000000000000000707071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc60e8de9b9b37f2023-02-07 15:15:32.848root 11241100x8000000000000000707070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ba534b4ab8ee4f2023-02-07 15:15:32.848root 11241100x8000000000000000707069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86432b39f22941d42023-02-07 15:15:32.848root 11241100x8000000000000000707068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8afeaef1f064d472023-02-07 15:15:32.848root 11241100x8000000000000000707067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafa9db8853998e92023-02-07 15:15:32.848root 11241100x8000000000000000707066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa215f9a8347e012023-02-07 15:15:32.848root 11241100x8000000000000000707065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bb8fd92cc6181f2023-02-07 15:15:32.848root 11241100x8000000000000000707077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d5365fbe625972023-02-07 15:15:33.345root 11241100x8000000000000000707089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4288dcfe30795f312023-02-07 15:15:33.346root 11241100x8000000000000000707088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105c67c3dd4fd882023-02-07 15:15:33.346root 11241100x8000000000000000707087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9f1d2543db3b9b2023-02-07 15:15:33.346root 11241100x8000000000000000707086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae7d2b2680b6982023-02-07 15:15:33.346root 11241100x8000000000000000707085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6414543f790dffe32023-02-07 15:15:33.346root 11241100x8000000000000000707084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5bf1bb9b15745f2023-02-07 15:15:33.346root 11241100x8000000000000000707083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3901a78b5d1528c12023-02-07 15:15:33.346root 11241100x8000000000000000707082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf11da883fcecf32023-02-07 15:15:33.346root 11241100x8000000000000000707081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf6dbc958d970e22023-02-07 15:15:33.346root 11241100x8000000000000000707080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a49c6d5a04d57292023-02-07 15:15:33.346root 11241100x8000000000000000707079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0538460fbbc459372023-02-07 15:15:33.346root 11241100x8000000000000000707078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f7ce3ee658e04d2023-02-07 15:15:33.346root 11241100x8000000000000000707104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ddc7fb5fc7b0542023-02-07 15:15:33.347root 11241100x8000000000000000707103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429a7c9e5fd3b8692023-02-07 15:15:33.347root 11241100x8000000000000000707102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953ea938f4b3135c2023-02-07 15:15:33.347root 11241100x8000000000000000707101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfeaf6782401b4322023-02-07 15:15:33.347root 11241100x8000000000000000707100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a682d902baed0012023-02-07 15:15:33.347root 11241100x8000000000000000707099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cd21c799a87c9d2023-02-07 15:15:33.347root 11241100x8000000000000000707098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d592d39fccc79d2023-02-07 15:15:33.347root 11241100x8000000000000000707097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970ef1a0e95dfc7d2023-02-07 15:15:33.347root 11241100x8000000000000000707096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94c76f2541685f62023-02-07 15:15:33.347root 11241100x8000000000000000707095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603c2202abccf76a2023-02-07 15:15:33.347root 11241100x8000000000000000707094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bd2185b7aba25b2023-02-07 15:15:33.347root 11241100x8000000000000000707093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69aad9a7f282f4ee2023-02-07 15:15:33.347root 11241100x8000000000000000707092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb7f1b3f5dbf542023-02-07 15:15:33.347root 11241100x8000000000000000707091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb8156e2b817252023-02-07 15:15:33.347root 11241100x8000000000000000707090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f73fb47babd8372023-02-07 15:15:33.347root 11241100x8000000000000000707112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12754d3778ba57672023-02-07 15:15:33.348root 11241100x8000000000000000707111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144e13b4c19ce9572023-02-07 15:15:33.348root 11241100x8000000000000000707110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f172817c5b973482023-02-07 15:15:33.348root 11241100x8000000000000000707109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35bf113c1becac72023-02-07 15:15:33.348root 11241100x8000000000000000707108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad5952302b504452023-02-07 15:15:33.348root 11241100x8000000000000000707107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6418f6ff91f0e12023-02-07 15:15:33.348root 11241100x8000000000000000707106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143cbfe627a9911f2023-02-07 15:15:33.348root 11241100x8000000000000000707105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918e0a98f73cf29c2023-02-07 15:15:33.348root 11241100x8000000000000000707125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2ce9012ffe5292023-02-07 15:15:33.846root 11241100x8000000000000000707124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b01e6cee40ac682023-02-07 15:15:33.846root 11241100x8000000000000000707123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2822103522c86602023-02-07 15:15:33.846root 11241100x8000000000000000707122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b4982612560aed2023-02-07 15:15:33.846root 11241100x8000000000000000707121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbbff02d21efa182023-02-07 15:15:33.846root 11241100x8000000000000000707120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beaf4f1f3ab2b412023-02-07 15:15:33.846root 11241100x8000000000000000707119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75dfbb5391511072023-02-07 15:15:33.846root 11241100x8000000000000000707118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c63c6dd59021b2023-02-07 15:15:33.846root 11241100x8000000000000000707117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c0c200e3c1266e2023-02-07 15:15:33.846root 11241100x8000000000000000707116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d03be6bfb51f802023-02-07 15:15:33.846root 11241100x8000000000000000707115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3422ed6e6ddb2b022023-02-07 15:15:33.846root 11241100x8000000000000000707114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b323f2aa145b65172023-02-07 15:15:33.846root 11241100x8000000000000000707113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b154c9924faec7262023-02-07 15:15:33.846root 11241100x8000000000000000707136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07aaab030f639b12023-02-07 15:15:33.847root 11241100x8000000000000000707135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76e8bb374a9ee4b2023-02-07 15:15:33.847root 11241100x8000000000000000707134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc7f0a61892254f2023-02-07 15:15:33.847root 11241100x8000000000000000707133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ac917e9964862f2023-02-07 15:15:33.847root 11241100x8000000000000000707132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7de093d4ca470a2023-02-07 15:15:33.847root 11241100x8000000000000000707131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3a081a79e4d1692023-02-07 15:15:33.847root 11241100x8000000000000000707130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78adb80e9523bb2023-02-07 15:15:33.847root 11241100x8000000000000000707129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9ea80ce19852172023-02-07 15:15:33.847root 11241100x8000000000000000707128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ef4a62902d18492023-02-07 15:15:33.847root 11241100x8000000000000000707127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30e455deb1174a32023-02-07 15:15:33.847root 11241100x8000000000000000707126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b9c1c9bde25c292023-02-07 15:15:33.847root 11241100x8000000000000000707148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15ce33f662222a42023-02-07 15:15:33.848root 11241100x8000000000000000707147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a164bb4eeb5cb12023-02-07 15:15:33.848root 11241100x8000000000000000707146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2115e57fa549742023-02-07 15:15:33.848root 11241100x8000000000000000707145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f6707b323452412023-02-07 15:15:33.848root 11241100x8000000000000000707144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f976b6caab6e8a432023-02-07 15:15:33.848root 11241100x8000000000000000707143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ef2ce3588bf2e42023-02-07 15:15:33.848root 11241100x8000000000000000707142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3587ccfc86799c62023-02-07 15:15:33.848root 11241100x8000000000000000707141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b449f533fa2961ad2023-02-07 15:15:33.848root 11241100x8000000000000000707140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15206921844359f22023-02-07 15:15:33.848root 11241100x8000000000000000707139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab70006703177eb52023-02-07 15:15:33.848root 11241100x8000000000000000707138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce26e123afb8d112023-02-07 15:15:33.848root 11241100x8000000000000000707137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800bddfbd4a34a5e2023-02-07 15:15:33.848root 11241100x8000000000000000707153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9084cbbb81363a382023-02-07 15:15:33.850root 11241100x8000000000000000707152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92337583a24484b92023-02-07 15:15:33.850root 11241100x8000000000000000707151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034761b1c4e351aa2023-02-07 15:15:33.850root 11241100x8000000000000000707150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306f56c6f560ca292023-02-07 15:15:33.850root 11241100x8000000000000000707149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8e8f0b0bbbed5c2023-02-07 15:15:33.850root 11241100x8000000000000000707160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067b48e1b752cf6f2023-02-07 15:15:33.855root 11241100x8000000000000000707159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdded9222368e4b2023-02-07 15:15:33.855root 11241100x8000000000000000707158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc747413454291f2023-02-07 15:15:33.855root 11241100x8000000000000000707157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fab00f5bee39732023-02-07 15:15:33.855root 11241100x8000000000000000707156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da468a9c31c297f2023-02-07 15:15:33.855root 11241100x8000000000000000707155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b3c3cea20b9de52023-02-07 15:15:33.855root 11241100x8000000000000000707154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.855{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f60b85696ac40d2023-02-07 15:15:33.855root 11241100x8000000000000000707165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633b3c81706cdaaa2023-02-07 15:15:33.856root 11241100x8000000000000000707164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d3d4edf449b7662023-02-07 15:15:33.856root 11241100x8000000000000000707163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c84db6df2bb3d02023-02-07 15:15:33.856root 11241100x8000000000000000707162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f2b61c2505af8e2023-02-07 15:15:33.856root 11241100x8000000000000000707161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.856{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c1c0754c729b792023-02-07 15:15:33.856root 11241100x8000000000000000707169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cde37329e1fd7502023-02-07 15:15:33.857root 11241100x8000000000000000707168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcda4bf0c9aa92642023-02-07 15:15:33.857root 11241100x8000000000000000707167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd58cf085b5d6f22023-02-07 15:15:33.857root 11241100x8000000000000000707166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.857{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4bb846d681f4b42023-02-07 15:15:33.857root 11241100x8000000000000000707178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a069486d4c49e2023-02-07 15:15:33.858root 11241100x8000000000000000707177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7995d02655a940d2023-02-07 15:15:33.858root 11241100x8000000000000000707176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c3b27163babc7b2023-02-07 15:15:33.858root 11241100x8000000000000000707175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1b542d4d4d4ee62023-02-07 15:15:33.858root 11241100x8000000000000000707174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16ee4954d5e1d7e2023-02-07 15:15:33.858root 11241100x8000000000000000707173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d378ef0fcef901402023-02-07 15:15:33.858root 11241100x8000000000000000707172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8469a32003049dab2023-02-07 15:15:33.858root 11241100x8000000000000000707171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeb4f304e402a892023-02-07 15:15:33.858root 11241100x8000000000000000707170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.858{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbc13526d0e5fe72023-02-07 15:15:33.858root 11241100x8000000000000000707187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9692c4dbd246292c2023-02-07 15:15:33.859root 11241100x8000000000000000707186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf64ac60ed151df2023-02-07 15:15:33.859root 11241100x8000000000000000707185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476462eede6617cf2023-02-07 15:15:33.859root 11241100x8000000000000000707184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef458cdfb9880be2023-02-07 15:15:33.859root 11241100x8000000000000000707183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9bf11cde081432023-02-07 15:15:33.859root 11241100x8000000000000000707182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0863c01a648b6772023-02-07 15:15:33.859root 11241100x8000000000000000707181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33372e8a84ec5e82023-02-07 15:15:33.859root 11241100x8000000000000000707180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c754f28583540052023-02-07 15:15:33.859root 11241100x8000000000000000707179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.859{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee30244f565db5872023-02-07 15:15:33.859root 11241100x8000000000000000707191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab8ef183b491e622023-02-07 15:15:33.860root 11241100x8000000000000000707190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b37697705cfae32023-02-07 15:15:33.860root 11241100x8000000000000000707189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e00d1b9f336aa7a2023-02-07 15:15:33.860root 11241100x8000000000000000707188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.860{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f525ff620824d57b2023-02-07 15:15:33.860root 11241100x8000000000000000707197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8aa5ccf3e0ccb12023-02-07 15:15:33.861root 11241100x8000000000000000707196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd99c729275bf0d2023-02-07 15:15:33.861root 11241100x8000000000000000707195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99210671ab932a2023-02-07 15:15:33.861root 11241100x8000000000000000707194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ad02ecc7a07d182023-02-07 15:15:33.861root 11241100x8000000000000000707193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa18a94755e0c8872023-02-07 15:15:33.861root 11241100x8000000000000000707192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.861{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448364bfb23014942023-02-07 15:15:33.861root 11241100x8000000000000000707202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6396839527e38c502023-02-07 15:15:33.862root 11241100x8000000000000000707201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ae6aec1d50b362023-02-07 15:15:33.862root 11241100x8000000000000000707200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d0935b532cb7902023-02-07 15:15:33.862root 11241100x8000000000000000707199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c3862e5cce42252023-02-07 15:15:33.862root 11241100x8000000000000000707198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.862{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d1fec8218c141c2023-02-07 15:15:33.862root 11241100x8000000000000000707206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e7bc3302a711512023-02-07 15:15:33.863root 11241100x8000000000000000707205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2057bae27cc5922023-02-07 15:15:33.863root 11241100x8000000000000000707204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62394bca7ad367b62023-02-07 15:15:33.863root 11241100x8000000000000000707203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.863{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a199f74a972ad32023-02-07 15:15:33.863root 11241100x8000000000000000707208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0b9acaab656a432023-02-07 15:15:33.864root 11241100x8000000000000000707207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.864{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ee3001f384dee22023-02-07 15:15:33.864root 11241100x8000000000000000707209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:33.865{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490987f5e9bbd512023-02-07 15:15:33.865root 11241100x8000000000000000707211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d907a759697282023-02-07 15:15:34.345root 11241100x8000000000000000707210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef34df593e1764a2023-02-07 15:15:34.345root 11241100x8000000000000000707225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0da5191695bcad92023-02-07 15:15:34.346root 11241100x8000000000000000707224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aa6d8b7012abd62023-02-07 15:15:34.346root 11241100x8000000000000000707223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c91e656047a946d2023-02-07 15:15:34.346root 11241100x8000000000000000707222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f5708931560dce2023-02-07 15:15:34.346root 11241100x8000000000000000707221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa32a20d9805694e2023-02-07 15:15:34.346root 11241100x8000000000000000707220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64750d7fa152095c2023-02-07 15:15:34.346root 11241100x8000000000000000707219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2155e66168e826fa2023-02-07 15:15:34.346root 11241100x8000000000000000707218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc00e61d63e085862023-02-07 15:15:34.346root 11241100x8000000000000000707217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ec9c687642418d2023-02-07 15:15:34.346root 11241100x8000000000000000707216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa5c45e6990f91f2023-02-07 15:15:34.346root 11241100x8000000000000000707215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783f0b53007c13e2023-02-07 15:15:34.346root 11241100x8000000000000000707214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4501a6a50e3d61ae2023-02-07 15:15:34.346root 11241100x8000000000000000707213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934856e91ba6e64a2023-02-07 15:15:34.346root 11241100x8000000000000000707212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd94eae49ddfe8722023-02-07 15:15:34.346root 11241100x8000000000000000707239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b844bede605b4a2023-02-07 15:15:34.347root 11241100x8000000000000000707238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ed3d88764006cb2023-02-07 15:15:34.347root 11241100x8000000000000000707237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a6505a53cf41cd2023-02-07 15:15:34.347root 11241100x8000000000000000707236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b378d37003029332023-02-07 15:15:34.347root 11241100x8000000000000000707235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2856d95e2fdf02782023-02-07 15:15:34.347root 11241100x8000000000000000707234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c693a3c9b14aad82023-02-07 15:15:34.347root 11241100x8000000000000000707233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1626aa3614a6ffb2023-02-07 15:15:34.347root 11241100x8000000000000000707232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961bda0e29dc425c2023-02-07 15:15:34.347root 11241100x8000000000000000707231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2a4d3141c6455d2023-02-07 15:15:34.347root 11241100x8000000000000000707230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef670c85ba77e9f2023-02-07 15:15:34.347root 11241100x8000000000000000707229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09994a296a3589e72023-02-07 15:15:34.347root 11241100x8000000000000000707228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7821c01bff32c5b2023-02-07 15:15:34.347root 11241100x8000000000000000707227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2640c418891afc4a2023-02-07 15:15:34.347root 11241100x8000000000000000707226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097fa32713bc1af72023-02-07 15:15:34.347root 11241100x8000000000000000707253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ee490d9ffcf7c02023-02-07 15:15:34.348root 11241100x8000000000000000707252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b5b719952fb5b52023-02-07 15:15:34.348root 11241100x8000000000000000707251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acce5c9399debbe2023-02-07 15:15:34.348root 11241100x8000000000000000707250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa070535e6ad24d2023-02-07 15:15:34.348root 11241100x8000000000000000707249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1909c70fc69172682023-02-07 15:15:34.348root 11241100x8000000000000000707248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f90dfa98e2f22de2023-02-07 15:15:34.348root 11241100x8000000000000000707247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074c31438897985e2023-02-07 15:15:34.348root 11241100x8000000000000000707246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfab255b77bed302023-02-07 15:15:34.348root 11241100x8000000000000000707245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3525ecfb5de8d7912023-02-07 15:15:34.348root 11241100x8000000000000000707244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa075e68f53265a2023-02-07 15:15:34.348root 11241100x8000000000000000707243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e89495e3b24f142023-02-07 15:15:34.348root 11241100x8000000000000000707242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d73a200f376a5992023-02-07 15:15:34.348root 11241100x8000000000000000707241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809b8b635e2b49992023-02-07 15:15:34.348root 11241100x8000000000000000707240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b33cfb19f0486a32023-02-07 15:15:34.348root 11241100x8000000000000000707260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc67bb5d47221192023-02-07 15:15:34.845root 11241100x8000000000000000707259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2440a8fe7385738f2023-02-07 15:15:34.845root 11241100x8000000000000000707258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9884e981e58b4e92023-02-07 15:15:34.845root 11241100x8000000000000000707257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974f940a2453a4612023-02-07 15:15:34.845root 11241100x8000000000000000707256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66e6e6ca09dd5a62023-02-07 15:15:34.845root 11241100x8000000000000000707255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139ca2f5cb7b01a62023-02-07 15:15:34.845root 11241100x8000000000000000707254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90c2bbe303a2a7b2023-02-07 15:15:34.845root 11241100x8000000000000000707275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e299f0d22421506b2023-02-07 15:15:34.846root 11241100x8000000000000000707274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e310eb1ab3d3792023-02-07 15:15:34.846root 11241100x8000000000000000707273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f170211e4e6166182023-02-07 15:15:34.846root 11241100x8000000000000000707272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b74090423e8a22023-02-07 15:15:34.846root 11241100x8000000000000000707271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400d614f5a97b7812023-02-07 15:15:34.846root 11241100x8000000000000000707270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc4820b44c70c362023-02-07 15:15:34.846root 11241100x8000000000000000707269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1eb1579de30b62023-02-07 15:15:34.846root 11241100x8000000000000000707268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485fff0d40b52afd2023-02-07 15:15:34.846root 11241100x8000000000000000707267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022fb35ee6e6a74d2023-02-07 15:15:34.846root 11241100x8000000000000000707266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8779424ef9f5092023-02-07 15:15:34.846root 11241100x8000000000000000707265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800ded5ad614c0d62023-02-07 15:15:34.846root 11241100x8000000000000000707264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06338eba65df1f72023-02-07 15:15:34.846root 11241100x8000000000000000707263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067adf23c9ca83372023-02-07 15:15:34.846root 11241100x8000000000000000707262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478261f3c50bc8ee2023-02-07 15:15:34.846root 11241100x8000000000000000707261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf431cdd73212df2023-02-07 15:15:34.846root 11241100x8000000000000000707281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3304592539ec1fa12023-02-07 15:15:34.847root 11241100x8000000000000000707280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c658ac7d9cb511b72023-02-07 15:15:34.847root 11241100x8000000000000000707279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781755cd2e00697a2023-02-07 15:15:34.847root 11241100x8000000000000000707278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a517ea0ae526d6ee2023-02-07 15:15:34.847root 11241100x8000000000000000707277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c91df6d587f5422023-02-07 15:15:34.847root 11241100x8000000000000000707276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f6814cdca6bb922023-02-07 15:15:34.847root 11241100x8000000000000000707291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76255490e50561bc2023-02-07 15:15:34.848root 11241100x8000000000000000707290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c9d3c0991f94582023-02-07 15:15:34.848root 11241100x8000000000000000707289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed079153c45ec172023-02-07 15:15:34.848root 11241100x8000000000000000707288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb917969f59b7542023-02-07 15:15:34.848root 11241100x8000000000000000707287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccecd3f973d0a6c62023-02-07 15:15:34.848root 11241100x8000000000000000707286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef983ae8eab76d572023-02-07 15:15:34.848root 11241100x8000000000000000707285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6926dbcd711c91c32023-02-07 15:15:34.848root 11241100x8000000000000000707284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d750f8f9952d35f2023-02-07 15:15:34.848root 11241100x8000000000000000707283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7238db2b8073a6182023-02-07 15:15:34.848root 11241100x8000000000000000707282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb2ce189416d5d2023-02-07 15:15:34.848root 11241100x8000000000000000707296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52463a8bf84e429f2023-02-07 15:15:34.850root 11241100x8000000000000000707295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d3f76ed36d37b32023-02-07 15:15:34.850root 11241100x8000000000000000707294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b6a5dd1a338b252023-02-07 15:15:34.850root 11241100x8000000000000000707293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4741ed63d0300cc02023-02-07 15:15:34.850root 11241100x8000000000000000707292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c5820d6430c2222023-02-07 15:15:34.850root 11241100x8000000000000000707307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be00e240447269022023-02-07 15:15:34.851root 11241100x8000000000000000707306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c98513067ed6b52023-02-07 15:15:34.851root 11241100x8000000000000000707305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c2ebd28bff79be2023-02-07 15:15:34.851root 11241100x8000000000000000707304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1820b4e5d516c6d2023-02-07 15:15:34.851root 11241100x8000000000000000707303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b4241f794a73f72023-02-07 15:15:34.851root 11241100x8000000000000000707302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0791e282c1a99faa2023-02-07 15:15:34.851root 11241100x8000000000000000707301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4780491f49f4ed72023-02-07 15:15:34.851root 11241100x8000000000000000707300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149112364842cb1f2023-02-07 15:15:34.851root 11241100x8000000000000000707299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268c260b3c39436d2023-02-07 15:15:34.851root 11241100x8000000000000000707298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7c16463fc9dc8d2023-02-07 15:15:34.851root 11241100x8000000000000000707297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7cb4f5d7364f442023-02-07 15:15:34.851root 11241100x8000000000000000707317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5130b53b0184b7102023-02-07 15:15:34.852root 11241100x8000000000000000707316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9904eceb414f12f2023-02-07 15:15:34.852root 11241100x8000000000000000707315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98dc2340197310a2023-02-07 15:15:34.852root 11241100x8000000000000000707314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121534de979c10b2023-02-07 15:15:34.852root 11241100x8000000000000000707313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24306c64a69c29162023-02-07 15:15:34.852root 11241100x8000000000000000707312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bd76de878b354a2023-02-07 15:15:34.852root 11241100x8000000000000000707311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36caa0b426dae92023-02-07 15:15:34.852root 11241100x8000000000000000707310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe635273a56e3a962023-02-07 15:15:34.852root 11241100x8000000000000000707309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a70ad4de331b8512023-02-07 15:15:34.852root 11241100x8000000000000000707308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bd40894279cde22023-02-07 15:15:34.852root 11241100x8000000000000000707323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb3d0bc29c219762023-02-07 15:15:34.853root 11241100x8000000000000000707322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a01fc6d3ab71562023-02-07 15:15:34.853root 11241100x8000000000000000707321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd7a16bee94133e2023-02-07 15:15:34.853root 11241100x8000000000000000707320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04769484507b40192023-02-07 15:15:34.853root 11241100x8000000000000000707319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d792b438909220bd2023-02-07 15:15:34.853root 11241100x8000000000000000707318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:34.853{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3898dc44982cc03b2023-02-07 15:15:34.853root 11241100x8000000000000000707335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8311d734248d5dc2023-02-07 15:15:35.346root 11241100x8000000000000000707334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae378e6f6c9d7122023-02-07 15:15:35.346root 11241100x8000000000000000707333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d972aaa147371c922023-02-07 15:15:35.346root 11241100x8000000000000000707332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a7171040765a8d2023-02-07 15:15:35.346root 11241100x8000000000000000707331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18aa850feb50ad22023-02-07 15:15:35.346root 11241100x8000000000000000707330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4d53e15b955abc2023-02-07 15:15:35.346root 11241100x8000000000000000707329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c11291b247e039e2023-02-07 15:15:35.346root 11241100x8000000000000000707328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1808f6db69ddbb162023-02-07 15:15:35.346root 11241100x8000000000000000707327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d64be8444e06272023-02-07 15:15:35.346root 11241100x8000000000000000707326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abeb2e84578ca942023-02-07 15:15:35.346root 11241100x8000000000000000707325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2fa78441a7dd2a2023-02-07 15:15:35.346root 11241100x8000000000000000707324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd0e108df1f02412023-02-07 15:15:35.346root 11241100x8000000000000000707350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbcca84a185d1ee2023-02-07 15:15:35.347root 11241100x8000000000000000707349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f950425800e96b12023-02-07 15:15:35.347root 11241100x8000000000000000707348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427a3637f4c0bf5d2023-02-07 15:15:35.347root 11241100x8000000000000000707347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a383c7f51902c52023-02-07 15:15:35.347root 11241100x8000000000000000707346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e1f7927f67dc3b2023-02-07 15:15:35.347root 11241100x8000000000000000707345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e773535994ace99a2023-02-07 15:15:35.347root 11241100x8000000000000000707344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7c94df06e611ec2023-02-07 15:15:35.347root 11241100x8000000000000000707343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9601a44b1a68912023-02-07 15:15:35.347root 11241100x8000000000000000707342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f793e2d40836d22f2023-02-07 15:15:35.347root 11241100x8000000000000000707341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6bb2531c6391b52023-02-07 15:15:35.347root 11241100x8000000000000000707340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f74048a58aa9732023-02-07 15:15:35.347root 11241100x8000000000000000707339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7acfec715a8e42e2023-02-07 15:15:35.347root 11241100x8000000000000000707338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d55d42d9c24fb02023-02-07 15:15:35.347root 11241100x8000000000000000707337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43801ecfcadf7d82023-02-07 15:15:35.347root 11241100x8000000000000000707336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d67df6b13df2ab2023-02-07 15:15:35.347root 11241100x8000000000000000707365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841d674d059c00122023-02-07 15:15:35.348root 11241100x8000000000000000707364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4343f980b64622023-02-07 15:15:35.348root 11241100x8000000000000000707363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8169f2c99908802023-02-07 15:15:35.348root 11241100x8000000000000000707362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625f87ce3ea5aec72023-02-07 15:15:35.348root 11241100x8000000000000000707361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325b1c4c1f63b4ee2023-02-07 15:15:35.348root 11241100x8000000000000000707360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473bbde5df58bf2b2023-02-07 15:15:35.348root 11241100x8000000000000000707359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa47cd0c95c433382023-02-07 15:15:35.348root 11241100x8000000000000000707358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b77d284135bcd32023-02-07 15:15:35.348root 11241100x8000000000000000707357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8f0b3e18ffd53f2023-02-07 15:15:35.348root 11241100x8000000000000000707356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac81216aff4161ec2023-02-07 15:15:35.348root 11241100x8000000000000000707355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5293912a6398b08f2023-02-07 15:15:35.348root 11241100x8000000000000000707354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fa3b9b6ae2901b2023-02-07 15:15:35.348root 11241100x8000000000000000707353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d8051a7d24c4c92023-02-07 15:15:35.348root 11241100x8000000000000000707352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cd7c258cb0b9152023-02-07 15:15:35.348root 11241100x8000000000000000707351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f6a42f39f4767e2023-02-07 15:15:35.348root 11241100x8000000000000000707371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3480fc21fd8a14ea2023-02-07 15:15:35.349root 11241100x8000000000000000707370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c43bd2de75c8bde2023-02-07 15:15:35.349root 11241100x8000000000000000707369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a53b59666ddc3db2023-02-07 15:15:35.349root 11241100x8000000000000000707368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5d6ae4a40d1a582023-02-07 15:15:35.349root 11241100x8000000000000000707367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659849bb3ad5377b2023-02-07 15:15:35.349root 11241100x8000000000000000707366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d902f47f6fc0ee2023-02-07 15:15:35.349root 11241100x8000000000000000707376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc5245ad07a033a2023-02-07 15:15:35.350root 11241100x8000000000000000707375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9a49ff6903d5242023-02-07 15:15:35.350root 11241100x8000000000000000707374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef450cf220bdb3d2023-02-07 15:15:35.350root 11241100x8000000000000000707373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00ed57d6423e9d22023-02-07 15:15:35.350root 11241100x8000000000000000707372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe068e3c2016c7a72023-02-07 15:15:35.350root 11241100x8000000000000000707380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f212de4eed1b0912023-02-07 15:15:35.351root 11241100x8000000000000000707379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee34a9c08c9cea662023-02-07 15:15:35.351root 11241100x8000000000000000707378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f46fb925a611a2023-02-07 15:15:35.351root 11241100x8000000000000000707377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6919ab8f2d16a622023-02-07 15:15:35.351root 11241100x8000000000000000707383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32538955b6d300332023-02-07 15:15:35.352root 11241100x8000000000000000707382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3254ccf4a1e2252023-02-07 15:15:35.352root 11241100x8000000000000000707381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7a0dab6165d8572023-02-07 15:15:35.352root 11241100x8000000000000000707394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533cc22ca43ce4e12023-02-07 15:15:35.846root 11241100x8000000000000000707393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3f928ab9e04cf92023-02-07 15:15:35.846root 11241100x8000000000000000707392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506be25d33ebcc22023-02-07 15:15:35.846root 11241100x8000000000000000707391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a794a45de8bcfd432023-02-07 15:15:35.846root 11241100x8000000000000000707390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270779ba4f868702023-02-07 15:15:35.846root 11241100x8000000000000000707389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aac027911a546522023-02-07 15:15:35.846root 11241100x8000000000000000707388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb03bd19343d0e8c2023-02-07 15:15:35.846root 11241100x8000000000000000707387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d1196ababd32242023-02-07 15:15:35.846root 11241100x8000000000000000707386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b0df02d0175e092023-02-07 15:15:35.846root 11241100x8000000000000000707385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46260b0be8608fff2023-02-07 15:15:35.846root 11241100x8000000000000000707384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282a55b1a0a39ee12023-02-07 15:15:35.846root 11241100x8000000000000000707407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbe0c60d0b4883e2023-02-07 15:15:35.847root 11241100x8000000000000000707406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977da02911693c1e2023-02-07 15:15:35.847root 11241100x8000000000000000707405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7b26120194a3ee2023-02-07 15:15:35.847root 11241100x8000000000000000707404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81567c281ed9ecbb2023-02-07 15:15:35.847root 11241100x8000000000000000707403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68991ec92de59ee52023-02-07 15:15:35.847root 11241100x8000000000000000707402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bf389a753162ca2023-02-07 15:15:35.847root 11241100x8000000000000000707401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad13b3b40366891d2023-02-07 15:15:35.847root 11241100x8000000000000000707400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2170fa5868de882023-02-07 15:15:35.847root 11241100x8000000000000000707399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4361d1ad9323792023-02-07 15:15:35.847root 11241100x8000000000000000707398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082c9a9f6151abd22023-02-07 15:15:35.847root 11241100x8000000000000000707397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03f3b02503291502023-02-07 15:15:35.847root 11241100x8000000000000000707396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44cd4662219f6b2023-02-07 15:15:35.847root 11241100x8000000000000000707395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b329d686af99203d2023-02-07 15:15:35.847root 11241100x8000000000000000707416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15bd7610ef789742023-02-07 15:15:35.848root 11241100x8000000000000000707415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb219ac7433c01d2023-02-07 15:15:35.848root 11241100x8000000000000000707414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5663375c6d5368b2023-02-07 15:15:35.848root 11241100x8000000000000000707413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160897ca23af687f2023-02-07 15:15:35.848root 11241100x8000000000000000707412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cad7ee257d9b30f2023-02-07 15:15:35.848root 11241100x8000000000000000707411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9048fcf6642d62b02023-02-07 15:15:35.848root 11241100x8000000000000000707410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4b27bddd9b92952023-02-07 15:15:35.848root 11241100x8000000000000000707409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed41b54781b11b792023-02-07 15:15:35.848root 11241100x8000000000000000707408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c71aaa34870c5bd2023-02-07 15:15:35.848root 11241100x8000000000000000707425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e235f6e0ad529a552023-02-07 15:15:35.849root 11241100x8000000000000000707424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84dbed8dadf26312023-02-07 15:15:35.849root 11241100x8000000000000000707423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bf691b9b6b61ef2023-02-07 15:15:35.849root 11241100x8000000000000000707422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1978d8ce96f3e5a32023-02-07 15:15:35.849root 11241100x8000000000000000707421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6943e0c7956791bc2023-02-07 15:15:35.849root 11241100x8000000000000000707420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90468dea0b43b1cc2023-02-07 15:15:35.849root 11241100x8000000000000000707419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee05e897757206342023-02-07 15:15:35.849root 11241100x8000000000000000707418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a97dbf0eadf02962023-02-07 15:15:35.849root 11241100x8000000000000000707417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ebadc99c284d882023-02-07 15:15:35.849root 11241100x8000000000000000707435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b63dd5e4388f0d12023-02-07 15:15:35.850root 11241100x8000000000000000707434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649ef59e842a5d602023-02-07 15:15:35.850root 11241100x8000000000000000707433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06c0f689fa0e6f12023-02-07 15:15:35.850root 11241100x8000000000000000707432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e972cadf7e02b12023-02-07 15:15:35.850root 11241100x8000000000000000707431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45b7a361a86045e2023-02-07 15:15:35.850root 11241100x8000000000000000707430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b096c6d67f82c52023-02-07 15:15:35.850root 11241100x8000000000000000707429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f579e5b23ad9cb62023-02-07 15:15:35.850root 11241100x8000000000000000707428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afaf73c678f81832023-02-07 15:15:35.850root 11241100x8000000000000000707427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2150c3cb4554552023-02-07 15:15:35.850root 11241100x8000000000000000707426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:35.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc280a3c980f29092023-02-07 15:15:35.850root 11241100x8000000000000000707436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038b31fae3061c3f2023-02-07 15:15:36.345root 11241100x8000000000000000707447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a51c0c4793539602023-02-07 15:15:36.346root 11241100x8000000000000000707446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e34b045faaeb762023-02-07 15:15:36.346root 11241100x8000000000000000707445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b2cc1ab3c9339d2023-02-07 15:15:36.346root 11241100x8000000000000000707444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74619863a1a9b022023-02-07 15:15:36.346root 11241100x8000000000000000707443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb626554c2c2529e2023-02-07 15:15:36.346root 11241100x8000000000000000707442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d50b8ae53ac2d52023-02-07 15:15:36.346root 11241100x8000000000000000707441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257796ae169064c72023-02-07 15:15:36.346root 11241100x8000000000000000707440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb459e8a1312c982023-02-07 15:15:36.346root 11241100x8000000000000000707439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd646f93328457f2023-02-07 15:15:36.346root 11241100x8000000000000000707438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaad12fdd7d0001d2023-02-07 15:15:36.346root 11241100x8000000000000000707437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24744646a7a4bc532023-02-07 15:15:36.346root 11241100x8000000000000000707462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6960bbac6c3742192023-02-07 15:15:36.347root 11241100x8000000000000000707461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37033fdf8c7aa4b12023-02-07 15:15:36.347root 11241100x8000000000000000707460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080f00e2443fcd862023-02-07 15:15:36.347root 11241100x8000000000000000707459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3631bc444037a92023-02-07 15:15:36.347root 11241100x8000000000000000707458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8929fe5158ce1cc42023-02-07 15:15:36.347root 11241100x8000000000000000707457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031e73df0171ac332023-02-07 15:15:36.347root 11241100x8000000000000000707456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714c150896849dbe2023-02-07 15:15:36.347root 11241100x8000000000000000707455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6851b1b75de5292023-02-07 15:15:36.347root 11241100x8000000000000000707454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d359bece140d08ad2023-02-07 15:15:36.347root 11241100x8000000000000000707453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f654520def0f6232023-02-07 15:15:36.347root 11241100x8000000000000000707452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7006b2ac45f5bf2023-02-07 15:15:36.347root 11241100x8000000000000000707451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439e9f003382a0d62023-02-07 15:15:36.347root 11241100x8000000000000000707450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1639d6e56e026292023-02-07 15:15:36.347root 11241100x8000000000000000707449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d406016bde249402023-02-07 15:15:36.347root 11241100x8000000000000000707448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c2d91858250bd52023-02-07 15:15:36.347root 11241100x8000000000000000707478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffb0eaa801815492023-02-07 15:15:36.348root 11241100x8000000000000000707477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ae27f09a92077f2023-02-07 15:15:36.348root 11241100x8000000000000000707476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82ac7864cdf46b42023-02-07 15:15:36.348root 11241100x8000000000000000707475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee469458e1b056762023-02-07 15:15:36.348root 11241100x8000000000000000707474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff252655a1bed692023-02-07 15:15:36.348root 11241100x8000000000000000707473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfcffa79213ef4a2023-02-07 15:15:36.348root 11241100x8000000000000000707472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b516eddcd919d72023-02-07 15:15:36.348root 11241100x8000000000000000707471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0c38e4ba87e9412023-02-07 15:15:36.348root 11241100x8000000000000000707470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e657ef3be1b81a2023-02-07 15:15:36.348root 11241100x8000000000000000707469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e93a124fd6014fb2023-02-07 15:15:36.348root 11241100x8000000000000000707468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60338f2fe3e0c6a02023-02-07 15:15:36.348root 11241100x8000000000000000707467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fd62f6347f7d4b2023-02-07 15:15:36.348root 11241100x8000000000000000707466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde32225224944e02023-02-07 15:15:36.348root 11241100x8000000000000000707465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0115497ad837eabd2023-02-07 15:15:36.348root 11241100x8000000000000000707464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30953b6a6cad64fd2023-02-07 15:15:36.348root 11241100x8000000000000000707463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0855590759231b022023-02-07 15:15:36.348root 11241100x8000000000000000707484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa086ab8f223de12023-02-07 15:15:36.845root 11241100x8000000000000000707483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe659a3d71fb632023-02-07 15:15:36.845root 11241100x8000000000000000707482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06894ba129ceabdb2023-02-07 15:15:36.845root 11241100x8000000000000000707481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580ef6e369067e5c2023-02-07 15:15:36.845root 11241100x8000000000000000707480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f6fc5ecebd4c8f2023-02-07 15:15:36.845root 11241100x8000000000000000707479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3194f98e538722922023-02-07 15:15:36.845root 11241100x8000000000000000707497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5c3fb3aae270742023-02-07 15:15:36.846root 11241100x8000000000000000707496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a52eca6564d44c2023-02-07 15:15:36.846root 11241100x8000000000000000707495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2830822911cb4bb52023-02-07 15:15:36.846root 11241100x8000000000000000707494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9586b15225e97aad2023-02-07 15:15:36.846root 11241100x8000000000000000707493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f3b87331e82d8f2023-02-07 15:15:36.846root 11241100x8000000000000000707492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e5b9235117cf262023-02-07 15:15:36.846root 11241100x8000000000000000707491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847675624717f7e52023-02-07 15:15:36.846root 11241100x8000000000000000707490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1009ede7a87c4e462023-02-07 15:15:36.846root 11241100x8000000000000000707489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6072f7ee02f6bd422023-02-07 15:15:36.846root 11241100x8000000000000000707488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755cf4666f8557912023-02-07 15:15:36.846root 11241100x8000000000000000707487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b623bd1745dd73db2023-02-07 15:15:36.846root 11241100x8000000000000000707486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b123ff7e7b2bf4222023-02-07 15:15:36.846root 11241100x8000000000000000707485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9067498e5e411d472023-02-07 15:15:36.846root 11241100x8000000000000000707512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be184a68b79b77b2023-02-07 15:15:36.847root 11241100x8000000000000000707511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4143533a8278947e2023-02-07 15:15:36.847root 11241100x8000000000000000707510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceacbe57da9cf082023-02-07 15:15:36.847root 11241100x8000000000000000707509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b22615d47aef402023-02-07 15:15:36.847root 11241100x8000000000000000707508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8426510cc46ad7dc2023-02-07 15:15:36.847root 11241100x8000000000000000707507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e3efa1bb5d736b2023-02-07 15:15:36.847root 11241100x8000000000000000707506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ecc4a2621273192023-02-07 15:15:36.847root 11241100x8000000000000000707505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60a92554c0009412023-02-07 15:15:36.847root 11241100x8000000000000000707504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00c0186af3e84a52023-02-07 15:15:36.847root 11241100x8000000000000000707503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170b275d04259c8a2023-02-07 15:15:36.847root 11241100x8000000000000000707502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b3e0a256466f1f2023-02-07 15:15:36.847root 11241100x8000000000000000707501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2fc5f539aa277b2023-02-07 15:15:36.847root 11241100x8000000000000000707500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2e1766f35059692023-02-07 15:15:36.847root 11241100x8000000000000000707499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be05183a5dda34142023-02-07 15:15:36.847root 11241100x8000000000000000707498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dc8e8e346c75532023-02-07 15:15:36.847root 11241100x8000000000000000707527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1ce2b3faf29ea52023-02-07 15:15:36.848root 11241100x8000000000000000707526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4a1b5b8851a6742023-02-07 15:15:36.848root 11241100x8000000000000000707525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912279faae12c80f2023-02-07 15:15:36.848root 11241100x8000000000000000707524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1e62bb17875ebe2023-02-07 15:15:36.848root 11241100x8000000000000000707523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdcf52e764019ac2023-02-07 15:15:36.848root 11241100x8000000000000000707522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee845bdc03aa7632023-02-07 15:15:36.848root 11241100x8000000000000000707521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce46276b9295b6f2023-02-07 15:15:36.848root 11241100x8000000000000000707520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2071bfe9ab53632023-02-07 15:15:36.848root 11241100x8000000000000000707519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2cdb25372c6fcb2023-02-07 15:15:36.848root 11241100x8000000000000000707518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c860e5a793a1da1c2023-02-07 15:15:36.848root 11241100x8000000000000000707517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab04aba4a12dd4382023-02-07 15:15:36.848root 11241100x8000000000000000707516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac9a17e615035cd2023-02-07 15:15:36.848root 11241100x8000000000000000707515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf2a1dd561d5cb2023-02-07 15:15:36.848root 11241100x8000000000000000707514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3faef45c2973bb72023-02-07 15:15:36.848root 11241100x8000000000000000707513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1e0b12b3db99102023-02-07 15:15:36.848root 11241100x8000000000000000707529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22f9b47556fbee22023-02-07 15:15:36.849root 11241100x8000000000000000707528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:36.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9078b5c6cfb7c52023-02-07 15:15:36.849root 354300x8000000000000000707530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.037{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45958-false10.0.1.12-8000- 11241100x8000000000000000707534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e53e84f70834512023-02-07 15:15:37.345root 11241100x8000000000000000707533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe017e007757c3f2023-02-07 15:15:37.345root 11241100x8000000000000000707532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7555a46148368d52023-02-07 15:15:37.345root 11241100x8000000000000000707531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c9de9e59aae1672023-02-07 15:15:37.345root 11241100x8000000000000000707547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4bd1b8a56a6bbf2023-02-07 15:15:37.346root 11241100x8000000000000000707546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee18f9ce311d0392023-02-07 15:15:37.346root 11241100x8000000000000000707545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c76b2790483c3d42023-02-07 15:15:37.346root 11241100x8000000000000000707544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0adff73c4aa7892023-02-07 15:15:37.346root 11241100x8000000000000000707543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8699adb12bccb9772023-02-07 15:15:37.346root 11241100x8000000000000000707542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f2846bd29c124b2023-02-07 15:15:37.346root 11241100x8000000000000000707541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3152fc88c703f12023-02-07 15:15:37.346root 11241100x8000000000000000707540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813a500eda2629882023-02-07 15:15:37.346root 11241100x8000000000000000707539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b740ac680eb5d3032023-02-07 15:15:37.346root 11241100x8000000000000000707538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c2675100737e52023-02-07 15:15:37.346root 11241100x8000000000000000707537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359b7ef44c53e5792023-02-07 15:15:37.346root 11241100x8000000000000000707536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eb8a0bb675980e2023-02-07 15:15:37.346root 11241100x8000000000000000707535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249c1fe7e018b49e2023-02-07 15:15:37.346root 11241100x8000000000000000707560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6baed851cb691d2023-02-07 15:15:37.347root 11241100x8000000000000000707559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f94152ddba7a3c2023-02-07 15:15:37.347root 11241100x8000000000000000707558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2252356392ccdd232023-02-07 15:15:37.347root 11241100x8000000000000000707557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5740683eb8cbd182023-02-07 15:15:37.347root 11241100x8000000000000000707556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e78ada7a7a3b092023-02-07 15:15:37.347root 11241100x8000000000000000707555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba2ba70a195b5cc2023-02-07 15:15:37.347root 11241100x8000000000000000707554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baba0efc22c3f2f2023-02-07 15:15:37.347root 11241100x8000000000000000707553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fb4da37a443a582023-02-07 15:15:37.347root 11241100x8000000000000000707552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473446b0ade2cd4f2023-02-07 15:15:37.347root 11241100x8000000000000000707551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e297081ca6b83ba2023-02-07 15:15:37.347root 11241100x8000000000000000707550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93196aa1ca9e13d12023-02-07 15:15:37.347root 11241100x8000000000000000707549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816004aedc053a432023-02-07 15:15:37.347root 11241100x8000000000000000707548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e61b4a1bdf601f2023-02-07 15:15:37.347root 354300x8000000000000000707597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:48.029{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60942-false10.0.1.12-8000- 11241100x8000000000000000707598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d5e6a074941e622023-02-07 15:15:48.345root 11241100x8000000000000000707599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a83be863b3905452023-02-07 15:15:48.845root 11241100x8000000000000000707600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b81eefa19b0921f2023-02-07 15:15:49.345root 11241100x8000000000000000707601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459d27ac32ebac252023-02-07 15:15:49.845root 11241100x8000000000000000707602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425c2ae068ed78c2023-02-07 15:15:50.345root 11241100x8000000000000000707603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:50.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c6b7bade597cc82023-02-07 15:15:50.845root 11241100x8000000000000000707604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:51.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2e25c5bbd698b82023-02-07 15:15:51.345root 11241100x8000000000000000707605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:51.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fee03b9377bbc7c2023-02-07 15:15:51.845root 11241100x8000000000000000707606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1800d196cef02ba42023-02-07 15:15:52.345root 11241100x8000000000000000707607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f71a4279943b5c2023-02-07 15:15:52.845root 11241100x8000000000000000707609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:53.229{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1fbefe3f32c0e72023-02-07 15:15:53.229root 354300x8000000000000000707608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:53.229{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60958-false10.0.1.12-8000- 11241100x8000000000000000707611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ca5503fc947bf82023-02-07 15:15:53.595root 11241100x8000000000000000707610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2479aaa463f2b602023-02-07 15:15:53.595root 11241100x8000000000000000707613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb56984dac6662982023-02-07 15:15:54.096root 11241100x8000000000000000707612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1396ec4b5f6023022023-02-07 15:15:54.096root 154100x8000000000000000707614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.235{ec244aba-6b2a-63e2-6894-86725f550000}6108/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000707615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.250{ec244aba-6b2a-63e2-6894-86725f550000}6108/bin/psroot 11241100x8000000000000000707619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeb808890c10dfe2023-02-07 15:15:54.595root 11241100x8000000000000000707618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741e480cd07141cd2023-02-07 15:15:54.595root 11241100x8000000000000000707617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ceffdfb1d4f5212023-02-07 15:15:54.595root 11241100x8000000000000000707616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0599e4bb3b5dba2023-02-07 15:15:54.595root 11241100x8000000000000000707620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:54.729{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:15:54.729root 11241100x8000000000000000707624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b19374bf12373232023-02-07 15:15:55.095root 11241100x8000000000000000707623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89eeccaf6baaa5d2023-02-07 15:15:55.095root 11241100x8000000000000000707622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84556f609b9f0802023-02-07 15:15:55.095root 11241100x8000000000000000707621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e899aad1b48a702023-02-07 15:15:55.095root 11241100x8000000000000000707625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c1c2a2f26bd7b62023-02-07 15:15:55.096root 11241100x8000000000000000707629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b01f1ec0d649b32023-02-07 15:15:55.595root 11241100x8000000000000000707628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8c40bd0992c13f2023-02-07 15:15:55.595root 11241100x8000000000000000707627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52648e0d66782ad72023-02-07 15:15:55.595root 11241100x8000000000000000707626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871dfb1cd3240ffd2023-02-07 15:15:55.595root 11241100x8000000000000000707630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21475f1764814f682023-02-07 15:15:55.596root 11241100x8000000000000000707635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25990184d0fd78b12023-02-07 15:15:56.095root 11241100x8000000000000000707634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b889f79567056f62023-02-07 15:15:56.095root 11241100x8000000000000000707633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e043d8607d9a7bbd2023-02-07 15:15:56.095root 11241100x8000000000000000707632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571c3711715de1c12023-02-07 15:15:56.095root 11241100x8000000000000000707631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36b979d8e0903492023-02-07 15:15:56.095root 11241100x8000000000000000707640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3755c92f62322c32023-02-07 15:15:56.595root 11241100x8000000000000000707639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8298b35d17c5862023-02-07 15:15:56.595root 11241100x8000000000000000707638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605cd599a77392f22023-02-07 15:15:56.595root 11241100x8000000000000000707637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1e02aab1370c0d2023-02-07 15:15:56.595root 11241100x8000000000000000707636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f71cae01b0384e2023-02-07 15:15:56.595root 11241100x8000000000000000707645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e65f655f99b33782023-02-07 15:15:57.095root 11241100x8000000000000000707644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af8c2a7daee0edc2023-02-07 15:15:57.095root 11241100x8000000000000000707643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706725ef43f5d1522023-02-07 15:15:57.095root 11241100x8000000000000000707642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68946ad4b3442c72023-02-07 15:15:57.095root 11241100x8000000000000000707641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3c835f045836942023-02-07 15:15:57.095root 11241100x8000000000000000707650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7565af0e521f61692023-02-07 15:15:57.595root 11241100x8000000000000000707649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067b94cb5e2c8632023-02-07 15:15:57.595root 11241100x8000000000000000707648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca470beee704b9802023-02-07 15:15:57.595root 11241100x8000000000000000707647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef31ff4e758e2db2023-02-07 15:15:57.595root 11241100x8000000000000000707646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28be57c34b2329b2023-02-07 15:15:57.595root 23542300x8000000000000000707651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:57.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000707654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ade39a6b28b5a1d2023-02-07 15:15:58.095root 11241100x8000000000000000707653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff4b261ce8510782023-02-07 15:15:58.095root 11241100x8000000000000000707652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8051818902ecd3072023-02-07 15:15:58.095root 11241100x8000000000000000707657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d51bbc172b3b06d2023-02-07 15:15:58.096root 11241100x8000000000000000707656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7472f5c5f503188c2023-02-07 15:15:58.096root 11241100x8000000000000000707655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584aaae664ae691f2023-02-07 15:15:58.096root 354300x8000000000000000707658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.239{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50608-false10.0.1.12-8000- 11241100x8000000000000000707664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb3a6417bc4c55a2023-02-07 15:15:58.595root 11241100x8000000000000000707663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1cfad982c78f192023-02-07 15:15:58.595root 11241100x8000000000000000707662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80037c2fa11cff62023-02-07 15:15:58.595root 11241100x8000000000000000707661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe323b550b7a9032023-02-07 15:15:58.595root 11241100x8000000000000000707660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fb8ae4a0666ea82023-02-07 15:15:58.595root 11241100x8000000000000000707659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee3063a034043bd2023-02-07 15:15:58.595root 11241100x8000000000000000707665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cbc524b0291a4e2023-02-07 15:15:58.596root 11241100x8000000000000000707672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e6b119bacce2812023-02-07 15:15:59.096root 11241100x8000000000000000707671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ef7df698a5eaa02023-02-07 15:15:59.096root 11241100x8000000000000000707670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cf9d9f7b44a0b52023-02-07 15:15:59.096root 11241100x8000000000000000707669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcb37a6af9ec9192023-02-07 15:15:59.096root 11241100x8000000000000000707668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3851d70ce0acb92023-02-07 15:15:59.096root 11241100x8000000000000000707667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895b239deb62e9122023-02-07 15:15:59.096root 11241100x8000000000000000707666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f06e0689b47b1a62023-02-07 15:15:59.096root 11241100x8000000000000000707678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0975669186c891032023-02-07 15:15:59.595root 11241100x8000000000000000707677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7663c7bd173351e82023-02-07 15:15:59.595root 11241100x8000000000000000707676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59196edc847736b62023-02-07 15:15:59.595root 11241100x8000000000000000707675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5b27af35f853d02023-02-07 15:15:59.595root 11241100x8000000000000000707674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5ad42de7c708992023-02-07 15:15:59.595root 11241100x8000000000000000707673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b01b57f29d92c5d2023-02-07 15:15:59.595root 11241100x8000000000000000707679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:15:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983ede45beea792f2023-02-07 15:15:59.596root 11241100x8000000000000000707685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff450016eff7d5e2023-02-07 15:16:00.095root 11241100x8000000000000000707684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fbd1e1b52850ce2023-02-07 15:16:00.095root 11241100x8000000000000000707683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a849764abc78102023-02-07 15:16:00.095root 11241100x8000000000000000707682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a617eaa240c905242023-02-07 15:16:00.095root 11241100x8000000000000000707681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ba7c187d5551d2023-02-07 15:16:00.095root 11241100x8000000000000000707680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edd55c7f9b9534a2023-02-07 15:16:00.095root 11241100x8000000000000000707686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aae8350cb965dd22023-02-07 15:16:00.096root 11241100x8000000000000000707692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d181821ce110e4f72023-02-07 15:16:00.595root 11241100x8000000000000000707691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ad3cfa0b15723a2023-02-07 15:16:00.595root 11241100x8000000000000000707690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ad6d1c126e3e572023-02-07 15:16:00.595root 11241100x8000000000000000707689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a9e2089a97cbb42023-02-07 15:16:00.595root 11241100x8000000000000000707688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2a0adef6adab432023-02-07 15:16:00.595root 11241100x8000000000000000707687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea813aa71b24b902023-02-07 15:16:00.595root 11241100x8000000000000000707693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725492d0dedc86172023-02-07 15:16:00.596root 11241100x8000000000000000707696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd167e841bbee95b2023-02-07 15:16:01.095root 11241100x8000000000000000707695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac58d674372cf6a2023-02-07 15:16:01.095root 11241100x8000000000000000707694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ce7de98fb196d42023-02-07 15:16:01.095root 11241100x8000000000000000707700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0759ba7008ca795b2023-02-07 15:16:01.096root 11241100x8000000000000000707699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f680e5fe08758e5a2023-02-07 15:16:01.096root 11241100x8000000000000000707698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f7090d4a0cfd2c2023-02-07 15:16:01.096root 11241100x8000000000000000707697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66ee3faeacc6cb52023-02-07 15:16:01.096root 11241100x8000000000000000707703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cf847815b969612023-02-07 15:16:01.595root 11241100x8000000000000000707702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f91000916012db2023-02-07 15:16:01.595root 11241100x8000000000000000707701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4070ae762de8614d2023-02-07 15:16:01.595root 11241100x8000000000000000707707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f77f559d97a20d92023-02-07 15:16:01.596root 11241100x8000000000000000707706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29323d14cdad6c632023-02-07 15:16:01.596root 11241100x8000000000000000707705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578fe614b98739e12023-02-07 15:16:01.596root 11241100x8000000000000000707704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e87abbaa705dfac2023-02-07 15:16:01.596root 11241100x8000000000000000707712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cffa63eed000442023-02-07 15:16:02.095root 11241100x8000000000000000707711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0dad3aa870ba262023-02-07 15:16:02.095root 11241100x8000000000000000707710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287a17826c3c140b2023-02-07 15:16:02.095root 11241100x8000000000000000707709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f596be697f8d35ba2023-02-07 15:16:02.095root 11241100x8000000000000000707708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac72f49d74a015e2023-02-07 15:16:02.095root 11241100x8000000000000000707714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0f8950300482552023-02-07 15:16:02.096root 11241100x8000000000000000707713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61774605fb0bc2c2023-02-07 15:16:02.096root 11241100x8000000000000000707716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8193e17134f362e2023-02-07 15:16:02.595root 11241100x8000000000000000707715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0ff51dcd6283502023-02-07 15:16:02.595root 11241100x8000000000000000707721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081df603ce137c8b2023-02-07 15:16:02.596root 11241100x8000000000000000707720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea404dfa679ccb052023-02-07 15:16:02.596root 11241100x8000000000000000707719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceb1ffaf9698bb42023-02-07 15:16:02.596root 11241100x8000000000000000707718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126372f76bd7230f2023-02-07 15:16:02.596root 11241100x8000000000000000707717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b99c86f4fb15d52023-02-07 15:16:02.596root 11241100x8000000000000000707725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af2a1ebb81e40b72023-02-07 15:16:03.095root 11241100x8000000000000000707724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209db9153122ad9c2023-02-07 15:16:03.095root 11241100x8000000000000000707723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894ffc0e9ab93f9d2023-02-07 15:16:03.095root 11241100x8000000000000000707722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625a6067f95693872023-02-07 15:16:03.095root 11241100x8000000000000000707728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcc48c3a9be3a502023-02-07 15:16:03.096root 11241100x8000000000000000707727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645938381d8f48482023-02-07 15:16:03.096root 11241100x8000000000000000707726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368e80a12b9b7daf2023-02-07 15:16:03.096root 11241100x8000000000000000707730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e209e0ac7c2bcfa2023-02-07 15:16:03.595root 11241100x8000000000000000707729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6f6549c1755f842023-02-07 15:16:03.595root 11241100x8000000000000000707735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de06154aed6eb42e2023-02-07 15:16:03.596root 11241100x8000000000000000707734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0254a3f4166d3dbf2023-02-07 15:16:03.596root 11241100x8000000000000000707733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9624a71606521082023-02-07 15:16:03.596root 11241100x8000000000000000707732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7f0c1f89c35e0a2023-02-07 15:16:03.596root 11241100x8000000000000000707731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b75882d24cb42a2023-02-07 15:16:03.596root 11241100x8000000000000000707740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884e60af9c6793522023-02-07 15:16:04.095root 11241100x8000000000000000707739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a9815e85479bcd2023-02-07 15:16:04.095root 11241100x8000000000000000707738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e1ce534d7f76b62023-02-07 15:16:04.095root 11241100x8000000000000000707737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716e9c292274cde2023-02-07 15:16:04.095root 11241100x8000000000000000707736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f88317eba1f9ab2023-02-07 15:16:04.095root 11241100x8000000000000000707742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594235e9287ce7142023-02-07 15:16:04.096root 11241100x8000000000000000707741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54200e248bd5355e2023-02-07 15:16:04.096root 354300x8000000000000000707743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.220{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50618-false10.0.1.12-8000- 11241100x8000000000000000707748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99ad1b41fa7d2792023-02-07 15:16:04.595root 11241100x8000000000000000707747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e5aca8572f0ffc2023-02-07 15:16:04.595root 11241100x8000000000000000707746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793f2e017822e0b12023-02-07 15:16:04.595root 11241100x8000000000000000707745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a50a3f51689cae2023-02-07 15:16:04.595root 11241100x8000000000000000707744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47481b3a459c8e722023-02-07 15:16:04.595root 11241100x8000000000000000707751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f2592efbb6064b2023-02-07 15:16:04.596root 11241100x8000000000000000707750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55521b3bde76429d2023-02-07 15:16:04.596root 11241100x8000000000000000707749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e12fd80891f89632023-02-07 15:16:04.596root 11241100x8000000000000000707756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdd950c4de249742023-02-07 15:16:05.095root 11241100x8000000000000000707755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ebf1d51417d33a2023-02-07 15:16:05.095root 11241100x8000000000000000707754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e4df029d8c42e2023-02-07 15:16:05.095root 11241100x8000000000000000707753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf1596edf4df5d22023-02-07 15:16:05.095root 11241100x8000000000000000707752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9078af379413a952023-02-07 15:16:05.095root 11241100x8000000000000000707759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fce183f802486d92023-02-07 15:16:05.096root 11241100x8000000000000000707758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04e2c4c43d095062023-02-07 15:16:05.096root 11241100x8000000000000000707757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137fabf306c1cf132023-02-07 15:16:05.096root 11241100x8000000000000000707764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f753c10d6abe5d2023-02-07 15:16:05.595root 11241100x8000000000000000707763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd17e3a5ccde55d2023-02-07 15:16:05.595root 11241100x8000000000000000707762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6312d90fe4d2fcc82023-02-07 15:16:05.595root 11241100x8000000000000000707761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005982394ed7163d2023-02-07 15:16:05.595root 11241100x8000000000000000707760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb9bb0b1bebf7012023-02-07 15:16:05.595root 11241100x8000000000000000707767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc96ee01c4f9e602023-02-07 15:16:05.596root 11241100x8000000000000000707766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1226cb0c2faef4492023-02-07 15:16:05.596root 11241100x8000000000000000707765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c145553d4d5e942023-02-07 15:16:05.596root 11241100x8000000000000000707772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc3563288e4def42023-02-07 15:16:06.095root 11241100x8000000000000000707771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db181f52025d7fe32023-02-07 15:16:06.095root 11241100x8000000000000000707770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0d99288271cb082023-02-07 15:16:06.095root 11241100x8000000000000000707769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9507fe7bb080042023-02-07 15:16:06.095root 11241100x8000000000000000707768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd2a01dbadc9ba12023-02-07 15:16:06.095root 11241100x8000000000000000707775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9724b3fe8d5c06fa2023-02-07 15:16:06.096root 11241100x8000000000000000707774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85151c8d7af08fe62023-02-07 15:16:06.096root 11241100x8000000000000000707773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6681ac2c5dfaad5d2023-02-07 15:16:06.096root 11241100x8000000000000000707780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2826013a61f0292a2023-02-07 15:16:06.595root 11241100x8000000000000000707779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcef06736b5d3bd02023-02-07 15:16:06.595root 11241100x8000000000000000707778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bef34f2827b4c2a2023-02-07 15:16:06.595root 11241100x8000000000000000707777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25e01c42b8c3fe22023-02-07 15:16:06.595root 11241100x8000000000000000707776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1476340fdef6392023-02-07 15:16:06.595root 11241100x8000000000000000707783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20a514ca17c15442023-02-07 15:16:06.596root 11241100x8000000000000000707782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ddce9374fd2c472023-02-07 15:16:06.596root 11241100x8000000000000000707781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5019376fee17ac822023-02-07 15:16:06.596root 11241100x8000000000000000707785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efc787e608030ba2023-02-07 15:16:07.095root 11241100x8000000000000000707784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b1ae74cf882ce72023-02-07 15:16:07.095root 11241100x8000000000000000707791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e41d7b7931d61c2023-02-07 15:16:07.096root 11241100x8000000000000000707790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2594771328e5a93c2023-02-07 15:16:07.096root 11241100x8000000000000000707789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8194716acc9bbed2023-02-07 15:16:07.096root 11241100x8000000000000000707788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a95925784e54322023-02-07 15:16:07.096root 11241100x8000000000000000707787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d167557d83b04b982023-02-07 15:16:07.096root 11241100x8000000000000000707786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2142eb436a3d5eaa2023-02-07 15:16:07.096root 11241100x8000000000000000707795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e9338321c6c61f2023-02-07 15:16:07.595root 11241100x8000000000000000707794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8018f21a96f6a3352023-02-07 15:16:07.595root 11241100x8000000000000000707793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532425cf494fc4b92023-02-07 15:16:07.595root 11241100x8000000000000000707792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab596a5b698cf6dc2023-02-07 15:16:07.595root 11241100x8000000000000000707799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d08828cde229f72023-02-07 15:16:07.596root 11241100x8000000000000000707798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b964f0c442fc5392023-02-07 15:16:07.596root 11241100x8000000000000000707797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b090145c9312012023-02-07 15:16:07.596root 11241100x8000000000000000707796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ace42dbbbc9681d2023-02-07 15:16:07.596root 11241100x8000000000000000707805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e370deb245440b72023-02-07 15:16:08.095root 11241100x8000000000000000707804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99984cf6f2e82e12023-02-07 15:16:08.095root 11241100x8000000000000000707803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67addb5aaf33f092023-02-07 15:16:08.095root 11241100x8000000000000000707802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d10ec3a0c654d02023-02-07 15:16:08.095root 11241100x8000000000000000707801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b559bba760b502023-02-07 15:16:08.095root 11241100x8000000000000000707800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae84056d335be462023-02-07 15:16:08.095root 11241100x8000000000000000707807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1046da4e914f2d022023-02-07 15:16:08.096root 11241100x8000000000000000707806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c911b385ff76042023-02-07 15:16:08.096root 11241100x8000000000000000707813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f21bc7b8f1c62c82023-02-07 15:16:08.595root 11241100x8000000000000000707812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c98aee64a30b432023-02-07 15:16:08.595root 11241100x8000000000000000707811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ab161750c934222023-02-07 15:16:08.595root 11241100x8000000000000000707810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7835d19b5a1936322023-02-07 15:16:08.595root 11241100x8000000000000000707809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16165dfc33e65db72023-02-07 15:16:08.595root 11241100x8000000000000000707808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285baa92b8717ad22023-02-07 15:16:08.595root 11241100x8000000000000000707815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149daa9c6b0e380e2023-02-07 15:16:08.596root 11241100x8000000000000000707814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86bb76659a3311e2023-02-07 15:16:08.596root 11241100x8000000000000000707820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5185a8f8faa1e952023-02-07 15:16:09.095root 11241100x8000000000000000707819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b0b0e1586be8462023-02-07 15:16:09.095root 11241100x8000000000000000707818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796cf83ac3de80c02023-02-07 15:16:09.095root 11241100x8000000000000000707817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba452be434c8495f2023-02-07 15:16:09.095root 11241100x8000000000000000707816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbad1dbfc3157182023-02-07 15:16:09.095root 11241100x8000000000000000707823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599e834e794f4b602023-02-07 15:16:09.096root 11241100x8000000000000000707822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eec62e22446079d2023-02-07 15:16:09.096root 11241100x8000000000000000707821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66bc1a10e069d32023-02-07 15:16:09.096root 11241100x8000000000000000707826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb6fcc850d8f392023-02-07 15:16:09.595root 11241100x8000000000000000707825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdcbf0b9aadaf492023-02-07 15:16:09.595root 11241100x8000000000000000707824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047c6853704b9c7b2023-02-07 15:16:09.595root 11241100x8000000000000000707831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6882300d118afef2023-02-07 15:16:09.596root 11241100x8000000000000000707830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384b02d048c411dd2023-02-07 15:16:09.596root 11241100x8000000000000000707829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842f117e83a0bd52023-02-07 15:16:09.596root 11241100x8000000000000000707828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90833fef8c87a3a22023-02-07 15:16:09.596root 11241100x8000000000000000707827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4eaa6afc1562dd2023-02-07 15:16:09.596root 11241100x8000000000000000707836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bbe4a6a9f36d722023-02-07 15:16:10.095root 11241100x8000000000000000707835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd35a4dd56d9f78f2023-02-07 15:16:10.095root 11241100x8000000000000000707834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc165a95fbbd72b2023-02-07 15:16:10.095root 11241100x8000000000000000707833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1227e860d48f1c2023-02-07 15:16:10.095root 11241100x8000000000000000707832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c11104cd185822023-02-07 15:16:10.095root 11241100x8000000000000000707839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e65aebe1333aa62023-02-07 15:16:10.096root 11241100x8000000000000000707838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d1d9c70ae6e9fb2023-02-07 15:16:10.096root 11241100x8000000000000000707837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae8973c362bc102023-02-07 15:16:10.096root 354300x8000000000000000707840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.162{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38522-false10.0.1.12-8000- 11241100x8000000000000000707843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0762af8731a991f2023-02-07 15:16:10.595root 11241100x8000000000000000707842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d6c005482b6a2b2023-02-07 15:16:10.595root 11241100x8000000000000000707841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd8ad2cb28f05f62023-02-07 15:16:10.595root 11241100x8000000000000000707848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbd96b2aaaf1e0f2023-02-07 15:16:10.596root 11241100x8000000000000000707847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b4f424ba5728b32023-02-07 15:16:10.596root 11241100x8000000000000000707846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0ceacf1d548ffb2023-02-07 15:16:10.596root 11241100x8000000000000000707845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4566d3800cba22112023-02-07 15:16:10.596root 11241100x8000000000000000707844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf5502d6c63d0cf2023-02-07 15:16:10.596root 11241100x8000000000000000707849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574975a3cc2fbef82023-02-07 15:16:10.597root 11241100x8000000000000000707853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a62a7eb307e8fa2023-02-07 15:16:11.095root 11241100x8000000000000000707852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2a0d77560d37082023-02-07 15:16:11.095root 11241100x8000000000000000707851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28155bce10092eb92023-02-07 15:16:11.095root 11241100x8000000000000000707850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2936b5007e1b0b2023-02-07 15:16:11.095root 11241100x8000000000000000707858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c92a0985c8d4e6f2023-02-07 15:16:11.096root 11241100x8000000000000000707857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d4e72adc48537c2023-02-07 15:16:11.096root 11241100x8000000000000000707856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6abc611e92cdcd02023-02-07 15:16:11.096root 11241100x8000000000000000707855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09657bf3c4afc09c2023-02-07 15:16:11.096root 11241100x8000000000000000707854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9660e01482da64582023-02-07 15:16:11.096root 11241100x8000000000000000707863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d42097173ad16232023-02-07 15:16:11.595root 11241100x8000000000000000707862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0aa26c9d81ed252023-02-07 15:16:11.595root 11241100x8000000000000000707861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d32f6fffb531f8f2023-02-07 15:16:11.595root 11241100x8000000000000000707860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11385e6e24234562023-02-07 15:16:11.595root 11241100x8000000000000000707859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e8e5e9a6f980532023-02-07 15:16:11.595root 11241100x8000000000000000707867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f45ba76f478e6ac2023-02-07 15:16:11.596root 11241100x8000000000000000707866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cae0f6590936692023-02-07 15:16:11.596root 11241100x8000000000000000707865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4907fac3785f2f0f2023-02-07 15:16:11.596root 11241100x8000000000000000707864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bec1f0c8c701dab2023-02-07 15:16:11.596root 11241100x8000000000000000707869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fea936ff4fbf342023-02-07 15:16:12.095root 11241100x8000000000000000707868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae60116ff756432023-02-07 15:16:12.095root 11241100x8000000000000000707876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61ab0024f779a0f2023-02-07 15:16:12.096root 11241100x8000000000000000707875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b31c7feb2893442023-02-07 15:16:12.096root 11241100x8000000000000000707874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e1a2fd81b844a72023-02-07 15:16:12.096root 11241100x8000000000000000707873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e716eb4ea996db652023-02-07 15:16:12.096root 11241100x8000000000000000707872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd7689472caf2f72023-02-07 15:16:12.096root 11241100x8000000000000000707871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f60338374b8c38d2023-02-07 15:16:12.096root 11241100x8000000000000000707870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ef28f4c3086a42023-02-07 15:16:12.096root 11241100x8000000000000000707878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4f56e24876f2762023-02-07 15:16:12.595root 11241100x8000000000000000707877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90a91e8cd5de9262023-02-07 15:16:12.595root 11241100x8000000000000000707884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867017abb7f305b72023-02-07 15:16:12.596root 11241100x8000000000000000707883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e077dacee20ca5542023-02-07 15:16:12.596root 11241100x8000000000000000707882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ce5c300d1e15ac2023-02-07 15:16:12.596root 11241100x8000000000000000707881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc6fe680b77b5e02023-02-07 15:16:12.596root 11241100x8000000000000000707880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83ed02b5b19a0d02023-02-07 15:16:12.596root 11241100x8000000000000000707879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895c6e7fb8e4a15d2023-02-07 15:16:12.596root 11241100x8000000000000000707885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4351a50979f1f40a2023-02-07 15:16:12.597root 11241100x8000000000000000707892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1dee35088a432c2023-02-07 15:16:13.096root 11241100x8000000000000000707891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c27b78dee3847ac2023-02-07 15:16:13.096root 11241100x8000000000000000707890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24fb96c724339512023-02-07 15:16:13.096root 11241100x8000000000000000707889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dcaf382880bfc62023-02-07 15:16:13.096root 11241100x8000000000000000707888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10258618244b892f2023-02-07 15:16:13.096root 11241100x8000000000000000707887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa4f0283e3ba5662023-02-07 15:16:13.096root 11241100x8000000000000000707886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8fdb1d7889670e2023-02-07 15:16:13.096root 11241100x8000000000000000707894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26922eda25df6a4d2023-02-07 15:16:13.097root 11241100x8000000000000000707893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dafb33254406fc42023-02-07 15:16:13.097root 11241100x8000000000000000707899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688da266e39563c02023-02-07 15:16:13.595root 11241100x8000000000000000707898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e7eee4e2fbdd112023-02-07 15:16:13.595root 11241100x8000000000000000707897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb92240c8bebb48e2023-02-07 15:16:13.595root 11241100x8000000000000000707896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3896ca5738cf5a2023-02-07 15:16:13.595root 11241100x8000000000000000707895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498b9929e6e5ce1c2023-02-07 15:16:13.595root 11241100x8000000000000000707903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fc9e653da394cd2023-02-07 15:16:13.596root 11241100x8000000000000000707902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc52aa6c24463acb2023-02-07 15:16:13.596root 11241100x8000000000000000707901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ea71ea7395ba1d2023-02-07 15:16:13.596root 11241100x8000000000000000707900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec7318245f282e12023-02-07 15:16:13.596root 11241100x8000000000000000707906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f46514dd3858c02023-02-07 15:16:14.095root 11241100x8000000000000000707905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec18eac7da1ef8752023-02-07 15:16:14.095root 11241100x8000000000000000707904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ef4e24c785b1b82023-02-07 15:16:14.095root 11241100x8000000000000000707910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fabc0f3179da782023-02-07 15:16:14.096root 11241100x8000000000000000707909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf57f71ce12ae6982023-02-07 15:16:14.096root 11241100x8000000000000000707908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e59bd8ec8e77b492023-02-07 15:16:14.096root 11241100x8000000000000000707907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66e6661245730802023-02-07 15:16:14.096root 11241100x8000000000000000707912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac0bc8f8601bb1d2023-02-07 15:16:14.097root 11241100x8000000000000000707911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80054e360a3be2c32023-02-07 15:16:14.097root 354300x8000000000000000707913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.560{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-38224-false10.0.1.12-8089- 11241100x8000000000000000707923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553fd9b9709fe4b52023-02-07 15:16:14.561root 11241100x8000000000000000707922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133df6cc2edb1d6e2023-02-07 15:16:14.561root 11241100x8000000000000000707921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a587d99275705a2023-02-07 15:16:14.561root 11241100x8000000000000000707920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d6fb161fda3e172023-02-07 15:16:14.561root 11241100x8000000000000000707919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59933da617b3b09b2023-02-07 15:16:14.561root 11241100x8000000000000000707918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f4c6765fc08c722023-02-07 15:16:14.561root 11241100x8000000000000000707917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127ab83d31bc01e82023-02-07 15:16:14.561root 11241100x8000000000000000707916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22499f12ed2a9ca2023-02-07 15:16:14.561root 11241100x8000000000000000707915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758d51b6bf0090ab2023-02-07 15:16:14.561root 11241100x8000000000000000707914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.561{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc76b265ca885782023-02-07 15:16:14.561root 11241100x8000000000000000707926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91e4303d20aa4712023-02-07 15:16:14.845root 11241100x8000000000000000707925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a119c897f272c7482023-02-07 15:16:14.845root 11241100x8000000000000000707924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89c0988387a5df12023-02-07 15:16:14.845root 11241100x8000000000000000707933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdad20c8df557bd2023-02-07 15:16:14.846root 11241100x8000000000000000707932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81faa3d458f3c8e2023-02-07 15:16:14.846root 11241100x8000000000000000707931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fb0ddd8ab8db582023-02-07 15:16:14.846root 11241100x8000000000000000707930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0652e562ac5c0e2023-02-07 15:16:14.846root 11241100x8000000000000000707929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd40a6fdfe63a502023-02-07 15:16:14.846root 11241100x8000000000000000707928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c235ed912cd4162023-02-07 15:16:14.846root 11241100x8000000000000000707927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd387556b1d38e2023-02-07 15:16:14.846root 11241100x8000000000000000707937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4c15b8bf7cb33d2023-02-07 15:16:15.345root 11241100x8000000000000000707936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9353c391fc19f0a2023-02-07 15:16:15.345root 11241100x8000000000000000707935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a743542163bf29f2023-02-07 15:16:15.345root 11241100x8000000000000000707934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b39c79dcbc0ed22023-02-07 15:16:15.345root 11241100x8000000000000000707943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93baa7b8a70e90702023-02-07 15:16:15.346root 11241100x8000000000000000707942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dcd46c124e82df2023-02-07 15:16:15.346root 11241100x8000000000000000707941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243b83a947d418d12023-02-07 15:16:15.346root 11241100x8000000000000000707940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91cb138b7ffac62023-02-07 15:16:15.346root 11241100x8000000000000000707939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa989ffb52b04122023-02-07 15:16:15.346root 11241100x8000000000000000707938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9328e87324918b02023-02-07 15:16:15.346root 11241100x8000000000000000707947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500714be7461b1a52023-02-07 15:16:15.845root 11241100x8000000000000000707946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72a735f749fc81c2023-02-07 15:16:15.845root 11241100x8000000000000000707945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1632cddd2e2eb7422023-02-07 15:16:15.845root 11241100x8000000000000000707944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b54bc7d033d5c5c2023-02-07 15:16:15.845root 11241100x8000000000000000707953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1fdc9047ec763e2023-02-07 15:16:15.846root 11241100x8000000000000000707952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcd1888e81115912023-02-07 15:16:15.846root 11241100x8000000000000000707951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08f4d35f90c101c2023-02-07 15:16:15.846root 11241100x8000000000000000707950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ddb8e42b7bc582023-02-07 15:16:15.846root 11241100x8000000000000000707949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a96e3b9b9e0b552023-02-07 15:16:15.846root 11241100x8000000000000000707948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b911b23e2c306e342023-02-07 15:16:15.846root 354300x8000000000000000707954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.125{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36250-false10.0.1.12-8000- 11241100x8000000000000000707955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.126{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09c70bfdfa298492023-02-07 15:16:16.126root 11241100x8000000000000000707964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9e93ba427c71a02023-02-07 15:16:16.127root 11241100x8000000000000000707963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7cdeeba68254282023-02-07 15:16:16.127root 11241100x8000000000000000707962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a4b01e975d9cfa2023-02-07 15:16:16.127root 11241100x8000000000000000707961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3430760140f27cd2023-02-07 15:16:16.127root 11241100x8000000000000000707960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08f634f7c49bbc52023-02-07 15:16:16.127root 11241100x8000000000000000707959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b16a595a5d15302023-02-07 15:16:16.127root 11241100x8000000000000000707958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cdf0843d0cc03e2023-02-07 15:16:16.127root 11241100x8000000000000000707957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64005897ab6f65152023-02-07 15:16:16.127root 11241100x8000000000000000707956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea24affbcbda02192023-02-07 15:16:16.127root 11241100x8000000000000000707965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.128{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aa49c61aa9b23e2023-02-07 15:16:16.128root 11241100x8000000000000000707968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fa3391de4ffc942023-02-07 15:16:16.595root 11241100x8000000000000000707967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd19c855558e4c42023-02-07 15:16:16.595root 11241100x8000000000000000707966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44071b43987e02d52023-02-07 15:16:16.595root 11241100x8000000000000000707976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43a1420bfe1f0402023-02-07 15:16:16.596root 11241100x8000000000000000707975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dd09c535ab44fb2023-02-07 15:16:16.596root 11241100x8000000000000000707974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2d1c482da8ff922023-02-07 15:16:16.596root 11241100x8000000000000000707973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a445bcc980384f412023-02-07 15:16:16.596root 11241100x8000000000000000707972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f062441b0d8835d2023-02-07 15:16:16.596root 11241100x8000000000000000707971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c63a68f7b13bed2023-02-07 15:16:16.596root 11241100x8000000000000000707970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013e85901851a8a32023-02-07 15:16:16.596root 11241100x8000000000000000707969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26e4a0f577ec7c72023-02-07 15:16:16.596root 11241100x8000000000000000707982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aef2ca256eca05c2023-02-07 15:16:17.095root 11241100x8000000000000000707981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eb584b3a48da242023-02-07 15:16:17.095root 11241100x8000000000000000707980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73239e6301de63602023-02-07 15:16:17.095root 11241100x8000000000000000707979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddfbf5ac585eaf52023-02-07 15:16:17.095root 11241100x8000000000000000707978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bad04e0e4fdf3eb2023-02-07 15:16:17.095root 11241100x8000000000000000707977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c0cc4c683d3f792023-02-07 15:16:17.095root 11241100x8000000000000000707987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1de3509ee6e5b02023-02-07 15:16:17.096root 11241100x8000000000000000707986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d68ab453d4c92e2023-02-07 15:16:17.096root 11241100x8000000000000000707985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98676b19488bc42023-02-07 15:16:17.096root 11241100x8000000000000000707984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c48808f9ac08d12023-02-07 15:16:17.096root 11241100x8000000000000000707983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad643dd397b869c2023-02-07 15:16:17.096root 11241100x8000000000000000707989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3fdc24b42ca3252023-02-07 15:16:17.595root 11241100x8000000000000000707988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277f4c2b7db4c4232023-02-07 15:16:17.595root 11241100x8000000000000000707998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44bde21d38e12fb2023-02-07 15:16:17.596root 11241100x8000000000000000707997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df3024dc23fcb252023-02-07 15:16:17.596root 11241100x8000000000000000707996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf427a77eb114f9f2023-02-07 15:16:17.596root 11241100x8000000000000000707995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd2aa8f9a9169ae2023-02-07 15:16:17.596root 11241100x8000000000000000707994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340d2952598a6b3a2023-02-07 15:16:17.596root 11241100x8000000000000000707993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112ab4d6c1c2bfff2023-02-07 15:16:17.596root 11241100x8000000000000000707992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10f5b221324ed82023-02-07 15:16:17.596root 11241100x8000000000000000707991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fc21094923c8632023-02-07 15:16:17.596root 11241100x8000000000000000707990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c1259b0757d8ba2023-02-07 15:16:17.596root 11241100x8000000000000000707999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ffc33f3b8597612023-02-07 15:16:18.095root 11241100x8000000000000000708004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fad504e06b1d392023-02-07 15:16:18.096root 11241100x8000000000000000708003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b841d7d3e40b8912023-02-07 15:16:18.096root 11241100x8000000000000000708002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284edac4cc0ada972023-02-07 15:16:18.096root 11241100x8000000000000000708001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd025a6f8196aac2023-02-07 15:16:18.096root 11241100x8000000000000000708000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea5611c047370f2023-02-07 15:16:18.096root 11241100x8000000000000000708008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650e0f2af1fdfc262023-02-07 15:16:18.097root 11241100x8000000000000000708007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe09698b6eaaf912023-02-07 15:16:18.097root 11241100x8000000000000000708006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d4feb394ec7ab92023-02-07 15:16:18.097root 11241100x8000000000000000708005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3474f528daadc87c2023-02-07 15:16:18.097root 11241100x8000000000000000708009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f08c7c26025ddc2023-02-07 15:16:18.098root 11241100x8000000000000000708011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7454e09238f3f0a2023-02-07 15:16:18.595root 11241100x8000000000000000708010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440334d22bd914ef2023-02-07 15:16:18.595root 11241100x8000000000000000708020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4dca7340b346d92023-02-07 15:16:18.596root 11241100x8000000000000000708019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2edefa4571b5eff2023-02-07 15:16:18.596root 11241100x8000000000000000708018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f102026aa66cfb7d2023-02-07 15:16:18.596root 11241100x8000000000000000708017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbae1762077261ce2023-02-07 15:16:18.596root 11241100x8000000000000000708016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64153f4beb6d7a8d2023-02-07 15:16:18.596root 11241100x8000000000000000708015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cef602072fa43502023-02-07 15:16:18.596root 11241100x8000000000000000708014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d46047eb2c757562023-02-07 15:16:18.596root 11241100x8000000000000000708013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0f4106863ddb602023-02-07 15:16:18.596root 11241100x8000000000000000708012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62062b5c6b10d8d02023-02-07 15:16:18.596root 11241100x8000000000000000708025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47428cef7adc51f2023-02-07 15:16:19.095root 11241100x8000000000000000708024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30f852f7c04e6cf2023-02-07 15:16:19.095root 11241100x8000000000000000708023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46a7bbecb1837812023-02-07 15:16:19.095root 11241100x8000000000000000708022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3912244a0af7b4b52023-02-07 15:16:19.095root 11241100x8000000000000000708021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab79ad062c595312023-02-07 15:16:19.095root 11241100x8000000000000000708031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5585535edd814a0f2023-02-07 15:16:19.096root 11241100x8000000000000000708030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575097c329f7d122023-02-07 15:16:19.096root 11241100x8000000000000000708029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c98de489ddd4e82023-02-07 15:16:19.096root 11241100x8000000000000000708028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbbb0519afe09102023-02-07 15:16:19.096root 11241100x8000000000000000708027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98a4ec965a931132023-02-07 15:16:19.096root 11241100x8000000000000000708026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67876951884a5b5c2023-02-07 15:16:19.096root 11241100x8000000000000000708038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef57b6a75d8ac26d2023-02-07 15:16:19.595root 11241100x8000000000000000708037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c3ba8e78ec24c62023-02-07 15:16:19.595root 11241100x8000000000000000708036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec9503aa3ca16da2023-02-07 15:16:19.595root 11241100x8000000000000000708035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b19b1e8315702a82023-02-07 15:16:19.595root 11241100x8000000000000000708034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc36216a1a2c5f72023-02-07 15:16:19.595root 11241100x8000000000000000708033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4682c74beb9904482023-02-07 15:16:19.595root 11241100x8000000000000000708032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e8b03814840ee62023-02-07 15:16:19.595root 11241100x8000000000000000708042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a40449ed57ce192023-02-07 15:16:19.596root 11241100x8000000000000000708041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2fc54206f919a82023-02-07 15:16:19.596root 11241100x8000000000000000708040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdd37cc321a6cfd2023-02-07 15:16:19.596root 11241100x8000000000000000708039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71396f3a0c5c581b2023-02-07 15:16:19.596root 11241100x8000000000000000708043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f4dce9c29278cd2023-02-07 15:16:20.095root 11241100x8000000000000000708047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb29b9a389a13d22023-02-07 15:16:20.096root 11241100x8000000000000000708046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c2e57a743d38042023-02-07 15:16:20.096root 11241100x8000000000000000708045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d479ef687e92c12023-02-07 15:16:20.096root 11241100x8000000000000000708044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dccbc73cac8ec72023-02-07 15:16:20.096root 11241100x8000000000000000708053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeb107026f30a0b2023-02-07 15:16:20.097root 11241100x8000000000000000708052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee0d896d8440caa2023-02-07 15:16:20.097root 11241100x8000000000000000708051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143e14eabc72e8032023-02-07 15:16:20.097root 11241100x8000000000000000708050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba4b8b0268d25182023-02-07 15:16:20.097root 11241100x8000000000000000708049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9479e15e02374022023-02-07 15:16:20.097root 11241100x8000000000000000708048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be237df22d4d14e92023-02-07 15:16:20.097root 11241100x8000000000000000708054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9bd7ff9a70356e2023-02-07 15:16:20.595root 11241100x8000000000000000708059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a0ff06dde1bc512023-02-07 15:16:20.596root 11241100x8000000000000000708058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8052be67752cf92023-02-07 15:16:20.596root 11241100x8000000000000000708057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b62bbd9605ef8a2023-02-07 15:16:20.596root 11241100x8000000000000000708056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c26b1299bc51262023-02-07 15:16:20.596root 11241100x8000000000000000708055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7289ce8358691cc2023-02-07 15:16:20.596root 11241100x8000000000000000708064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cccc843eb8e00422023-02-07 15:16:20.597root 11241100x8000000000000000708063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fe20b98b779bf22023-02-07 15:16:20.597root 11241100x8000000000000000708062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d490dffa21d4c52023-02-07 15:16:20.597root 11241100x8000000000000000708061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f3b1168600cfc92023-02-07 15:16:20.597root 11241100x8000000000000000708060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f834da2157cdee2023-02-07 15:16:20.597root 11241100x8000000000000000708065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc91cfa7e7248c622023-02-07 15:16:21.095root 11241100x8000000000000000708070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eae6cbf160b88762023-02-07 15:16:21.096root 11241100x8000000000000000708069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7183ac5a26b2f9f12023-02-07 15:16:21.096root 11241100x8000000000000000708068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29b868148f297672023-02-07 15:16:21.096root 11241100x8000000000000000708067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ada7f48a1e41cf2023-02-07 15:16:21.096root 11241100x8000000000000000708066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a63e4ce5943fda62023-02-07 15:16:21.096root 11241100x8000000000000000708074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5240e8a24f3cbcff2023-02-07 15:16:21.097root 11241100x8000000000000000708073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72406a24ad2238be2023-02-07 15:16:21.097root 11241100x8000000000000000708072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9547245fad5c952023-02-07 15:16:21.097root 11241100x8000000000000000708071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adff04bb754140be2023-02-07 15:16:21.097root 11241100x8000000000000000708075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f9f79db3af46142023-02-07 15:16:21.098root 11241100x8000000000000000708077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4bd1f397918e752023-02-07 15:16:21.595root 11241100x8000000000000000708076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74a71c0ad2b00532023-02-07 15:16:21.595root 11241100x8000000000000000708081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79009f0e10a78fa2023-02-07 15:16:21.596root 11241100x8000000000000000708080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f83d66f417b95d12023-02-07 15:16:21.596root 11241100x8000000000000000708079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e76e4321e8851a2023-02-07 15:16:21.596root 11241100x8000000000000000708078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c8a83dac9f7d332023-02-07 15:16:21.596root 11241100x8000000000000000708086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55394061df1c9ea2023-02-07 15:16:21.597root 11241100x8000000000000000708085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d02bd452481e5592023-02-07 15:16:21.597root 11241100x8000000000000000708084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0a20a71874e1292023-02-07 15:16:21.597root 11241100x8000000000000000708083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afbc07d08a2bac82023-02-07 15:16:21.597root 11241100x8000000000000000708082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c7e0d9808c03f92023-02-07 15:16:21.597root 11241100x8000000000000000708088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73ccd3321e0ea732023-02-07 15:16:22.095root 11241100x8000000000000000708087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d18ee5da6a4ea032023-02-07 15:16:22.095root 11241100x8000000000000000708095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af36c8b3378dbf42023-02-07 15:16:22.096root 11241100x8000000000000000708094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85c31aec9a00d172023-02-07 15:16:22.096root 11241100x8000000000000000708093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c7eddce3f87f752023-02-07 15:16:22.096root 11241100x8000000000000000708092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1609bcd651ac71012023-02-07 15:16:22.096root 11241100x8000000000000000708091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6879831eadec6a862023-02-07 15:16:22.096root 11241100x8000000000000000708090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e821dcb460cad3302023-02-07 15:16:22.096root 11241100x8000000000000000708089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2211816c8fca15032023-02-07 15:16:22.096root 11241100x8000000000000000708097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a392060d2f0bde22023-02-07 15:16:22.097root 11241100x8000000000000000708096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2369acdbe1a3453d2023-02-07 15:16:22.097root 354300x8000000000000000708098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.108{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36258-false10.0.1.12-8000- 11241100x8000000000000000708104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b180db36e3478b92023-02-07 15:16:22.595root 11241100x8000000000000000708103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2699caad45d1232023-02-07 15:16:22.595root 11241100x8000000000000000708102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9e35c8e3f7607e2023-02-07 15:16:22.595root 11241100x8000000000000000708101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cc89af02a3d0402023-02-07 15:16:22.595root 11241100x8000000000000000708100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9d2b9851c4d80b2023-02-07 15:16:22.595root 11241100x8000000000000000708099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b458d2b389931bae2023-02-07 15:16:22.595root 11241100x8000000000000000708110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e0a70b8cd7ce4c2023-02-07 15:16:22.596root 11241100x8000000000000000708109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb286c5443f3ae1c2023-02-07 15:16:22.596root 11241100x8000000000000000708108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf252193f557b652023-02-07 15:16:22.596root 11241100x8000000000000000708107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ffd5c462d13d022023-02-07 15:16:22.596root 11241100x8000000000000000708106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799ef5304a5fe9d82023-02-07 15:16:22.596root 11241100x8000000000000000708105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1251cb6686cce14f2023-02-07 15:16:22.596root 11241100x8000000000000000708115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2251f3073110957c2023-02-07 15:16:23.096root 11241100x8000000000000000708114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d99948ea298ae62023-02-07 15:16:23.096root 11241100x8000000000000000708113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50495fab5d0ce7e52023-02-07 15:16:23.096root 11241100x8000000000000000708112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f0b9cc5cce7432023-02-07 15:16:23.096root 11241100x8000000000000000708111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b287b86b3ed9892023-02-07 15:16:23.096root 11241100x8000000000000000708123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11908d79c67e3cfb2023-02-07 15:16:23.097root 11241100x8000000000000000708122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10f41866617b82a2023-02-07 15:16:23.097root 11241100x8000000000000000708121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c26b81160f3b5c02023-02-07 15:16:23.097root 11241100x8000000000000000708120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c9b53bf204b5a2023-02-07 15:16:23.097root 11241100x8000000000000000708119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb446c8242f2887b2023-02-07 15:16:23.097root 11241100x8000000000000000708118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f7d99ecea5ad252023-02-07 15:16:23.097root 11241100x8000000000000000708117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e7167b517b318e2023-02-07 15:16:23.097root 534500x8000000000000000708116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.097{ec244aba-3071-63e2-c83a-8af647560000}483/lib/systemd/systemd-journaldroot 11241100x8000000000000000708128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0811d7b0fc9657092023-02-07 15:16:23.595root 11241100x8000000000000000708127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae6dc5537d069f22023-02-07 15:16:23.595root 11241100x8000000000000000708126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4041a0c100f30472023-02-07 15:16:23.595root 11241100x8000000000000000708125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41f09ec6755297b2023-02-07 15:16:23.595root 11241100x8000000000000000708124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf561a7a70762c42023-02-07 15:16:23.595root 11241100x8000000000000000708136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2758a1e4d12acb842023-02-07 15:16:23.596root 11241100x8000000000000000708135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a199e4a397d85752023-02-07 15:16:23.596root 11241100x8000000000000000708134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122bbf0fb96ca33c2023-02-07 15:16:23.596root 11241100x8000000000000000708133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572514dd064e5e3e2023-02-07 15:16:23.596root 11241100x8000000000000000708132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8123793f3b16471e2023-02-07 15:16:23.596root 11241100x8000000000000000708131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9ffd43cb609b602023-02-07 15:16:23.596root 11241100x8000000000000000708130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5c1dabc20e2b5f2023-02-07 15:16:23.596root 11241100x8000000000000000708129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde84734c379d9ad2023-02-07 15:16:23.596root 11241100x8000000000000000708143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b33b0d07e566472023-02-07 15:16:24.095root 11241100x8000000000000000708142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a09a85717b4cce2023-02-07 15:16:24.095root 11241100x8000000000000000708141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb638a008b5d3f2023-02-07 15:16:24.095root 11241100x8000000000000000708140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ab935a6e003b42023-02-07 15:16:24.095root 11241100x8000000000000000708139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0afcf958be77b472023-02-07 15:16:24.095root 11241100x8000000000000000708138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1b0177ef2d59f92023-02-07 15:16:24.095root 11241100x8000000000000000708137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de32293a2ab6d0102023-02-07 15:16:24.095root 11241100x8000000000000000708149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70c6c64b38919b92023-02-07 15:16:24.096root 11241100x8000000000000000708148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce27598d0cad3e92023-02-07 15:16:24.096root 11241100x8000000000000000708147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c607377afafd5c712023-02-07 15:16:24.096root 11241100x8000000000000000708146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b9d9473f89082f2023-02-07 15:16:24.096root 11241100x8000000000000000708145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb5e8380f4c39632023-02-07 15:16:24.096root 11241100x8000000000000000708144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97bd917b9d6595a2023-02-07 15:16:24.096root 11241100x8000000000000000708155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9004c8a01f168442023-02-07 15:16:24.595root 11241100x8000000000000000708154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfad1941a5e97062023-02-07 15:16:24.595root 11241100x8000000000000000708153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89c845ab452802e2023-02-07 15:16:24.595root 11241100x8000000000000000708152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9acca581ff945ca2023-02-07 15:16:24.595root 11241100x8000000000000000708151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a4d55311dd40712023-02-07 15:16:24.595root 11241100x8000000000000000708150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75d44893fbd0ba12023-02-07 15:16:24.595root 11241100x8000000000000000708161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7204540ebddfe9912023-02-07 15:16:24.596root 11241100x8000000000000000708160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f250d7d0de3225d2023-02-07 15:16:24.596root 11241100x8000000000000000708159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011bf40cd37dfa8a2023-02-07 15:16:24.596root 11241100x8000000000000000708158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47528559e92a43da2023-02-07 15:16:24.596root 11241100x8000000000000000708157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a22e4ed5a77d1772023-02-07 15:16:24.596root 11241100x8000000000000000708156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58c3568be4655fa2023-02-07 15:16:24.596root 11241100x8000000000000000708162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38a0f4f14adc4bb2023-02-07 15:16:24.597root 11241100x8000000000000000708163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:24.728{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:16:24.728root 11241100x8000000000000000708168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1331dfec323a6132023-02-07 15:16:25.095root 11241100x8000000000000000708167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85a645d337cb8f72023-02-07 15:16:25.095root 11241100x8000000000000000708166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626befad5b0c9a322023-02-07 15:16:25.095root 11241100x8000000000000000708165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e7c438f2e04e732023-02-07 15:16:25.095root 11241100x8000000000000000708164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af04250d11d7445e2023-02-07 15:16:25.095root 11241100x8000000000000000708177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181fb7d2c01a11352023-02-07 15:16:25.096root 11241100x8000000000000000708176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdefac54b7919f2a2023-02-07 15:16:25.096root 11241100x8000000000000000708175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5726ccee5da4af422023-02-07 15:16:25.096root 11241100x8000000000000000708174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8338d2229f393f572023-02-07 15:16:25.096root 11241100x8000000000000000708173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcebe500cb1b3442023-02-07 15:16:25.096root 11241100x8000000000000000708172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cfa6b15306636d2023-02-07 15:16:25.096root 11241100x8000000000000000708171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47698b8ec56a3002023-02-07 15:16:25.096root 11241100x8000000000000000708170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30a78e4b90df91e2023-02-07 15:16:25.096root 11241100x8000000000000000708169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a472a1a21d6770d2023-02-07 15:16:25.096root 11241100x8000000000000000708182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e430a888dd37032023-02-07 15:16:25.595root 11241100x8000000000000000708181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b9ce5e8983072b2023-02-07 15:16:25.595root 11241100x8000000000000000708180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e4c1a6fda6480a2023-02-07 15:16:25.595root 11241100x8000000000000000708179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b682a8bb0a323e822023-02-07 15:16:25.595root 11241100x8000000000000000708178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc76cae68316f1e2023-02-07 15:16:25.595root 11241100x8000000000000000708191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4f1638f3fb1a592023-02-07 15:16:25.596root 11241100x8000000000000000708190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273e71c9c36fd952023-02-07 15:16:25.596root 11241100x8000000000000000708189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d830ae1c8ea7d9a2023-02-07 15:16:25.596root 11241100x8000000000000000708188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914a41764ab347d22023-02-07 15:16:25.596root 11241100x8000000000000000708187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7633d2d5f5a4e51d2023-02-07 15:16:25.596root 11241100x8000000000000000708186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaa7ab515a039cf2023-02-07 15:16:25.596root 11241100x8000000000000000708185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57580988cd9158f2023-02-07 15:16:25.596root 11241100x8000000000000000708184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da39abc29867618b2023-02-07 15:16:25.596root 11241100x8000000000000000708183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c69158f2b29e962023-02-07 15:16:25.596root 11241100x8000000000000000708195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b3ae4f45fe91432023-02-07 15:16:26.095root 11241100x8000000000000000708194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85e01a42e70b3422023-02-07 15:16:26.095root 11241100x8000000000000000708193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d45db02c84c3fa32023-02-07 15:16:26.095root 11241100x8000000000000000708192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a92a687a2aa42e2023-02-07 15:16:26.095root 11241100x8000000000000000708204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c269179dd5f27b2023-02-07 15:16:26.096root 11241100x8000000000000000708203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5672e0152f4b942023-02-07 15:16:26.096root 11241100x8000000000000000708202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4033eeeb2b806342023-02-07 15:16:26.096root 11241100x8000000000000000708201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cab1ed3b9b0c382023-02-07 15:16:26.096root 11241100x8000000000000000708200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89b735a3d8a6de62023-02-07 15:16:26.096root 11241100x8000000000000000708199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbba36a0fa425ca2023-02-07 15:16:26.096root 11241100x8000000000000000708198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3208c34f3fcc40302023-02-07 15:16:26.096root 11241100x8000000000000000708197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123309be4bc3b0662023-02-07 15:16:26.096root 11241100x8000000000000000708196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2323287559e49552023-02-07 15:16:26.096root 11241100x8000000000000000708205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07ed8e81dbb1c372023-02-07 15:16:26.097root 11241100x8000000000000000708210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52b58989d8753962023-02-07 15:16:26.595root 11241100x8000000000000000708209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267c99bb96e31f132023-02-07 15:16:26.595root 11241100x8000000000000000708208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74852680b72387102023-02-07 15:16:26.595root 11241100x8000000000000000708207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502eedb2727b34512023-02-07 15:16:26.595root 11241100x8000000000000000708206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ac59a998c957ca2023-02-07 15:16:26.595root 11241100x8000000000000000708215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8553cf3661add7852023-02-07 15:16:26.596root 11241100x8000000000000000708214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3585efb0cd3a4f992023-02-07 15:16:26.596root 11241100x8000000000000000708213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756081a95e1ab5d92023-02-07 15:16:26.596root 11241100x8000000000000000708212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f273c23a2b2e3ceb2023-02-07 15:16:26.596root 11241100x8000000000000000708211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6d563007d003822023-02-07 15:16:26.596root 11241100x8000000000000000708219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fbc924b6c9c2932023-02-07 15:16:26.597root 11241100x8000000000000000708218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97db658dcd5ab5b12023-02-07 15:16:26.597root 11241100x8000000000000000708217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b11dddcf6211cc22023-02-07 15:16:26.597root 11241100x8000000000000000708216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5552c2c9b86aef6b2023-02-07 15:16:26.597root 11241100x8000000000000000708221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dea8914686218ad2023-02-07 15:16:27.095root 11241100x8000000000000000708220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cee330bd0093b42023-02-07 15:16:27.095root 11241100x8000000000000000708229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b16cc382e9b092023-02-07 15:16:27.096root 11241100x8000000000000000708228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689015417984359d2023-02-07 15:16:27.096root 11241100x8000000000000000708227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9868fecaed28ac2023-02-07 15:16:27.096root 11241100x8000000000000000708226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c6bbfd1664c5142023-02-07 15:16:27.096root 11241100x8000000000000000708225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab649ea0ab686a22023-02-07 15:16:27.096root 11241100x8000000000000000708224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b07086819f7d242023-02-07 15:16:27.096root 11241100x8000000000000000708223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e9dbe0bfe00a362023-02-07 15:16:27.096root 11241100x8000000000000000708222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cc1339363364bc2023-02-07 15:16:27.096root 11241100x8000000000000000708233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23afbbac87294282023-02-07 15:16:27.097root 11241100x8000000000000000708232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afe7cf4afdb59272023-02-07 15:16:27.097root 11241100x8000000000000000708231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112127f7e32604262023-02-07 15:16:27.097root 11241100x8000000000000000708230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9332b83d44aaa3b2023-02-07 15:16:27.097root 11241100x8000000000000000708238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9388868da3c47612023-02-07 15:16:27.595root 11241100x8000000000000000708237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fcc4dc7f28b74b2023-02-07 15:16:27.595root 11241100x8000000000000000708236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9411ca32786bef852023-02-07 15:16:27.595root 11241100x8000000000000000708235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb52bc9641740182023-02-07 15:16:27.595root 11241100x8000000000000000708234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb5585359e2fd8f2023-02-07 15:16:27.595root 11241100x8000000000000000708243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813b7824d91540e82023-02-07 15:16:27.596root 11241100x8000000000000000708242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7951103105e3532023-02-07 15:16:27.596root 11241100x8000000000000000708241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cd3c362f6a5a812023-02-07 15:16:27.596root 11241100x8000000000000000708240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295b798ca6b1ccf2023-02-07 15:16:27.596root 11241100x8000000000000000708239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512296ece9af85022023-02-07 15:16:27.596root 11241100x8000000000000000708247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc274cd15312760f2023-02-07 15:16:27.597root 11241100x8000000000000000708246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b34989017d2a632023-02-07 15:16:27.597root 11241100x8000000000000000708245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24343472d4d48e722023-02-07 15:16:27.597root 11241100x8000000000000000708244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f74acc217f570842023-02-07 15:16:27.597root 23542300x8000000000000000708248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:27.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000708249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e5c59b25b0ff5c2023-02-07 15:16:28.095root 11241100x8000000000000000708252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6c23a69601d1c12023-02-07 15:16:28.096root 11241100x8000000000000000708251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0256637013dc2df2023-02-07 15:16:28.096root 11241100x8000000000000000708250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdbefa04a8217462023-02-07 15:16:28.096root 11241100x8000000000000000708262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec5892050a61da92023-02-07 15:16:28.097root 11241100x8000000000000000708261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5501078bd2ec03332023-02-07 15:16:28.097root 11241100x8000000000000000708260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd816cd70bee8a62023-02-07 15:16:28.097root 11241100x8000000000000000708259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b9750ec683addb2023-02-07 15:16:28.097root 11241100x8000000000000000708258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d39c8ae84bc6282023-02-07 15:16:28.097root 11241100x8000000000000000708257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de8108a4a91d34c2023-02-07 15:16:28.097root 11241100x8000000000000000708256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba6d6b080d6abad2023-02-07 15:16:28.097root 11241100x8000000000000000708255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deca0c2ce165a5f12023-02-07 15:16:28.097root 11241100x8000000000000000708254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c8dc551fd1e33e2023-02-07 15:16:28.097root 11241100x8000000000000000708253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c800b238249b872023-02-07 15:16:28.097root 11241100x8000000000000000708263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ee25fac244728c2023-02-07 15:16:28.098root 354300x8000000000000000708264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.108{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56954-false10.0.1.12-8000- 11241100x8000000000000000708267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136445ec5b39e3012023-02-07 15:16:28.595root 11241100x8000000000000000708266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b900937baf5effd2023-02-07 15:16:28.595root 11241100x8000000000000000708265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652db180b9c5938e2023-02-07 15:16:28.595root 11241100x8000000000000000708274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1fd9326e4dc9ba2023-02-07 15:16:28.596root 11241100x8000000000000000708273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df299205afe682b22023-02-07 15:16:28.596root 11241100x8000000000000000708272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f788b647e2c869e82023-02-07 15:16:28.596root 11241100x8000000000000000708271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec703c67e858a92d2023-02-07 15:16:28.596root 11241100x8000000000000000708270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3d7253f7837d692023-02-07 15:16:28.596root 11241100x8000000000000000708269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c0e177910c3ca72023-02-07 15:16:28.596root 11241100x8000000000000000708268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c46a1263702e112023-02-07 15:16:28.596root 11241100x8000000000000000708281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b2e5839ee68c2a2023-02-07 15:16:28.597root 11241100x8000000000000000708280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03bec600339bf082023-02-07 15:16:28.597root 11241100x8000000000000000708279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607e83f0cfe6e08e2023-02-07 15:16:28.597root 11241100x8000000000000000708278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80617ee756a2ac5a2023-02-07 15:16:28.597root 11241100x8000000000000000708277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc120f4752085322023-02-07 15:16:28.597root 11241100x8000000000000000708276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef3317ead6153292023-02-07 15:16:28.597root 11241100x8000000000000000708275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0642daf2e62c622023-02-07 15:16:28.597root 11241100x8000000000000000708284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59686651a3d960e42023-02-07 15:16:29.095root 11241100x8000000000000000708283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6268b0a83d7d5a822023-02-07 15:16:29.095root 11241100x8000000000000000708282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda048d3a5c4508a2023-02-07 15:16:29.095root 11241100x8000000000000000708294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299365804a4527452023-02-07 15:16:29.096root 11241100x8000000000000000708293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcacbe233989bed2023-02-07 15:16:29.096root 11241100x8000000000000000708292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425bef04eec97bc02023-02-07 15:16:29.096root 11241100x8000000000000000708291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0550a81a0564157f2023-02-07 15:16:29.096root 11241100x8000000000000000708290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c8f0f71fa24e252023-02-07 15:16:29.096root 11241100x8000000000000000708289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f104626469ee9f2023-02-07 15:16:29.096root 11241100x8000000000000000708288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc44ba538a5fe7832023-02-07 15:16:29.096root 11241100x8000000000000000708287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7151b0267e67459c2023-02-07 15:16:29.096root 11241100x8000000000000000708286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc2606c3dff354e2023-02-07 15:16:29.096root 11241100x8000000000000000708285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861f2f0d4e0638542023-02-07 15:16:29.096root 11241100x8000000000000000708298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7413d077ce229b12023-02-07 15:16:29.097root 11241100x8000000000000000708297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4ced415405d6832023-02-07 15:16:29.097root 11241100x8000000000000000708296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154a15efd9ce9e1f2023-02-07 15:16:29.097root 11241100x8000000000000000708295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae525494f95ac48d2023-02-07 15:16:29.097root 11241100x8000000000000000708302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f51aad2007f67242023-02-07 15:16:29.595root 11241100x8000000000000000708301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44345cf0929a48742023-02-07 15:16:29.595root 11241100x8000000000000000708300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619e2ae184254e6c2023-02-07 15:16:29.595root 11241100x8000000000000000708299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53a3c65fa27061b2023-02-07 15:16:29.595root 11241100x8000000000000000708307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce9f3d35bd8ce452023-02-07 15:16:29.596root 11241100x8000000000000000708306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f2ed868a4240dd2023-02-07 15:16:29.596root 11241100x8000000000000000708305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b3c59c2eb07e322023-02-07 15:16:29.596root 11241100x8000000000000000708304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90796f17a6e2a3f82023-02-07 15:16:29.596root 11241100x8000000000000000708303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3585794626f8af32023-02-07 15:16:29.596root 11241100x8000000000000000708314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b2762543cbc7082023-02-07 15:16:29.597root 11241100x8000000000000000708313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402a5e15d7f82b772023-02-07 15:16:29.597root 11241100x8000000000000000708312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0048521e45db4b9a2023-02-07 15:16:29.597root 11241100x8000000000000000708311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94575988c8c0066b2023-02-07 15:16:29.597root 11241100x8000000000000000708310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b9ce305831c4b42023-02-07 15:16:29.597root 11241100x8000000000000000708309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2749bc83e555b02023-02-07 15:16:29.597root 11241100x8000000000000000708308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d92e3e0b870fee2023-02-07 15:16:29.597root 11241100x8000000000000000708320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef20519d96da4d432023-02-07 15:16:30.095root 11241100x8000000000000000708319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fcf2d182a0887a2023-02-07 15:16:30.095root 11241100x8000000000000000708318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e0910efd496902023-02-07 15:16:30.095root 11241100x8000000000000000708317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6c850b638740ab2023-02-07 15:16:30.095root 11241100x8000000000000000708316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff562ee6d5f5e742023-02-07 15:16:30.095root 11241100x8000000000000000708315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d9c79882a340912023-02-07 15:16:30.095root 11241100x8000000000000000708323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb02b0b176411f572023-02-07 15:16:30.096root 11241100x8000000000000000708322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83640e681c323d9d2023-02-07 15:16:30.096root 11241100x8000000000000000708321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450b668ca88657502023-02-07 15:16:30.096root 11241100x8000000000000000708330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3156fa2e21118fa2023-02-07 15:16:30.097root 11241100x8000000000000000708329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aab1142fcae54102023-02-07 15:16:30.097root 11241100x8000000000000000708328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6906bb43965f71f2023-02-07 15:16:30.097root 11241100x8000000000000000708327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ff3fe28003cef62023-02-07 15:16:30.097root 11241100x8000000000000000708326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f7d1d12deb2b382023-02-07 15:16:30.097root 11241100x8000000000000000708325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bcda8a6e496c7e2023-02-07 15:16:30.097root 11241100x8000000000000000708324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2156b9a0c1d87f02023-02-07 15:16:30.097root 11241100x8000000000000000708339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db814889201122d2023-02-07 15:16:30.596root 11241100x8000000000000000708338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5881d94dc5ee1dd72023-02-07 15:16:30.596root 11241100x8000000000000000708337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ead01a7a83dc112023-02-07 15:16:30.596root 11241100x8000000000000000708336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f8eb41782a700b2023-02-07 15:16:30.596root 11241100x8000000000000000708335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ac419b5d4090c72023-02-07 15:16:30.596root 11241100x8000000000000000708334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b626284015a5562023-02-07 15:16:30.596root 11241100x8000000000000000708333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d9e835fd2dbb9a2023-02-07 15:16:30.596root 11241100x8000000000000000708332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08c1382ae106d752023-02-07 15:16:30.596root 11241100x8000000000000000708331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d4ea6c707d6d9a2023-02-07 15:16:30.596root 11241100x8000000000000000708346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f333aaaadc2ed0be2023-02-07 15:16:30.597root 11241100x8000000000000000708345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887fb7f39e7df992023-02-07 15:16:30.597root 11241100x8000000000000000708344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927408123dbd94302023-02-07 15:16:30.597root 11241100x8000000000000000708343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c083c25df75d3d1f2023-02-07 15:16:30.597root 11241100x8000000000000000708342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645e44ab343bdc0e2023-02-07 15:16:30.597root 11241100x8000000000000000708341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557f7adb6b81d0f2023-02-07 15:16:30.597root 11241100x8000000000000000708340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8b23986d99ea2f2023-02-07 15:16:30.597root 11241100x8000000000000000708352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb22ee4e143c4d62023-02-07 15:16:31.095root 11241100x8000000000000000708351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04191a5bb8db7cb22023-02-07 15:16:31.095root 11241100x8000000000000000708350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db61522907702462023-02-07 15:16:31.095root 11241100x8000000000000000708349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187efdc7a08df8752023-02-07 15:16:31.095root 11241100x8000000000000000708348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57477a9dd1a0952023-02-07 15:16:31.095root 11241100x8000000000000000708347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f48ec04896eb62023-02-07 15:16:31.095root 11241100x8000000000000000708361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0582a1e390e418eb2023-02-07 15:16:31.096root 11241100x8000000000000000708360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b62df7ab3e344bc2023-02-07 15:16:31.096root 11241100x8000000000000000708359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384ae95ef07ebcbf2023-02-07 15:16:31.096root 11241100x8000000000000000708358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aeecd0e4a910f602023-02-07 15:16:31.096root 11241100x8000000000000000708357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcec1c458ac9aed2023-02-07 15:16:31.096root 11241100x8000000000000000708356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b6b23e039d09782023-02-07 15:16:31.096root 11241100x8000000000000000708355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307b611e8b0842992023-02-07 15:16:31.096root 11241100x8000000000000000708354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218307ccd00a346c2023-02-07 15:16:31.096root 11241100x8000000000000000708353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a5b60b9ebcfe42023-02-07 15:16:31.096root 11241100x8000000000000000708363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27044fd8aeae8552023-02-07 15:16:31.097root 11241100x8000000000000000708362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e0cc47f14744c72023-02-07 15:16:31.097root 11241100x8000000000000000708368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad370693ebae4af02023-02-07 15:16:31.595root 11241100x8000000000000000708367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4fdcf9c24a243b2023-02-07 15:16:31.595root 11241100x8000000000000000708366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c3193a53deca22023-02-07 15:16:31.595root 11241100x8000000000000000708365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573887fd53e6565c2023-02-07 15:16:31.595root 11241100x8000000000000000708364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff387702e0739ee2023-02-07 15:16:31.595root 11241100x8000000000000000708378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3148d7ee626199ab2023-02-07 15:16:31.596root 11241100x8000000000000000708377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf7c732fdb7f5cb2023-02-07 15:16:31.596root 11241100x8000000000000000708376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a75c2abf0cf2d12023-02-07 15:16:31.596root 11241100x8000000000000000708375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6696226dd247e9852023-02-07 15:16:31.596root 11241100x8000000000000000708374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f0a1babf22fbe12023-02-07 15:16:31.596root 11241100x8000000000000000708373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119e0240c1ab7fcd2023-02-07 15:16:31.596root 11241100x8000000000000000708372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62830b6a712aa892023-02-07 15:16:31.596root 11241100x8000000000000000708371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72554b5b899cfb82023-02-07 15:16:31.596root 11241100x8000000000000000708370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbae42883b1036a52023-02-07 15:16:31.596root 11241100x8000000000000000708369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f958c34fbfa14b112023-02-07 15:16:31.596root 11241100x8000000000000000708379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0455815463ce73712023-02-07 15:16:31.597root 11241100x8000000000000000708384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2846674671c6b1b02023-02-07 15:16:32.095root 11241100x8000000000000000708383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42ad501a056b6ea2023-02-07 15:16:32.095root 11241100x8000000000000000708382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7daf0e2caf2f0542023-02-07 15:16:32.095root 11241100x8000000000000000708381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb249656e9a00c82023-02-07 15:16:32.095root 11241100x8000000000000000708380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff1c5b43c8f3d82023-02-07 15:16:32.095root 11241100x8000000000000000708391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f8577fc16d2d072023-02-07 15:16:32.096root 11241100x8000000000000000708390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdadcfe5e288c3712023-02-07 15:16:32.096root 11241100x8000000000000000708389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0917b725d397bdec2023-02-07 15:16:32.096root 11241100x8000000000000000708388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53dc2d97569a02e2023-02-07 15:16:32.096root 11241100x8000000000000000708387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc8064ecd511dbf2023-02-07 15:16:32.096root 11241100x8000000000000000708386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cbe08d5ee9afdb2023-02-07 15:16:32.096root 11241100x8000000000000000708385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6b7928f94a9a342023-02-07 15:16:32.096root 11241100x8000000000000000708395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b4737523f0a1452023-02-07 15:16:32.097root 11241100x8000000000000000708394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467676c7112667aa2023-02-07 15:16:32.097root 11241100x8000000000000000708393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4f44f3f379df702023-02-07 15:16:32.097root 11241100x8000000000000000708392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d94f61f464550f2023-02-07 15:16:32.097root 11241100x8000000000000000708400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e3722ff665737b2023-02-07 15:16:32.595root 11241100x8000000000000000708399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce459581fa6033cc2023-02-07 15:16:32.595root 11241100x8000000000000000708398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a961f49e43aca3f52023-02-07 15:16:32.595root 11241100x8000000000000000708397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047237a091fc69c42023-02-07 15:16:32.595root 11241100x8000000000000000708396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d3750a791211f12023-02-07 15:16:32.595root 11241100x8000000000000000708409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb6e6ef354d13cf2023-02-07 15:16:32.596root 11241100x8000000000000000708408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d4188e7329b3932023-02-07 15:16:32.596root 11241100x8000000000000000708407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1113e84c0d6f0c1d2023-02-07 15:16:32.596root 11241100x8000000000000000708406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d472502e272c22023-02-07 15:16:32.596root 11241100x8000000000000000708405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b83405f484927e42023-02-07 15:16:32.596root 11241100x8000000000000000708404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbe2db4be8675f12023-02-07 15:16:32.596root 11241100x8000000000000000708403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239fdc402f90fe882023-02-07 15:16:32.596root 11241100x8000000000000000708402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa19df3af8915d272023-02-07 15:16:32.596root 11241100x8000000000000000708401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280f3d67d7997bbe2023-02-07 15:16:32.596root 11241100x8000000000000000708411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b05fca0ff3b9d32023-02-07 15:16:32.597root 11241100x8000000000000000708410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd2b8d4c9f5d9b72023-02-07 15:16:32.597root 11241100x8000000000000000708416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63639957303eec0d2023-02-07 15:16:33.095root 11241100x8000000000000000708415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aea8ef91bde174f2023-02-07 15:16:33.095root 11241100x8000000000000000708414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d482853031b46d72023-02-07 15:16:33.095root 11241100x8000000000000000708413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6eec89931e923d2023-02-07 15:16:33.095root 11241100x8000000000000000708412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712c3cac788916e32023-02-07 15:16:33.095root 11241100x8000000000000000708426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f6dbd5b67f48da2023-02-07 15:16:33.096root 11241100x8000000000000000708425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab9eb04230d88172023-02-07 15:16:33.096root 11241100x8000000000000000708424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82331e576454c25b2023-02-07 15:16:33.096root 11241100x8000000000000000708423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2276fad15c54172023-02-07 15:16:33.096root 11241100x8000000000000000708422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066bb00060f2de542023-02-07 15:16:33.096root 11241100x8000000000000000708421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8af2471a18c6f32023-02-07 15:16:33.096root 11241100x8000000000000000708420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28003156ff2fb3e22023-02-07 15:16:33.096root 11241100x8000000000000000708419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c68c3b358ca26d2023-02-07 15:16:33.096root 11241100x8000000000000000708418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ea1d8734589b9b2023-02-07 15:16:33.096root 11241100x8000000000000000708417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7785a7b455bc4b2023-02-07 15:16:33.096root 11241100x8000000000000000708428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bd9a5c7be62e102023-02-07 15:16:33.097root 11241100x8000000000000000708427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7373f768a8ce1952023-02-07 15:16:33.097root 354300x8000000000000000708429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.125{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56960-false10.0.1.12-8000- 11241100x8000000000000000708435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495388582215fb0c2023-02-07 15:16:33.595root 11241100x8000000000000000708434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53af36ff8b2f08172023-02-07 15:16:33.595root 11241100x8000000000000000708433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60ae0cd51fe5bfc2023-02-07 15:16:33.595root 11241100x8000000000000000708432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabfa14cf7a69b4f2023-02-07 15:16:33.595root 11241100x8000000000000000708431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8431d79578ea13c82023-02-07 15:16:33.595root 11241100x8000000000000000708430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3530ed414c4bd332023-02-07 15:16:33.595root 11241100x8000000000000000708447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d851da5f32cb08f2023-02-07 15:16:33.596root 11241100x8000000000000000708446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60c238527d3b2f52023-02-07 15:16:33.596root 11241100x8000000000000000708445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd067d61bef20e32023-02-07 15:16:33.596root 11241100x8000000000000000708444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ca5b2f28bdf8ae2023-02-07 15:16:33.596root 11241100x8000000000000000708443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da920e07fc34896d2023-02-07 15:16:33.596root 11241100x8000000000000000708442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef50117c959600c2023-02-07 15:16:33.596root 11241100x8000000000000000708441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d48edd48c58b3f2023-02-07 15:16:33.596root 11241100x8000000000000000708440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33fa76959a765972023-02-07 15:16:33.596root 11241100x8000000000000000708439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64935aa1dfbb4f72023-02-07 15:16:33.596root 11241100x8000000000000000708438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688b2f0b509f8bc22023-02-07 15:16:33.596root 11241100x8000000000000000708437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b74411891e6ea2023-02-07 15:16:33.596root 11241100x8000000000000000708436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382f5a1be2f8a4b42023-02-07 15:16:33.596root 11241100x8000000000000000708455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a8a8557ac063d32023-02-07 15:16:34.095root 11241100x8000000000000000708454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cf9482bb230b922023-02-07 15:16:34.095root 11241100x8000000000000000708453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0cff9952a5f22d2023-02-07 15:16:34.095root 11241100x8000000000000000708452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849a26e018c112aa2023-02-07 15:16:34.095root 11241100x8000000000000000708451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d0eeb1165dfe7d2023-02-07 15:16:34.095root 11241100x8000000000000000708450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bba693df6598502023-02-07 15:16:34.095root 11241100x8000000000000000708449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcc2305138e386a2023-02-07 15:16:34.095root 11241100x8000000000000000708448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1341000052a02d22023-02-07 15:16:34.095root 11241100x8000000000000000708461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a973fb0cf6a7bea2023-02-07 15:16:34.096root 11241100x8000000000000000708460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240f5baa9e63b5b22023-02-07 15:16:34.096root 11241100x8000000000000000708459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd88f416c89264422023-02-07 15:16:34.096root 11241100x8000000000000000708458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fc7ecc244b21c32023-02-07 15:16:34.096root 11241100x8000000000000000708457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2747e1cb3c01a2bf2023-02-07 15:16:34.096root 11241100x8000000000000000708456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b667c8a7cb006e152023-02-07 15:16:34.096root 11241100x8000000000000000708464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01e3864d37f2d9a2023-02-07 15:16:34.097root 11241100x8000000000000000708463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9843acd90f16232023-02-07 15:16:34.097root 11241100x8000000000000000708462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa94e302ffd52222023-02-07 15:16:34.097root 11241100x8000000000000000708466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2227161a738e641a2023-02-07 15:16:34.595root 11241100x8000000000000000708465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fead69b5d26429a2023-02-07 15:16:34.595root 11241100x8000000000000000708470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5deb0e7de6596472023-02-07 15:16:34.596root 11241100x8000000000000000708469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53f4c3a7d106a392023-02-07 15:16:34.596root 11241100x8000000000000000708468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323d9272bbee51482023-02-07 15:16:34.596root 11241100x8000000000000000708467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2773989c9ff1c7b52023-02-07 15:16:34.596root 11241100x8000000000000000708474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769f8d2a9dd174e2023-02-07 15:16:34.597root 11241100x8000000000000000708473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0186727e2565f94e2023-02-07 15:16:34.597root 11241100x8000000000000000708472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c7959e3f718b702023-02-07 15:16:34.597root 11241100x8000000000000000708471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614a3410f7aecc082023-02-07 15:16:34.597root 11241100x8000000000000000708482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b06904cb90415c2023-02-07 15:16:34.598root 11241100x8000000000000000708481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e45072af4ed2272023-02-07 15:16:34.598root 11241100x8000000000000000708480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d6ee648e01189b2023-02-07 15:16:34.598root 11241100x8000000000000000708479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2883d468ef36afe2023-02-07 15:16:34.598root 11241100x8000000000000000708478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124f01cb306579982023-02-07 15:16:34.598root 11241100x8000000000000000708477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9f56cbb8b620f22023-02-07 15:16:34.598root 11241100x8000000000000000708476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872555aa4a8c46022023-02-07 15:16:34.598root 11241100x8000000000000000708475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8fc381f8c595c2023-02-07 15:16:34.598root 11241100x8000000000000000708487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e810d4ded6a0e682023-02-07 15:16:35.095root 11241100x8000000000000000708486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eaef180fa1616d2023-02-07 15:16:35.095root 11241100x8000000000000000708485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b30a60768aeb452023-02-07 15:16:35.095root 11241100x8000000000000000708484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b286bd09bbd5252023-02-07 15:16:35.095root 11241100x8000000000000000708483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d477374ce0b0b5f22023-02-07 15:16:35.095root 11241100x8000000000000000708492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09ece2f0f34c2fe2023-02-07 15:16:35.096root 11241100x8000000000000000708491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3101a92dd83934d82023-02-07 15:16:35.096root 11241100x8000000000000000708490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84325a6581485e7b2023-02-07 15:16:35.096root 11241100x8000000000000000708489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feef83e0acba49202023-02-07 15:16:35.096root 11241100x8000000000000000708488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a565ac41aa08f1c2023-02-07 15:16:35.096root 11241100x8000000000000000708499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07879449a4093192023-02-07 15:16:35.097root 11241100x8000000000000000708498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d1c45183272a142023-02-07 15:16:35.097root 11241100x8000000000000000708497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac38f0a656ba2dd12023-02-07 15:16:35.097root 11241100x8000000000000000708496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077af02f8ea97d602023-02-07 15:16:35.097root 11241100x8000000000000000708495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bcc4a915911b3b2023-02-07 15:16:35.097root 11241100x8000000000000000708494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7917614a3cb9128b2023-02-07 15:16:35.097root 11241100x8000000000000000708493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e303f539681a172023-02-07 15:16:35.097root 11241100x8000000000000000708505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478415877a36ff6f2023-02-07 15:16:35.595root 11241100x8000000000000000708504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb93710dbeecb9082023-02-07 15:16:35.595root 11241100x8000000000000000708503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feace4fc9b0134cc2023-02-07 15:16:35.595root 11241100x8000000000000000708502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb92bec65fac7b052023-02-07 15:16:35.595root 11241100x8000000000000000708501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbf7d59a31572942023-02-07 15:16:35.595root 11241100x8000000000000000708500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2c08db29fb348a2023-02-07 15:16:35.595root 11241100x8000000000000000708516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72364d90cfa21dfd2023-02-07 15:16:35.596root 11241100x8000000000000000708515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a6b3586b2ca1462023-02-07 15:16:35.596root 11241100x8000000000000000708514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516b39bce116fd22023-02-07 15:16:35.596root 11241100x8000000000000000708513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3353c8f45d56762023-02-07 15:16:35.596root 11241100x8000000000000000708512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2971326d2bf67c6b2023-02-07 15:16:35.596root 11241100x8000000000000000708511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31997a7046f62652023-02-07 15:16:35.596root 11241100x8000000000000000708510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df872eadca49dba2023-02-07 15:16:35.596root 11241100x8000000000000000708509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28ce1cb4bfdcba72023-02-07 15:16:35.596root 11241100x8000000000000000708508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d21c7ed6aea7e852023-02-07 15:16:35.596root 11241100x8000000000000000708507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b671addd9f3659952023-02-07 15:16:35.596root 11241100x8000000000000000708506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e7e143fad573c82023-02-07 15:16:35.596root 11241100x8000000000000000708517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6b7ce574c6f94e2023-02-07 15:16:35.597root 11241100x8000000000000000708520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4fa0342fd4db0b2023-02-07 15:16:36.095root 11241100x8000000000000000708519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecafcd5d2aaa1862023-02-07 15:16:36.095root 11241100x8000000000000000708518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4b81f0003708af2023-02-07 15:16:36.095root 11241100x8000000000000000708531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35a17686cfb63f02023-02-07 15:16:36.096root 11241100x8000000000000000708530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4b00edfbb067a82023-02-07 15:16:36.096root 11241100x8000000000000000708529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93303085d3607a1e2023-02-07 15:16:36.096root 11241100x8000000000000000708528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2ba7ebc92e824e2023-02-07 15:16:36.096root 11241100x8000000000000000708527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae094ea89a20aa42023-02-07 15:16:36.096root 11241100x8000000000000000708526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcd0325f2371f8f2023-02-07 15:16:36.096root 11241100x8000000000000000708525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d917ae661ba4352023-02-07 15:16:36.096root 11241100x8000000000000000708524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60eb85caf4bd93f2023-02-07 15:16:36.096root 11241100x8000000000000000708523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f2dc5a2b9848da2023-02-07 15:16:36.096root 11241100x8000000000000000708522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2535f89c415d12222023-02-07 15:16:36.096root 11241100x8000000000000000708521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b83a1146181a4652023-02-07 15:16:36.096root 11241100x8000000000000000708535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f3fd3bb461d0ea2023-02-07 15:16:36.097root 11241100x8000000000000000708534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d875dcccec333202023-02-07 15:16:36.097root 11241100x8000000000000000708533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1274124cbbbdf1392023-02-07 15:16:36.097root 11241100x8000000000000000708532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3825cec336311f2023-02-07 15:16:36.097root 11241100x8000000000000000708542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222fbe365e67d8682023-02-07 15:16:36.595root 11241100x8000000000000000708541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74e3520dae2fca62023-02-07 15:16:36.595root 11241100x8000000000000000708540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9873aa9d7dcc8fa62023-02-07 15:16:36.595root 11241100x8000000000000000708539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd5729f9207ae892023-02-07 15:16:36.595root 11241100x8000000000000000708538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e58187d4446222023-02-07 15:16:36.595root 11241100x8000000000000000708537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89150fd198747482023-02-07 15:16:36.595root 11241100x8000000000000000708536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d84cf31d67ca1d2023-02-07 15:16:36.595root 11241100x8000000000000000708552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dc3c454d76ba262023-02-07 15:16:36.596root 11241100x8000000000000000708551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da7fa849c8c97d92023-02-07 15:16:36.596root 11241100x8000000000000000708550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30990de60ad0e4352023-02-07 15:16:36.596root 11241100x8000000000000000708549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d1e828ae6c8c212023-02-07 15:16:36.596root 11241100x8000000000000000708548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52788a99cd3bdef12023-02-07 15:16:36.596root 11241100x8000000000000000708547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2440c0506cceb12023-02-07 15:16:36.596root 11241100x8000000000000000708546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa10ca5f96ba6b622023-02-07 15:16:36.596root 11241100x8000000000000000708545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287cec9e5237cca72023-02-07 15:16:36.596root 11241100x8000000000000000708544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d91dbb54d40bb32023-02-07 15:16:36.596root 11241100x8000000000000000708543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b3f3fb1d2b2e8c2023-02-07 15:16:36.596root 11241100x8000000000000000708553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d59ab1f182e26e2023-02-07 15:16:36.597root 11241100x8000000000000000708567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1245a14e40c2f26b2023-02-07 15:16:37.096root 11241100x8000000000000000708566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bba206a6f538a82023-02-07 15:16:37.096root 11241100x8000000000000000708565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa62adb7844e6f052023-02-07 15:16:37.096root 11241100x8000000000000000708564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3099088e07f1042023-02-07 15:16:37.096root 11241100x8000000000000000708563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6add541b7fee58d82023-02-07 15:16:37.096root 11241100x8000000000000000708562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad2432ec74b8b182023-02-07 15:16:37.096root 11241100x8000000000000000708561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaf74c869d1576c2023-02-07 15:16:37.096root 11241100x8000000000000000708560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be7cebf098728942023-02-07 15:16:37.096root 11241100x8000000000000000708559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a39f304c4f059be2023-02-07 15:16:37.096root 11241100x8000000000000000708558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46b285415f5be742023-02-07 15:16:37.096root 11241100x8000000000000000708557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef65636edce0ac22023-02-07 15:16:37.096root 11241100x8000000000000000708556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312a7ebf67fde5e52023-02-07 15:16:37.096root 11241100x8000000000000000708555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea622200c1425962023-02-07 15:16:37.096root 11241100x8000000000000000708554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e406adb11be8da2023-02-07 15:16:37.096root 11241100x8000000000000000708570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0184a49b97d4f1152023-02-07 15:16:37.097root 11241100x8000000000000000708569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad5c2a142f1585b2023-02-07 15:16:37.097root 11241100x8000000000000000708568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe763a97707a322023-02-07 15:16:37.097root 11241100x8000000000000000708575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828a91781245538d2023-02-07 15:16:37.595root 11241100x8000000000000000708574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6c16e347f306062023-02-07 15:16:37.595root 11241100x8000000000000000708573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6b10792dc2cc552023-02-07 15:16:37.595root 11241100x8000000000000000708572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95683f0b9bb0ab4f2023-02-07 15:16:37.595root 11241100x8000000000000000708571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33c47d3df2c90902023-02-07 15:16:37.595root 11241100x8000000000000000708583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38a4d6ce214cbd12023-02-07 15:16:37.596root 11241100x8000000000000000708582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0e6cebe24d36452023-02-07 15:16:37.596root 11241100x8000000000000000708581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e81cb716ad0ea72023-02-07 15:16:37.596root 11241100x8000000000000000708580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd9e3e1c8ce75e82023-02-07 15:16:37.596root 11241100x8000000000000000708579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7faf3aaf74741672023-02-07 15:16:37.596root 11241100x8000000000000000708578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230fab70656e6aba2023-02-07 15:16:37.596root 11241100x8000000000000000708577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74849040b606bd52023-02-07 15:16:37.596root 11241100x8000000000000000708576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5bfe46f5e367ee2023-02-07 15:16:37.596root 11241100x8000000000000000708587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90398fc3e66d452023-02-07 15:16:37.597root 11241100x8000000000000000708586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e37ab0111d69ee2023-02-07 15:16:37.597root 11241100x8000000000000000708585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a156c6ae59768912023-02-07 15:16:37.597root 11241100x8000000000000000708584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffa1ffe6847fa8c2023-02-07 15:16:37.597root 11241100x8000000000000000708588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efc9de3398186b72023-02-07 15:16:37.598root 11241100x8000000000000000708602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbf2094a5deb9eb2023-02-07 15:16:38.096root 11241100x8000000000000000708601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bfb2fbab22e7ac2023-02-07 15:16:38.096root 11241100x8000000000000000708600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8736631103dd5c8e2023-02-07 15:16:38.096root 11241100x8000000000000000708599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735c7e18159758c22023-02-07 15:16:38.096root 11241100x8000000000000000708598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132d319d804f27522023-02-07 15:16:38.096root 11241100x8000000000000000708597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7dc971db7399ca2023-02-07 15:16:38.096root 11241100x8000000000000000708596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af181dcb86bbcf1a2023-02-07 15:16:38.096root 11241100x8000000000000000708595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea847dd54ffa4ef2023-02-07 15:16:38.096root 11241100x8000000000000000708594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c989989fd5fae5e62023-02-07 15:16:38.096root 11241100x8000000000000000708593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e978fafc299243a62023-02-07 15:16:38.096root 11241100x8000000000000000708592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98df030ca573eb862023-02-07 15:16:38.096root 11241100x8000000000000000708591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525ffd0359863e32023-02-07 15:16:38.096root 11241100x8000000000000000708590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedd5ab797236a182023-02-07 15:16:38.096root 11241100x8000000000000000708589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ca1c71a73eed7a2023-02-07 15:16:38.096root 11241100x8000000000000000708605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3889be8e30b37a222023-02-07 15:16:38.097root 11241100x8000000000000000708604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771696d404b845f82023-02-07 15:16:38.097root 11241100x8000000000000000708603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf03b4748d8e49e2023-02-07 15:16:38.097root 11241100x8000000000000000708607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa74dab73134f682023-02-07 15:16:38.595root 11241100x8000000000000000708606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9a4cb0e10971c32023-02-07 15:16:38.595root 11241100x8000000000000000708614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7783c14f4409c62023-02-07 15:16:38.596root 11241100x8000000000000000708613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76094d75db63731f2023-02-07 15:16:38.596root 11241100x8000000000000000708612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c202e98a1558a22023-02-07 15:16:38.596root 11241100x8000000000000000708611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1783078564dc2062023-02-07 15:16:38.596root 11241100x8000000000000000708610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74705ae6bcd2e2eb2023-02-07 15:16:38.596root 11241100x8000000000000000708609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408602883e8f7b22023-02-07 15:16:38.596root 11241100x8000000000000000708608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a46ea93f91ac342023-02-07 15:16:38.596root 11241100x8000000000000000708622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70749505a5d964b12023-02-07 15:16:38.597root 11241100x8000000000000000708621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871a653ce9c0c97a2023-02-07 15:16:38.597root 11241100x8000000000000000708620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7a5dddcb0bc9352023-02-07 15:16:38.597root 11241100x8000000000000000708619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002388b73a0eb8422023-02-07 15:16:38.597root 11241100x8000000000000000708618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6bf6f6ff7af0332023-02-07 15:16:38.597root 11241100x8000000000000000708617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbe6454ee10049d2023-02-07 15:16:38.597root 11241100x8000000000000000708616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e683bb9b883cb83d2023-02-07 15:16:38.597root 11241100x8000000000000000708615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb10fa8a9fa744a62023-02-07 15:16:38.597root 11241100x8000000000000000708623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd71f834ab7e7d992023-02-07 15:16:38.598root 11241100x8000000000000000708625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.080{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a358932abc46e372023-02-07 15:16:39.080root 354300x8000000000000000708624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.080{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54434-false10.0.1.12-8000- 11241100x8000000000000000708639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311853b08f47c0a52023-02-07 15:16:39.081root 11241100x8000000000000000708638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d751ffc59a2d9aaa2023-02-07 15:16:39.081root 11241100x8000000000000000708637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a55105fbc0cf902023-02-07 15:16:39.081root 11241100x8000000000000000708636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649f2ae3b9f2606b2023-02-07 15:16:39.081root 11241100x8000000000000000708635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc09b88bfaf902f82023-02-07 15:16:39.081root 11241100x8000000000000000708634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300cbe63984278712023-02-07 15:16:39.081root 11241100x8000000000000000708633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5e6e2434e9bb602023-02-07 15:16:39.081root 11241100x8000000000000000708632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67fa22cb57fcd7e2023-02-07 15:16:39.081root 11241100x8000000000000000708631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a7a701a854480c2023-02-07 15:16:39.081root 11241100x8000000000000000708630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c55cb6f092f7692023-02-07 15:16:39.081root 11241100x8000000000000000708629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad024ae7d487219a2023-02-07 15:16:39.081root 11241100x8000000000000000708628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a27c7e88f9c7102023-02-07 15:16:39.081root 11241100x8000000000000000708627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9f7bb835390aa32023-02-07 15:16:39.081root 11241100x8000000000000000708626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b15698340a01e932023-02-07 15:16:39.081root 11241100x8000000000000000708647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d0df367c97f8282023-02-07 15:16:39.082root 11241100x8000000000000000708646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6f0a046962b1262023-02-07 15:16:39.082root 11241100x8000000000000000708645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d69a7aff683f5552023-02-07 15:16:39.082root 11241100x8000000000000000708644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9dc6879233c3d82023-02-07 15:16:39.082root 11241100x8000000000000000708643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834dd412279509742023-02-07 15:16:39.082root 11241100x8000000000000000708642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff39f2d102db632023-02-07 15:16:39.082root 11241100x8000000000000000708641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66694c17afa2a24d2023-02-07 15:16:39.082root 11241100x8000000000000000708640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fdf658f9f4c8a42023-02-07 15:16:39.082root 11241100x8000000000000000708649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91963f7d1c57b4262023-02-07 15:16:39.346root 11241100x8000000000000000708648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f0941d60b2b0312023-02-07 15:16:39.346root 11241100x8000000000000000708662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86f73031ee2cc7d2023-02-07 15:16:39.347root 11241100x8000000000000000708661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3726938b2f72f462023-02-07 15:16:39.347root 11241100x8000000000000000708660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c89ded96f0681a2023-02-07 15:16:39.347root 11241100x8000000000000000708659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6750ed9afaf1fbaf2023-02-07 15:16:39.347root 11241100x8000000000000000708658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c23e10218586202023-02-07 15:16:39.347root 11241100x8000000000000000708657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bb3fad5d1f998b2023-02-07 15:16:39.347root 11241100x8000000000000000708656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa59b3888627671f2023-02-07 15:16:39.347root 11241100x8000000000000000708655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4130bf4926f46852023-02-07 15:16:39.347root 11241100x8000000000000000708654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08722cecc8cf9c02023-02-07 15:16:39.347root 11241100x8000000000000000708653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bba0ac405c20512023-02-07 15:16:39.347root 11241100x8000000000000000708652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642f3277922ebeb32023-02-07 15:16:39.347root 11241100x8000000000000000708651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c45cf94676490a2023-02-07 15:16:39.347root 11241100x8000000000000000708650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c29f2acf3eccb4c2023-02-07 15:16:39.347root 11241100x8000000000000000708665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73652d8711341d652023-02-07 15:16:39.348root 11241100x8000000000000000708664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1eb897afa9d94a2023-02-07 15:16:39.348root 11241100x8000000000000000708663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd25ed4d01255622023-02-07 15:16:39.348root 11241100x8000000000000000708667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3cd92c8b5532b02023-02-07 15:16:39.845root 11241100x8000000000000000708666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f382290b49fc5552023-02-07 15:16:39.845root 11241100x8000000000000000708671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3671e3b38ceab32023-02-07 15:16:39.846root 11241100x8000000000000000708670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1871bb24da3f052023-02-07 15:16:39.846root 11241100x8000000000000000708669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12bd1705219ced12023-02-07 15:16:39.846root 11241100x8000000000000000708668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29efad752e7fa332023-02-07 15:16:39.846root 11241100x8000000000000000708678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670037f765c887fd2023-02-07 15:16:39.847root 11241100x8000000000000000708677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9164cb886cc1afe2023-02-07 15:16:39.847root 11241100x8000000000000000708676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df180b0f20c9d4e92023-02-07 15:16:39.847root 11241100x8000000000000000708675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57824bc6f4280b8f2023-02-07 15:16:39.847root 11241100x8000000000000000708674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d01bc4f6b3768ad2023-02-07 15:16:39.847root 11241100x8000000000000000708673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93d8dfad96b33f2023-02-07 15:16:39.847root 11241100x8000000000000000708672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05be5b9dd2fd7c052023-02-07 15:16:39.847root 11241100x8000000000000000708689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7d53c6903993972023-02-07 15:16:39.848root 11241100x8000000000000000708688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0bb7d6bc660cec2023-02-07 15:16:39.848root 11241100x8000000000000000708687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da447c9a96d48b52023-02-07 15:16:39.848root 11241100x8000000000000000708686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9cf640a86d01cf2023-02-07 15:16:39.848root 11241100x8000000000000000708685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c8a81ef1000af62023-02-07 15:16:39.848root 11241100x8000000000000000708684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf859d5865986fec2023-02-07 15:16:39.848root 11241100x8000000000000000708683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532f4804fe25646e2023-02-07 15:16:39.848root 11241100x8000000000000000708682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c660d9fe660365352023-02-07 15:16:39.848root 11241100x8000000000000000708681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55297b5732abddd82023-02-07 15:16:39.848root 11241100x8000000000000000708680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a6d428e6f5875a2023-02-07 15:16:39.848root 11241100x8000000000000000708679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2357736f6b4b4cbe2023-02-07 15:16:39.848root 11241100x8000000000000000708697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503ca4b63c0cfe822023-02-07 15:16:40.345root 11241100x8000000000000000708696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b7d067ff36d93d2023-02-07 15:16:40.345root 11241100x8000000000000000708695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85d6ea810589a122023-02-07 15:16:40.345root 11241100x8000000000000000708694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2a7fbe76135bf72023-02-07 15:16:40.345root 11241100x8000000000000000708693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4faefe58e0aa352023-02-07 15:16:40.345root 11241100x8000000000000000708692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c693654e35903592023-02-07 15:16:40.345root 11241100x8000000000000000708691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bbba4881d16e632023-02-07 15:16:40.345root 11241100x8000000000000000708690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd1ff1385eb76de2023-02-07 15:16:40.345root 11241100x8000000000000000708707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5753814c9f100532023-02-07 15:16:40.346root 11241100x8000000000000000708706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c58ee198511842023-02-07 15:16:40.346root 11241100x8000000000000000708705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6d6ad14ecfcf2e2023-02-07 15:16:40.346root 11241100x8000000000000000708704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5c031a40220ed52023-02-07 15:16:40.346root 11241100x8000000000000000708703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4276f34e69233cc2023-02-07 15:16:40.346root 11241100x8000000000000000708702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875f25c6a81332c72023-02-07 15:16:40.346root 11241100x8000000000000000708701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dded8f6ab2b53e912023-02-07 15:16:40.346root 11241100x8000000000000000708700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e5ae47ad2dbce82023-02-07 15:16:40.346root 11241100x8000000000000000708699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7bf7c8bd28f7692023-02-07 15:16:40.346root 11241100x8000000000000000708698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0b1959299de0952023-02-07 15:16:40.346root 11241100x8000000000000000708718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1acc6649eb267d2023-02-07 15:16:40.846root 11241100x8000000000000000708717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66842d062fb63962023-02-07 15:16:40.846root 11241100x8000000000000000708716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa01dc0b68a6f0322023-02-07 15:16:40.846root 11241100x8000000000000000708715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68c0cece68445162023-02-07 15:16:40.846root 11241100x8000000000000000708714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8544a3c0f0aac172023-02-07 15:16:40.846root 11241100x8000000000000000708713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac64bed4b646b0a62023-02-07 15:16:40.846root 11241100x8000000000000000708712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1ff9c6c72fc2812023-02-07 15:16:40.846root 11241100x8000000000000000708711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9a201ab16affe12023-02-07 15:16:40.846root 11241100x8000000000000000708710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2adaf19c79fa7452023-02-07 15:16:40.846root 11241100x8000000000000000708709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ac31484897fc282023-02-07 15:16:40.846root 11241100x8000000000000000708708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8bbc1ff9ed14b12023-02-07 15:16:40.846root 11241100x8000000000000000708725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eecd8bc7b3ecae22023-02-07 15:16:40.847root 11241100x8000000000000000708724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f459931a0c6a6a2023-02-07 15:16:40.847root 11241100x8000000000000000708723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fdfd0c33bada272023-02-07 15:16:40.847root 11241100x8000000000000000708722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1720eeccbf91b6b92023-02-07 15:16:40.847root 11241100x8000000000000000708721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc7c39261e487e42023-02-07 15:16:40.847root 11241100x8000000000000000708720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e528621cce567c2023-02-07 15:16:40.847root 11241100x8000000000000000708719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e571a9dfaa76e6812023-02-07 15:16:40.847root 11241100x8000000000000000708739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c612e0806c259852023-02-07 15:16:41.346root 11241100x8000000000000000708738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b80ccd0fe0cd3842023-02-07 15:16:41.346root 11241100x8000000000000000708737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e123821890f6af32023-02-07 15:16:41.346root 11241100x8000000000000000708736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2fac6a8ec47dc62023-02-07 15:16:41.346root 11241100x8000000000000000708735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f360134c85af14d32023-02-07 15:16:41.346root 11241100x8000000000000000708734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a735ad36b7d0722023-02-07 15:16:41.346root 11241100x8000000000000000708733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a1903d51291f422023-02-07 15:16:41.346root 11241100x8000000000000000708732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec483b0e46dd9b932023-02-07 15:16:41.346root 11241100x8000000000000000708731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77becee9d72258ce2023-02-07 15:16:41.346root 11241100x8000000000000000708730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c951f935c49e36f22023-02-07 15:16:41.346root 11241100x8000000000000000708729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916499bb6c63eb532023-02-07 15:16:41.346root 11241100x8000000000000000708728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07913a8d9efb46a2023-02-07 15:16:41.346root 11241100x8000000000000000708727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235d1761780fa2992023-02-07 15:16:41.346root 11241100x8000000000000000708726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5f0bd14a0388892023-02-07 15:16:41.346root 11241100x8000000000000000708743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ede8cfd19aeb9072023-02-07 15:16:41.347root 11241100x8000000000000000708742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff560ec7063d462023-02-07 15:16:41.347root 11241100x8000000000000000708741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba795c7f092df042023-02-07 15:16:41.347root 11241100x8000000000000000708740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaf3951653e562d2023-02-07 15:16:41.347root 11241100x8000000000000000708751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe09239b678d6782023-02-07 15:16:41.845root 11241100x8000000000000000708750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01379277848171142023-02-07 15:16:41.845root 11241100x8000000000000000708749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8c1f658226ef492023-02-07 15:16:41.845root 11241100x8000000000000000708748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18397d9d46d0c8152023-02-07 15:16:41.845root 11241100x8000000000000000708747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c361ed3c95fb182023-02-07 15:16:41.845root 11241100x8000000000000000708746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467c14dde821d5cb2023-02-07 15:16:41.845root 11241100x8000000000000000708745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe4658020495502023-02-07 15:16:41.845root 11241100x8000000000000000708744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f08eaec49bb49b2023-02-07 15:16:41.845root 11241100x8000000000000000708761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b26fa8ab3f21f462023-02-07 15:16:41.846root 11241100x8000000000000000708760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b3c85333a40fa62023-02-07 15:16:41.846root 11241100x8000000000000000708759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69042aa67c9a34e2023-02-07 15:16:41.846root 11241100x8000000000000000708758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc682e78b679d6342023-02-07 15:16:41.846root 11241100x8000000000000000708757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dc51592dd3471f2023-02-07 15:16:41.846root 11241100x8000000000000000708756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b869c3d5424ad22023-02-07 15:16:41.846root 11241100x8000000000000000708755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea3ae62c785b6ea2023-02-07 15:16:41.846root 11241100x8000000000000000708754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a2c260d79684192023-02-07 15:16:41.846root 11241100x8000000000000000708753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b710584b232bc42023-02-07 15:16:41.846root 11241100x8000000000000000708752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:41.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d630a99c592297f72023-02-07 15:16:41.846root 11241100x8000000000000000708765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a84793e652844942023-02-07 15:16:42.345root 11241100x8000000000000000708764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df63f5c161fa7c42023-02-07 15:16:42.345root 11241100x8000000000000000708763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caee67d897c468922023-02-07 15:16:42.345root 11241100x8000000000000000708762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca0ec0b815567812023-02-07 15:16:42.345root 11241100x8000000000000000708778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f317029d11c76c5e2023-02-07 15:16:42.346root 11241100x8000000000000000708777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ab4c9ac07f1f642023-02-07 15:16:42.346root 11241100x8000000000000000708776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7144d3186d05d7892023-02-07 15:16:42.346root 11241100x8000000000000000708775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e983ad534b167d522023-02-07 15:16:42.346root 11241100x8000000000000000708774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087ea27ebf3b216a2023-02-07 15:16:42.346root 11241100x8000000000000000708773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc02171a1be84a702023-02-07 15:16:42.346root 11241100x8000000000000000708772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a021def8f4676ac32023-02-07 15:16:42.346root 11241100x8000000000000000708771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedb043b4ae26ee92023-02-07 15:16:42.346root 11241100x8000000000000000708770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a757d59d51b833f2023-02-07 15:16:42.346root 11241100x8000000000000000708769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700de2c6c13abfed2023-02-07 15:16:42.346root 11241100x8000000000000000708768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ef0deebf216d532023-02-07 15:16:42.346root 11241100x8000000000000000708767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a0edf51a3d25242023-02-07 15:16:42.346root 11241100x8000000000000000708766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8313e150316597742023-02-07 15:16:42.346root 11241100x8000000000000000708779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d276037feef2bccc2023-02-07 15:16:42.347root 11241100x8000000000000000708781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb3d8e558fc17822023-02-07 15:16:42.845root 11241100x8000000000000000708780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf56f2241bd370912023-02-07 15:16:42.845root 11241100x8000000000000000708791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04739bcf06b62e3e2023-02-07 15:16:42.846root 11241100x8000000000000000708790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2580853d59846a2023-02-07 15:16:42.846root 11241100x8000000000000000708789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124e429e60fa7f982023-02-07 15:16:42.846root 11241100x8000000000000000708788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3e1f93d5696a492023-02-07 15:16:42.846root 11241100x8000000000000000708787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f090d880bc5014942023-02-07 15:16:42.846root 11241100x8000000000000000708786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9112b9c4fe3e83a72023-02-07 15:16:42.846root 11241100x8000000000000000708785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e0a052321bab32023-02-07 15:16:42.846root 11241100x8000000000000000708784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3023cebdb6205e2023-02-07 15:16:42.846root 11241100x8000000000000000708783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7b6389f2d0cb072023-02-07 15:16:42.846root 11241100x8000000000000000708782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b3fe1f86449992023-02-07 15:16:42.846root 11241100x8000000000000000708797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b00b97c16b05fe2023-02-07 15:16:42.847root 11241100x8000000000000000708796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56668fdb332eecf42023-02-07 15:16:42.847root 11241100x8000000000000000708795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f9f13a4508c0aa2023-02-07 15:16:42.847root 11241100x8000000000000000708794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4cd7f8ecb0e75c2023-02-07 15:16:42.847root 11241100x8000000000000000708793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d7f39a1a7530602023-02-07 15:16:42.847root 11241100x8000000000000000708792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f404dd4cc7d9a40a2023-02-07 15:16:42.847root 11241100x8000000000000000708807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9232307bab11a1d2023-02-07 15:16:43.346root 11241100x8000000000000000708806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e28ca450f513cf82023-02-07 15:16:43.346root 11241100x8000000000000000708805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbae877c5bb46fd62023-02-07 15:16:43.346root 11241100x8000000000000000708804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aa2bcaec3eeeb32023-02-07 15:16:43.346root 11241100x8000000000000000708803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5897274f52bc82023-02-07 15:16:43.346root 11241100x8000000000000000708802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354f9f3e677a915a2023-02-07 15:16:43.346root 11241100x8000000000000000708801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e27c16fdd051602023-02-07 15:16:43.346root 11241100x8000000000000000708800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dd3a07ea22300d2023-02-07 15:16:43.346root 11241100x8000000000000000708799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1460241e64a29f522023-02-07 15:16:43.346root 11241100x8000000000000000708798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fef7195100ded4c2023-02-07 15:16:43.346root 11241100x8000000000000000708815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3697fb7c8b3ee3612023-02-07 15:16:43.347root 11241100x8000000000000000708814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3ee81c74e31ed2023-02-07 15:16:43.347root 11241100x8000000000000000708813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9d7d7efdb7677d2023-02-07 15:16:43.347root 11241100x8000000000000000708812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aef29f8d345dbd2023-02-07 15:16:43.347root 11241100x8000000000000000708811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5910c4c6d541e3e2023-02-07 15:16:43.347root 11241100x8000000000000000708810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaecfc64eff87652023-02-07 15:16:43.347root 11241100x8000000000000000708809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9817c712cd1985152023-02-07 15:16:43.347root 11241100x8000000000000000708808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c1f8de6f7d69482023-02-07 15:16:43.347root 11241100x8000000000000000708824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5773839c1058aa792023-02-07 15:16:43.846root 11241100x8000000000000000708823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a30db061cd41f82023-02-07 15:16:43.846root 11241100x8000000000000000708822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d377f4dca0d6d22e2023-02-07 15:16:43.846root 11241100x8000000000000000708821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1476c4be61f430e32023-02-07 15:16:43.846root 11241100x8000000000000000708820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15926356ef65a5df2023-02-07 15:16:43.846root 11241100x8000000000000000708819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12c278ae9ac27d02023-02-07 15:16:43.846root 11241100x8000000000000000708818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843f49aa24524d702023-02-07 15:16:43.846root 11241100x8000000000000000708817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39eda1c348b058732023-02-07 15:16:43.846root 11241100x8000000000000000708816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a49d458d00fd6752023-02-07 15:16:43.846root 11241100x8000000000000000708832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a431735217e10f362023-02-07 15:16:43.847root 11241100x8000000000000000708831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e3eaf410692a0d2023-02-07 15:16:43.847root 11241100x8000000000000000708830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f5909782dd5392023-02-07 15:16:43.847root 11241100x8000000000000000708829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf68c16d77697b9b2023-02-07 15:16:43.847root 11241100x8000000000000000708828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4080ce2ce00a652023-02-07 15:16:43.847root 11241100x8000000000000000708827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f494d580c49aa9702023-02-07 15:16:43.847root 11241100x8000000000000000708826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20c8b86b64b4f72023-02-07 15:16:43.847root 11241100x8000000000000000708825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea95b4400039382023-02-07 15:16:43.847root 11241100x8000000000000000708833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:43.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cfe8bbbedbb3e72023-02-07 15:16:43.848root 11241100x8000000000000000708835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dbd98e0e0bbcec2023-02-07 15:16:44.148root 354300x8000000000000000708834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.148{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54440-false10.0.1.12-8000- 11241100x8000000000000000708846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836c7d9af1e7e3702023-02-07 15:16:44.149root 11241100x8000000000000000708845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3201e5ce964d740f2023-02-07 15:16:44.149root 11241100x8000000000000000708844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256189f80a5dd7192023-02-07 15:16:44.149root 11241100x8000000000000000708843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf0fd3e5b00aaf12023-02-07 15:16:44.149root 11241100x8000000000000000708842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13be54fac2ef013e2023-02-07 15:16:44.149root 11241100x8000000000000000708841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df43158a53566de2023-02-07 15:16:44.149root 11241100x8000000000000000708840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f95e01baa58a9e62023-02-07 15:16:44.149root 11241100x8000000000000000708839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41144c0ee3c26f512023-02-07 15:16:44.149root 11241100x8000000000000000708838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06faf5d1864421452023-02-07 15:16:44.149root 11241100x8000000000000000708837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6f96126ee959392023-02-07 15:16:44.149root 11241100x8000000000000000708836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4ade22499160e2023-02-07 15:16:44.149root 11241100x8000000000000000708853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743a5df2be88f1a52023-02-07 15:16:44.150root 11241100x8000000000000000708852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba8261d239c58ef2023-02-07 15:16:44.150root 11241100x8000000000000000708851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da03a5932e23a7982023-02-07 15:16:44.150root 11241100x8000000000000000708850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71b4eb5ad8660572023-02-07 15:16:44.150root 11241100x8000000000000000708849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2a9ea41e01545d2023-02-07 15:16:44.150root 11241100x8000000000000000708848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a31a24be746f972023-02-07 15:16:44.150root 11241100x8000000000000000708847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00f5af0ac6efbdc2023-02-07 15:16:44.150root 11241100x8000000000000000708861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95024424a63f5a2023-02-07 15:16:44.596root 11241100x8000000000000000708860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f8bc188bd2943a2023-02-07 15:16:44.596root 11241100x8000000000000000708859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d2e1873e2656662023-02-07 15:16:44.596root 11241100x8000000000000000708858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5179e429d5ebfc582023-02-07 15:16:44.596root 11241100x8000000000000000708857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f2c958f944bcda2023-02-07 15:16:44.596root 11241100x8000000000000000708856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79755f8406567c882023-02-07 15:16:44.596root 11241100x8000000000000000708855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609d303873555c472023-02-07 15:16:44.596root 11241100x8000000000000000708854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbc9556c518528f2023-02-07 15:16:44.596root 11241100x8000000000000000708870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dba8298afc080ec2023-02-07 15:16:44.597root 11241100x8000000000000000708869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab00e726d7cb41c92023-02-07 15:16:44.597root 11241100x8000000000000000708868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa83a14311b9cb2023-02-07 15:16:44.597root 11241100x8000000000000000708867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7292248c9fbd3b42023-02-07 15:16:44.597root 11241100x8000000000000000708866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5fb6a321457ba12023-02-07 15:16:44.597root 11241100x8000000000000000708865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306a7f3fd3d6f10d2023-02-07 15:16:44.597root 11241100x8000000000000000708864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de7d2d453e6e622023-02-07 15:16:44.597root 11241100x8000000000000000708863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4cc2036a90684e2023-02-07 15:16:44.597root 11241100x8000000000000000708862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b583c26e09a6b472023-02-07 15:16:44.597root 11241100x8000000000000000708872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefadc10f7704baf2023-02-07 15:16:44.598root 11241100x8000000000000000708871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0443b92ad413b22023-02-07 15:16:44.598root 11241100x8000000000000000708878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf5f3bd5310dc412023-02-07 15:16:45.095root 11241100x8000000000000000708877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fa5d6e63096d092023-02-07 15:16:45.095root 11241100x8000000000000000708876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cfaea9729ce53c2023-02-07 15:16:45.095root 11241100x8000000000000000708875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4480212ea551342c2023-02-07 15:16:45.095root 11241100x8000000000000000708874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286536c222219a732023-02-07 15:16:45.095root 11241100x8000000000000000708873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087fbfa6712ee6742023-02-07 15:16:45.095root 11241100x8000000000000000708887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458b9dd292cbe2862023-02-07 15:16:45.096root 11241100x8000000000000000708886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713fb2b0ae56a4de2023-02-07 15:16:45.096root 11241100x8000000000000000708885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05b62e57552a1092023-02-07 15:16:45.096root 11241100x8000000000000000708884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded9dddc2a7c30832023-02-07 15:16:45.096root 11241100x8000000000000000708883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0cd78d7997b5a62023-02-07 15:16:45.096root 11241100x8000000000000000708882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37eefb58c63cc262023-02-07 15:16:45.096root 11241100x8000000000000000708881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265c1eab943137d32023-02-07 15:16:45.096root 11241100x8000000000000000708880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccda2f518237d2c72023-02-07 15:16:45.096root 11241100x8000000000000000708879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cc43dc74dd06952023-02-07 15:16:45.096root 11241100x8000000000000000708898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18b23d5b3e2aa4c2023-02-07 15:16:45.097root 11241100x8000000000000000708897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ab81521663bfb32023-02-07 15:16:45.097root 11241100x8000000000000000708896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ec7570a52c2572023-02-07 15:16:45.097root 11241100x8000000000000000708895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76930ea843d8f5912023-02-07 15:16:45.097root 11241100x8000000000000000708894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9361643723a4a462023-02-07 15:16:45.097root 11241100x8000000000000000708893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f15c243d66ed4d62023-02-07 15:16:45.097root 11241100x8000000000000000708892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e116cda9cd26407f2023-02-07 15:16:45.097root 11241100x8000000000000000708891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17292ca516d9f6672023-02-07 15:16:45.097root 11241100x8000000000000000708890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7d5b38c468ee752023-02-07 15:16:45.097root 11241100x8000000000000000708889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9e67fc1e170daa2023-02-07 15:16:45.097root 11241100x8000000000000000708888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a73bc7f175ea5152023-02-07 15:16:45.097root 11241100x8000000000000000708902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeb27e8094278ea2023-02-07 15:16:45.098root 11241100x8000000000000000708901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b441ef97f879ab7b2023-02-07 15:16:45.098root 11241100x8000000000000000708900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e6020b03e3b5a12023-02-07 15:16:45.098root 11241100x8000000000000000708899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04794fe454131472023-02-07 15:16:45.098root 11241100x8000000000000000708910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625c1fa3d2fe15202023-02-07 15:16:45.595root 11241100x8000000000000000708909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84b24d6a70ec18a2023-02-07 15:16:45.595root 11241100x8000000000000000708908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fcb391224943802023-02-07 15:16:45.595root 11241100x8000000000000000708907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9388b78aeee4342023-02-07 15:16:45.595root 11241100x8000000000000000708906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0f6f45a63c31a2023-02-07 15:16:45.595root 11241100x8000000000000000708905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b302e77d0906e22b2023-02-07 15:16:45.595root 11241100x8000000000000000708904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a26c0a789785ef2023-02-07 15:16:45.595root 11241100x8000000000000000708903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2921943d7390f462023-02-07 15:16:45.595root 11241100x8000000000000000708921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ece2b549dc2cc3f2023-02-07 15:16:45.596root 11241100x8000000000000000708920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13979f69fec096042023-02-07 15:16:45.596root 11241100x8000000000000000708919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3047fa6e1bf9062c2023-02-07 15:16:45.596root 11241100x8000000000000000708918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8182bfd023a127782023-02-07 15:16:45.596root 11241100x8000000000000000708917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef73167791b115d62023-02-07 15:16:45.596root 11241100x8000000000000000708916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab0f7793c1e7f602023-02-07 15:16:45.596root 11241100x8000000000000000708915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd892e59ec482f0d2023-02-07 15:16:45.596root 11241100x8000000000000000708914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0155d8b8279daa2023-02-07 15:16:45.596root 11241100x8000000000000000708913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9348d4009ce0f7b02023-02-07 15:16:45.596root 11241100x8000000000000000708912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1038e81e0832e95f2023-02-07 15:16:45.596root 11241100x8000000000000000708911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ce0b86aaa387922023-02-07 15:16:45.596root 11241100x8000000000000000708926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c016ffdb5397692023-02-07 15:16:46.095root 11241100x8000000000000000708925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df242bce19638de2023-02-07 15:16:46.095root 11241100x8000000000000000708924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10626d13057235272023-02-07 15:16:46.095root 11241100x8000000000000000708923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d251192235dd20b62023-02-07 15:16:46.095root 11241100x8000000000000000708922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d7514624f48cb92023-02-07 15:16:46.095root 11241100x8000000000000000708936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3a12406047fab42023-02-07 15:16:46.096root 11241100x8000000000000000708935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28758d9ba3e605e32023-02-07 15:16:46.096root 11241100x8000000000000000708934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4ca84b74ce4242023-02-07 15:16:46.096root 11241100x8000000000000000708933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b890732bd6b3d47c2023-02-07 15:16:46.096root 11241100x8000000000000000708932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d6be649b5eab832023-02-07 15:16:46.096root 11241100x8000000000000000708931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34750f83824d2e672023-02-07 15:16:46.096root 11241100x8000000000000000708930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6be41d8fc04a9a2023-02-07 15:16:46.096root 11241100x8000000000000000708929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386df47af5aa06322023-02-07 15:16:46.096root 11241100x8000000000000000708928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f71b2dad2e942a2023-02-07 15:16:46.096root 11241100x8000000000000000708927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50324501f741421b2023-02-07 15:16:46.096root 11241100x8000000000000000708941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db754776878156b22023-02-07 15:16:46.097root 11241100x8000000000000000708940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0432fc80cf3a08a02023-02-07 15:16:46.097root 11241100x8000000000000000708939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491fe70aa386e3c92023-02-07 15:16:46.097root 11241100x8000000000000000708938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba2a15e72a103902023-02-07 15:16:46.097root 11241100x8000000000000000708937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd6f7b47bd7148c2023-02-07 15:16:46.097root 11241100x8000000000000000708950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d676aa4a864c24182023-02-07 15:16:46.596root 11241100x8000000000000000708949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96b3866637049ea2023-02-07 15:16:46.596root 11241100x8000000000000000708948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7374129d7b142532023-02-07 15:16:46.596root 11241100x8000000000000000708947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6c7eafc72f05ab2023-02-07 15:16:46.596root 11241100x8000000000000000708946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54edd82d2dd46762023-02-07 15:16:46.596root 11241100x8000000000000000708945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d936ffb0f05f36ca2023-02-07 15:16:46.596root 11241100x8000000000000000708944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a15bc7150de9e42023-02-07 15:16:46.596root 11241100x8000000000000000708943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c327a05375487062023-02-07 15:16:46.596root 11241100x8000000000000000708942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c4fb7fbec7e112023-02-07 15:16:46.596root 11241100x8000000000000000708959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f825a11662d806e02023-02-07 15:16:46.597root 11241100x8000000000000000708958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ea4b4951ee41042023-02-07 15:16:46.597root 11241100x8000000000000000708957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72096c8915fcaac42023-02-07 15:16:46.597root 11241100x8000000000000000708956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e058d9677835d2023-02-07 15:16:46.597root 11241100x8000000000000000708955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd73a2fb13dd8902023-02-07 15:16:46.597root 11241100x8000000000000000708954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee202e92de7f6b42023-02-07 15:16:46.597root 11241100x8000000000000000708953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c221767fe2cf9522023-02-07 15:16:46.597root 11241100x8000000000000000708952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a49128884ed31902023-02-07 15:16:46.597root 11241100x8000000000000000708951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa799c3dd151e4c2023-02-07 15:16:46.597root 11241100x8000000000000000708960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83008d546b9b01542023-02-07 15:16:46.598root 11241100x8000000000000000708967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad025a8d4714d3452023-02-07 15:16:47.095root 11241100x8000000000000000708966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be71f64235425f22023-02-07 15:16:47.095root 11241100x8000000000000000708965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99972595244427ac2023-02-07 15:16:47.095root 11241100x8000000000000000708964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f483888be2a76da2023-02-07 15:16:47.095root 11241100x8000000000000000708963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d905b371b0dc522023-02-07 15:16:47.095root 11241100x8000000000000000708962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd92accab31053b2023-02-07 15:16:47.095root 11241100x8000000000000000708961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761ee439e073148d2023-02-07 15:16:47.095root 11241100x8000000000000000708978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1da8de4528695f2023-02-07 15:16:47.096root 11241100x8000000000000000708977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41352dc64a52f632023-02-07 15:16:47.096root 11241100x8000000000000000708976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d36076f7a6518e2023-02-07 15:16:47.096root 11241100x8000000000000000708975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8305e81c06824aff2023-02-07 15:16:47.096root 11241100x8000000000000000708974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bcadebf99045ae2023-02-07 15:16:47.096root 11241100x8000000000000000708973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6082cd4988cf862023-02-07 15:16:47.096root 11241100x8000000000000000708972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f433af9b2be2ce12023-02-07 15:16:47.096root 11241100x8000000000000000708971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a4ee3473f326902023-02-07 15:16:47.096root 11241100x8000000000000000708970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11a4592c8e6e65a2023-02-07 15:16:47.096root 11241100x8000000000000000708969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf61f89074d52a192023-02-07 15:16:47.096root 11241100x8000000000000000708968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b00ade39505c7c2023-02-07 15:16:47.096root 11241100x8000000000000000708980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e9756805f3d9542023-02-07 15:16:47.097root 11241100x8000000000000000708979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69924a5651f59ea32023-02-07 15:16:47.097root 11241100x8000000000000000708985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91968e68d5424c212023-02-07 15:16:47.595root 11241100x8000000000000000708984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c8fd7dd9e13ccf2023-02-07 15:16:47.595root 11241100x8000000000000000708983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfad9abbbf56e5c2023-02-07 15:16:47.595root 11241100x8000000000000000708982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d47cd6a8e91a402023-02-07 15:16:47.595root 11241100x8000000000000000708981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07c7a02d7b164132023-02-07 15:16:47.595root 11241100x8000000000000000708996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd2a1829bebcef22023-02-07 15:16:47.596root 11241100x8000000000000000708995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af16818a8469402023-02-07 15:16:47.596root 11241100x8000000000000000708994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6198d188cc84e67b2023-02-07 15:16:47.596root 11241100x8000000000000000708993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7422bc6d4321d6492023-02-07 15:16:47.596root 11241100x8000000000000000708992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791a4198bc693dec2023-02-07 15:16:47.596root 11241100x8000000000000000708991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677371e7c4b97d572023-02-07 15:16:47.596root 11241100x8000000000000000708990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffacc0b16748b6342023-02-07 15:16:47.596root 11241100x8000000000000000708989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc99390d3a786b12023-02-07 15:16:47.596root 11241100x8000000000000000708988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0da644a66739182023-02-07 15:16:47.596root 11241100x8000000000000000708987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cd74c71c61792a2023-02-07 15:16:47.596root 11241100x8000000000000000708986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc11c6ff4004a312023-02-07 15:16:47.596root 11241100x8000000000000000709001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dd415d69532a562023-02-07 15:16:47.597root 11241100x8000000000000000709000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b66b5b74d3e102023-02-07 15:16:47.597root 11241100x8000000000000000708999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d79b2796849a112023-02-07 15:16:47.597root 11241100x8000000000000000708998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603013c6750399f32023-02-07 15:16:47.597root 11241100x8000000000000000708997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da614f9be781e9852023-02-07 15:16:47.597root 11241100x8000000000000000709005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77306405621e17d72023-02-07 15:16:48.095root 11241100x8000000000000000709004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0129f9b112e0f52023-02-07 15:16:48.095root 11241100x8000000000000000709003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a56ce8d937efbd2023-02-07 15:16:48.095root 11241100x8000000000000000709002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87f3cfeb48391dc2023-02-07 15:16:48.095root 11241100x8000000000000000709013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a96adca67d328b82023-02-07 15:16:48.096root 11241100x8000000000000000709012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407a3beefb3c09bd2023-02-07 15:16:48.096root 11241100x8000000000000000709011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe773f24968ed042023-02-07 15:16:48.096root 11241100x8000000000000000709010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edcfe2b17acc52a2023-02-07 15:16:48.096root 11241100x8000000000000000709009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8551a1807da43752023-02-07 15:16:48.096root 11241100x8000000000000000709008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce2f9ee2099ae082023-02-07 15:16:48.096root 11241100x8000000000000000709007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5251751023bfa52023-02-07 15:16:48.096root 11241100x8000000000000000709006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7f5078619e85c82023-02-07 15:16:48.096root 11241100x8000000000000000709017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506b58a16f29506e2023-02-07 15:16:48.097root 11241100x8000000000000000709016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424aafcaf5f2d23b2023-02-07 15:16:48.097root 11241100x8000000000000000709015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaeea1ebff4dabf2023-02-07 15:16:48.097root 11241100x8000000000000000709014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276124bf1edbe18d2023-02-07 15:16:48.097root 11241100x8000000000000000709020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472f96b648736cd82023-02-07 15:16:48.098root 11241100x8000000000000000709019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a753543f66afeb8c2023-02-07 15:16:48.098root 11241100x8000000000000000709018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870f093cdfa5f50e2023-02-07 15:16:48.098root 11241100x8000000000000000709021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb40537114ad41fa2023-02-07 15:16:48.596root 11241100x8000000000000000709028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025d240c940cb9822023-02-07 15:16:48.597root 11241100x8000000000000000709027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a92e17cec6661d2023-02-07 15:16:48.597root 11241100x8000000000000000709026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83d3d8e0ed59d232023-02-07 15:16:48.597root 11241100x8000000000000000709025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1094d8350ac81592023-02-07 15:16:48.597root 11241100x8000000000000000709024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbb12700a74187d2023-02-07 15:16:48.597root 11241100x8000000000000000709023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a5f584359f35b92023-02-07 15:16:48.597root 11241100x8000000000000000709022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb20eb4f83efd742023-02-07 15:16:48.597root 11241100x8000000000000000709037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98fbd50d6a1d8092023-02-07 15:16:48.598root 11241100x8000000000000000709036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07300b5120a1b3302023-02-07 15:16:48.598root 11241100x8000000000000000709035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a162fae7f2bc0cf2023-02-07 15:16:48.598root 11241100x8000000000000000709034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f373bc7aa1ad102023-02-07 15:16:48.598root 11241100x8000000000000000709033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df4e7afab7e99d72023-02-07 15:16:48.598root 11241100x8000000000000000709032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906c9eb54915d0c02023-02-07 15:16:48.598root 11241100x8000000000000000709031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489fb3c57a7cd9812023-02-07 15:16:48.598root 11241100x8000000000000000709030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfadb6dba5e0fb672023-02-07 15:16:48.598root 11241100x8000000000000000709029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c681da92c6d3442023-02-07 15:16:48.598root 11241100x8000000000000000709039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea6e166736752622023-02-07 15:16:48.599root 11241100x8000000000000000709038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:48.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b03a0a3f04eef8c2023-02-07 15:16:48.599root 11241100x8000000000000000709041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba314d4d0ea470d2023-02-07 15:16:49.095root 11241100x8000000000000000709040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52a2d9bb73ea9072023-02-07 15:16:49.095root 11241100x8000000000000000709050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f9d4d1175c73482023-02-07 15:16:49.096root 11241100x8000000000000000709049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbed9ae65ca7bc52023-02-07 15:16:49.096root 11241100x8000000000000000709048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fe9c25aec1cbbc2023-02-07 15:16:49.096root 11241100x8000000000000000709047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb42e1317d5260f2023-02-07 15:16:49.096root 11241100x8000000000000000709046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0044043ed8506e062023-02-07 15:16:49.096root 11241100x8000000000000000709045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f770b912e8666b2023-02-07 15:16:49.096root 11241100x8000000000000000709044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73f00f0868a737f2023-02-07 15:16:49.096root 11241100x8000000000000000709043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff78b1d43e537d12023-02-07 15:16:49.096root 11241100x8000000000000000709042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626743e15ff9017a2023-02-07 15:16:49.096root 11241100x8000000000000000709060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c78ee7bb1d57fa2023-02-07 15:16:49.097root 11241100x8000000000000000709059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0dd6c62ffa63382023-02-07 15:16:49.097root 11241100x8000000000000000709058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce7c43d64e19dc52023-02-07 15:16:49.097root 11241100x8000000000000000709057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf835b1ea59ab0bd2023-02-07 15:16:49.097root 11241100x8000000000000000709056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998b2bb0df6ddfef2023-02-07 15:16:49.097root 11241100x8000000000000000709055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e359e4834d076b2023-02-07 15:16:49.097root 11241100x8000000000000000709054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc89f1bc736e9322023-02-07 15:16:49.097root 11241100x8000000000000000709053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be81509a8155d0162023-02-07 15:16:49.097root 11241100x8000000000000000709052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0df68c63bf3ca2e2023-02-07 15:16:49.097root 11241100x8000000000000000709051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402e537f521e40e62023-02-07 15:16:49.097root 354300x8000000000000000709061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.194{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47206-false10.0.1.12-8000- 11241100x8000000000000000709065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6effe731965fa62023-02-07 15:16:49.595root 11241100x8000000000000000709064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d32d77aedd8282023-02-07 15:16:49.595root 11241100x8000000000000000709063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f780e6a0461cd32023-02-07 15:16:49.595root 11241100x8000000000000000709062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eee6956b6fcc9a2023-02-07 15:16:49.595root 11241100x8000000000000000709074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b5be60ddced6562023-02-07 15:16:49.596root 11241100x8000000000000000709073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231a7fd67ff86c062023-02-07 15:16:49.596root 11241100x8000000000000000709072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd15281667a6b1a2023-02-07 15:16:49.596root 11241100x8000000000000000709071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a551d4b5e2fa472023-02-07 15:16:49.596root 11241100x8000000000000000709070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d69700451e7292023-02-07 15:16:49.596root 11241100x8000000000000000709069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb66566807810ab42023-02-07 15:16:49.596root 11241100x8000000000000000709068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3564f6a25fc73382023-02-07 15:16:49.596root 11241100x8000000000000000709067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73fffc1290f5e182023-02-07 15:16:49.596root 11241100x8000000000000000709066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6278ddc22f091ed02023-02-07 15:16:49.596root 11241100x8000000000000000709081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66136fe31f6167332023-02-07 15:16:49.597root 11241100x8000000000000000709080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b09acfa2bca64732023-02-07 15:16:49.597root 11241100x8000000000000000709079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf6949eeb3624aa2023-02-07 15:16:49.597root 11241100x8000000000000000709078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d931681b7838e8c2023-02-07 15:16:49.597root 11241100x8000000000000000709077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98288cbd264c130c2023-02-07 15:16:49.597root 11241100x8000000000000000709076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6d5f580161840d2023-02-07 15:16:49.597root 11241100x8000000000000000709075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73018b6a5fa7b7192023-02-07 15:16:49.597root 11241100x8000000000000000709086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc16f54cdf84bbc2023-02-07 15:16:50.095root 11241100x8000000000000000709085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474603705f02861e2023-02-07 15:16:50.095root 11241100x8000000000000000709084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198a15fb8bf04062023-02-07 15:16:50.095root 11241100x8000000000000000709083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448091ec480f07e02023-02-07 15:16:50.095root 11241100x8000000000000000709082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c62cddfcacf8bc2023-02-07 15:16:50.095root 11241100x8000000000000000709095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc918ac16c50f05b2023-02-07 15:16:50.096root 11241100x8000000000000000709094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac99ff6c87144e032023-02-07 15:16:50.096root 11241100x8000000000000000709093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcea1b1014d14032023-02-07 15:16:50.096root 11241100x8000000000000000709092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a3bd3e6c3002142023-02-07 15:16:50.096root 11241100x8000000000000000709091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc031b9bfe4cc3a2023-02-07 15:16:50.096root 11241100x8000000000000000709090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514ea980a828ff332023-02-07 15:16:50.096root 11241100x8000000000000000709089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b590ee3e84da0b792023-02-07 15:16:50.096root 11241100x8000000000000000709088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fac30b17fd55cb2023-02-07 15:16:50.096root 11241100x8000000000000000709087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e95f1909a92fda2023-02-07 15:16:50.096root 11241100x8000000000000000709105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543fec730a4903e82023-02-07 15:16:50.097root 11241100x8000000000000000709104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cf89e6bc7f40992023-02-07 15:16:50.097root 11241100x8000000000000000709103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7c2a9810eb48362023-02-07 15:16:50.097root 11241100x8000000000000000709102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79017de7ab2531462023-02-07 15:16:50.097root 11241100x8000000000000000709101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd412d02efbcdd072023-02-07 15:16:50.097root 11241100x8000000000000000709100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d2f60df412ace82023-02-07 15:16:50.097root 11241100x8000000000000000709099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cc50edd6f9f4e12023-02-07 15:16:50.097root 11241100x8000000000000000709098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302606166d074f022023-02-07 15:16:50.097root 11241100x8000000000000000709097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d521c67b4eebc6d2023-02-07 15:16:50.097root 11241100x8000000000000000709096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672c7bf53ec3ab632023-02-07 15:16:50.097root 11241100x8000000000000000709106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a81d614dcbcbdb72023-02-07 15:16:50.098root 11241100x8000000000000000709111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e265a2da6ea286d82023-02-07 15:16:50.595root 11241100x8000000000000000709110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ed607893b7bf232023-02-07 15:16:50.595root 11241100x8000000000000000709109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1029675edfbec7f42023-02-07 15:16:50.595root 11241100x8000000000000000709108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc1b5985a0dc8cb2023-02-07 15:16:50.595root 11241100x8000000000000000709107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b35dea25cbd33a32023-02-07 15:16:50.595root 11241100x8000000000000000709118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d0aadc9fd592702023-02-07 15:16:50.596root 11241100x8000000000000000709117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f6728aeace313a2023-02-07 15:16:50.596root 11241100x8000000000000000709116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba097a3b02c68cc2023-02-07 15:16:50.596root 11241100x8000000000000000709115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b06ccd7c4213cce2023-02-07 15:16:50.596root 11241100x8000000000000000709114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8c19c7d4acc4582023-02-07 15:16:50.596root 11241100x8000000000000000709113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796b3c6288651dae2023-02-07 15:16:50.596root 11241100x8000000000000000709112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27a10e9d7de4012023-02-07 15:16:50.596root 11241100x8000000000000000709124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b12b0eefb324892023-02-07 15:16:50.597root 11241100x8000000000000000709123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd9e8e6a8e0ddeb2023-02-07 15:16:50.597root 11241100x8000000000000000709122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec123ccaea909b52023-02-07 15:16:50.597root 11241100x8000000000000000709121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf28ad92b12db3c2023-02-07 15:16:50.597root 11241100x8000000000000000709120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05788fb028bb84e22023-02-07 15:16:50.597root 11241100x8000000000000000709119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd46f6b7ee2e84832023-02-07 15:16:50.597root 11241100x8000000000000000709131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bb15d81f0c50052023-02-07 15:16:50.598root 11241100x8000000000000000709130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c76ce3fd08c9322023-02-07 15:16:50.598root 11241100x8000000000000000709129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25bcd583c043bac2023-02-07 15:16:50.598root 11241100x8000000000000000709128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c125b41d9f5cf2023-02-07 15:16:50.598root 11241100x8000000000000000709127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab8c163cfd72e032023-02-07 15:16:50.598root 11241100x8000000000000000709126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813c906fa1bbcdec2023-02-07 15:16:50.598root 11241100x8000000000000000709125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:50.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12316137eaa6ee4b2023-02-07 15:16:50.598root 11241100x8000000000000000709136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d094d831810dbb2023-02-07 15:16:51.095root 11241100x8000000000000000709135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fa7e8fd053284d2023-02-07 15:16:51.095root 11241100x8000000000000000709134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f542f8f78ab70132023-02-07 15:16:51.095root 11241100x8000000000000000709133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52ea217f7037d242023-02-07 15:16:51.095root 11241100x8000000000000000709132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d78173041972ee2023-02-07 15:16:51.095root 11241100x8000000000000000709143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0b5dfc566465662023-02-07 15:16:51.096root 11241100x8000000000000000709142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b4001846aa4eb22023-02-07 15:16:51.096root 11241100x8000000000000000709141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c358e10891770ee62023-02-07 15:16:51.096root 11241100x8000000000000000709140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a245b9255424ba552023-02-07 15:16:51.096root 11241100x8000000000000000709139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8e790c98c9997c2023-02-07 15:16:51.096root 11241100x8000000000000000709138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa0a73309d99cd2023-02-07 15:16:51.096root 11241100x8000000000000000709137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f0df792b977852023-02-07 15:16:51.096root 11241100x8000000000000000709152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab98cfd870e7c732023-02-07 15:16:51.097root 11241100x8000000000000000709151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41338478a0678522023-02-07 15:16:51.097root 11241100x8000000000000000709150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d333a4819117b0eb2023-02-07 15:16:51.097root 11241100x8000000000000000709149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeac6bd1bdbe298f2023-02-07 15:16:51.097root 11241100x8000000000000000709148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae422c383926841d2023-02-07 15:16:51.097root 11241100x8000000000000000709147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bb1f02292d08a92023-02-07 15:16:51.097root 11241100x8000000000000000709146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4e9072e4a34b892023-02-07 15:16:51.097root 11241100x8000000000000000709145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7082bb082afb42023-02-07 15:16:51.097root 11241100x8000000000000000709144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de051972d45ee5f2023-02-07 15:16:51.097root 11241100x8000000000000000709154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5eedd369bd88fd2023-02-07 15:16:51.595root 11241100x8000000000000000709153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1556f0afe51fb79f2023-02-07 15:16:51.595root 11241100x8000000000000000709159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa75e485c177a702023-02-07 15:16:51.596root 11241100x8000000000000000709158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59314fe9d79a5ef62023-02-07 15:16:51.596root 11241100x8000000000000000709157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa1e182a66c60fa2023-02-07 15:16:51.596root 11241100x8000000000000000709156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffa8a55dfb98e5b2023-02-07 15:16:51.596root 11241100x8000000000000000709155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640dd210668373c02023-02-07 15:16:51.596root 11241100x8000000000000000709167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d784bb24de5efc122023-02-07 15:16:51.597root 11241100x8000000000000000709166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889f3f6cabfc70532023-02-07 15:16:51.597root 11241100x8000000000000000709165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f85d996a93d59c2023-02-07 15:16:51.597root 11241100x8000000000000000709164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7fefea3cded0a02023-02-07 15:16:51.597root 11241100x8000000000000000709163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917024c79b1085712023-02-07 15:16:51.597root 11241100x8000000000000000709162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3403963a9e527c7d2023-02-07 15:16:51.597root 11241100x8000000000000000709161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01180f22d4424dc22023-02-07 15:16:51.597root 11241100x8000000000000000709160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3740c4a1828bb2592023-02-07 15:16:51.597root 11241100x8000000000000000709173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac79de675cf6a4c2023-02-07 15:16:51.598root 11241100x8000000000000000709172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8663b36fb6a42792023-02-07 15:16:51.598root 11241100x8000000000000000709171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed497eb2bb39decf2023-02-07 15:16:51.598root 11241100x8000000000000000709170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7160b55d87dfc82023-02-07 15:16:51.598root 11241100x8000000000000000709169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e4aacf011820ac2023-02-07 15:16:51.598root 11241100x8000000000000000709168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:51.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91973fe6b12f78a42023-02-07 15:16:51.598root 11241100x8000000000000000709178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a6728319af6ec22023-02-07 15:16:52.096root 11241100x8000000000000000709177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0ba2c5df6478bb2023-02-07 15:16:52.096root 11241100x8000000000000000709176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a123836bb0c89b342023-02-07 15:16:52.096root 11241100x8000000000000000709175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f699b1969b73432c2023-02-07 15:16:52.096root 11241100x8000000000000000709174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c802ef85da4dd072023-02-07 15:16:52.096root 11241100x8000000000000000709187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254bfcdadf9361672023-02-07 15:16:52.097root 11241100x8000000000000000709186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d38cb5619f7bbf2023-02-07 15:16:52.097root 11241100x8000000000000000709185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fbcf33136273c42023-02-07 15:16:52.097root 11241100x8000000000000000709184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be68a9be934a6df2023-02-07 15:16:52.097root 11241100x8000000000000000709183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d211a5c6fee2f2023-02-07 15:16:52.097root 11241100x8000000000000000709182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f829df8bd065092023-02-07 15:16:52.097root 11241100x8000000000000000709181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42846ec6c68e28e2023-02-07 15:16:52.097root 11241100x8000000000000000709180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc043595fae4281c2023-02-07 15:16:52.097root 11241100x8000000000000000709179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7869c1278865942023-02-07 15:16:52.097root 11241100x8000000000000000709189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9431ae7148ffa3a82023-02-07 15:16:52.098root 11241100x8000000000000000709188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3195717f6839c602023-02-07 15:16:52.098root 11241100x8000000000000000709191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a588dd86421697e2023-02-07 15:16:52.099root 11241100x8000000000000000709190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62dfdf2b168bd212023-02-07 15:16:52.099root 11241100x8000000000000000709192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0d156e3d4664fe2023-02-07 15:16:52.100root 11241100x8000000000000000709193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b13ab9587e3492023-02-07 15:16:52.101root 11241100x8000000000000000709195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd77e3e90d6ac9d22023-02-07 15:16:52.595root 11241100x8000000000000000709194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9896f4fc2fcbda2023-02-07 15:16:52.595root 11241100x8000000000000000709201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44de81c46f26dc12023-02-07 15:16:52.596root 11241100x8000000000000000709200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28dd7dd676f51fd2023-02-07 15:16:52.596root 11241100x8000000000000000709199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7371e8ab911b8cc72023-02-07 15:16:52.596root 11241100x8000000000000000709198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91250fecc8bda322023-02-07 15:16:52.596root 11241100x8000000000000000709197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30415260a343207e2023-02-07 15:16:52.596root 11241100x8000000000000000709196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4378d1037c85cc172023-02-07 15:16:52.596root 11241100x8000000000000000709202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b35d35bf5bdd6652023-02-07 15:16:52.597root 11241100x8000000000000000709206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc65038635079bb2023-02-07 15:16:52.598root 11241100x8000000000000000709205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a62cc92fe3bc742023-02-07 15:16:52.598root 11241100x8000000000000000709204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c89d6b8407f9c422023-02-07 15:16:52.598root 11241100x8000000000000000709203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0985aecfe0c9182023-02-07 15:16:52.598root 11241100x8000000000000000709208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5c4530c08022ce2023-02-07 15:16:52.599root 11241100x8000000000000000709207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2559f17130f534462023-02-07 15:16:52.599root 11241100x8000000000000000709209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608da512ff7258172023-02-07 15:16:52.600root 11241100x8000000000000000709212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ab524a7308b32c2023-02-07 15:16:52.601root 11241100x8000000000000000709211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e60d7a82b0f07f2023-02-07 15:16:52.601root 11241100x8000000000000000709210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797e1d9f699cdfca2023-02-07 15:16:52.601root 11241100x8000000000000000709215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda7b20026b95d992023-02-07 15:16:52.602root 11241100x8000000000000000709214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a601cfff706d6a772023-02-07 15:16:52.602root 11241100x8000000000000000709213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:52.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1261431906fb8f12023-02-07 15:16:52.602root 11241100x8000000000000000709216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c18f8b1fe4ce00f2023-02-07 15:16:53.095root 11241100x8000000000000000709219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c7cd4a0299190e2023-02-07 15:16:53.096root 11241100x8000000000000000709218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2701121fbfad40a2023-02-07 15:16:53.096root 11241100x8000000000000000709217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a3468165e6d72d2023-02-07 15:16:53.096root 11241100x8000000000000000709226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8650872eef2080072023-02-07 15:16:53.097root 11241100x8000000000000000709225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bca6642161249a2023-02-07 15:16:53.097root 11241100x8000000000000000709224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4314dbe95c0905b22023-02-07 15:16:53.097root 11241100x8000000000000000709223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d775d18cc4c3108a2023-02-07 15:16:53.097root 11241100x8000000000000000709222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297dcb69540eb7002023-02-07 15:16:53.097root 11241100x8000000000000000709221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408014a88ea93b372023-02-07 15:16:53.097root 11241100x8000000000000000709220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa39273c0095f88e2023-02-07 15:16:53.097root 11241100x8000000000000000709235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb00def73675b03f2023-02-07 15:16:53.098root 11241100x8000000000000000709234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20181b990ef1d2b42023-02-07 15:16:53.098root 11241100x8000000000000000709233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebc120e5905af8e2023-02-07 15:16:53.098root 11241100x8000000000000000709232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2f9945648501e42023-02-07 15:16:53.098root 11241100x8000000000000000709231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bb007826dbb3c12023-02-07 15:16:53.098root 11241100x8000000000000000709230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7524b9fd8dea09442023-02-07 15:16:53.098root 11241100x8000000000000000709229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5139e36fc485349d2023-02-07 15:16:53.098root 11241100x8000000000000000709228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f00b9cc3a598e072023-02-07 15:16:53.098root 11241100x8000000000000000709227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c072aece897397822023-02-07 15:16:53.098root 11241100x8000000000000000709240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e7fc3cbeccdf072023-02-07 15:16:53.595root 11241100x8000000000000000709239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ddafac69d662e72023-02-07 15:16:53.595root 11241100x8000000000000000709238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0f6cf6ac4421782023-02-07 15:16:53.595root 11241100x8000000000000000709237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8da67365de58b32023-02-07 15:16:53.595root 11241100x8000000000000000709236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413cc4982d5d0b892023-02-07 15:16:53.595root 11241100x8000000000000000709250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be95839dc7363e2a2023-02-07 15:16:53.596root 11241100x8000000000000000709249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60aa037e92ead7a2023-02-07 15:16:53.596root 11241100x8000000000000000709248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9c30998c3c837a2023-02-07 15:16:53.596root 11241100x8000000000000000709247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6190ada961b3fefa2023-02-07 15:16:53.596root 11241100x8000000000000000709246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cc8f51d8371bd52023-02-07 15:16:53.596root 11241100x8000000000000000709245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87b6fdfce2d141d2023-02-07 15:16:53.596root 11241100x8000000000000000709244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999138078f8a9fc52023-02-07 15:16:53.596root 11241100x8000000000000000709243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e9dff6cc49d872023-02-07 15:16:53.596root 11241100x8000000000000000709242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866a73bd50abd5682023-02-07 15:16:53.596root 11241100x8000000000000000709241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddd1d79733459522023-02-07 15:16:53.596root 11241100x8000000000000000709255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf027d78d11e5bd2023-02-07 15:16:53.597root 11241100x8000000000000000709254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3252bccbea155e22023-02-07 15:16:53.597root 11241100x8000000000000000709253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda2d9a8fc0e32792023-02-07 15:16:53.597root 11241100x8000000000000000709252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93a29d7a5b4e7232023-02-07 15:16:53.597root 11241100x8000000000000000709251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf0eb1375b7eabf2023-02-07 15:16:53.597root 11241100x8000000000000000709260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6075c2b2e4c7502023-02-07 15:16:54.095root 11241100x8000000000000000709259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76259507e27585eb2023-02-07 15:16:54.095root 11241100x8000000000000000709258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4013ecac44c1df2023-02-07 15:16:54.095root 11241100x8000000000000000709257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbd24331e98e9802023-02-07 15:16:54.095root 11241100x8000000000000000709256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698d3cf9b4e929212023-02-07 15:16:54.095root 11241100x8000000000000000709268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f35ab6290db1412023-02-07 15:16:54.096root 11241100x8000000000000000709267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796335ce3a422ca52023-02-07 15:16:54.096root 11241100x8000000000000000709266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01375693e7c264292023-02-07 15:16:54.096root 11241100x8000000000000000709265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ce36d3b35d44102023-02-07 15:16:54.096root 11241100x8000000000000000709264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4a312f3f2b6662023-02-07 15:16:54.096root 11241100x8000000000000000709263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e496acf5e6cc912023-02-07 15:16:54.096root 11241100x8000000000000000709262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8193fbd02a6241bf2023-02-07 15:16:54.096root 11241100x8000000000000000709261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18b6db4d790c14c2023-02-07 15:16:54.096root 11241100x8000000000000000709277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8983b31a818c6b2023-02-07 15:16:54.097root 11241100x8000000000000000709276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55611fd75e2fe262023-02-07 15:16:54.097root 11241100x8000000000000000709275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1137dcfa0f11f4c2023-02-07 15:16:54.097root 11241100x8000000000000000709274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55263eecbbd92c592023-02-07 15:16:54.097root 11241100x8000000000000000709273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637f7ab4a21d1ef52023-02-07 15:16:54.097root 11241100x8000000000000000709272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5accba69f63481fd2023-02-07 15:16:54.097root 11241100x8000000000000000709271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f059936dc759aaa92023-02-07 15:16:54.097root 11241100x8000000000000000709270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641ea86d368970d62023-02-07 15:16:54.097root 11241100x8000000000000000709269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9696056f091b17922023-02-07 15:16:54.097root 354300x8000000000000000709278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.229{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47222-false10.0.1.12-8000- 11241100x8000000000000000709284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53d7c8f71e53cb02023-02-07 15:16:54.595root 11241100x8000000000000000709283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203e37898ecf43842023-02-07 15:16:54.595root 11241100x8000000000000000709282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986068e20e6a09432023-02-07 15:16:54.595root 11241100x8000000000000000709281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505017a64283cedb2023-02-07 15:16:54.595root 11241100x8000000000000000709280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3514e59ee2aa252e2023-02-07 15:16:54.595root 11241100x8000000000000000709279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d2e92361fa1d862023-02-07 15:16:54.595root 11241100x8000000000000000709293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83da01cf8f917f7c2023-02-07 15:16:54.596root 11241100x8000000000000000709292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2b72076b3aabaa2023-02-07 15:16:54.596root 11241100x8000000000000000709291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77797604a9a8162023-02-07 15:16:54.596root 11241100x8000000000000000709290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fbe13f6b824b9b2023-02-07 15:16:54.596root 11241100x8000000000000000709289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3e0825cbb998d42023-02-07 15:16:54.596root 11241100x8000000000000000709288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff4fa8937a4e00d2023-02-07 15:16:54.596root 11241100x8000000000000000709287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce75f99fdcd1742023-02-07 15:16:54.596root 11241100x8000000000000000709286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2937974a4e6f9e2023-02-07 15:16:54.596root 11241100x8000000000000000709285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a53e576e908af332023-02-07 15:16:54.596root 11241100x8000000000000000709298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c555956e7e790c442023-02-07 15:16:54.597root 11241100x8000000000000000709297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c6872891e5f7832023-02-07 15:16:54.597root 11241100x8000000000000000709296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8334c659e4225a652023-02-07 15:16:54.597root 11241100x8000000000000000709295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eafec257bb8c412023-02-07 15:16:54.597root 11241100x8000000000000000709294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d93faf4713643d52023-02-07 15:16:54.597root 11241100x8000000000000000709302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761af556c1350fbb2023-02-07 15:16:54.598root 11241100x8000000000000000709301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e729ec66d4f4692023-02-07 15:16:54.598root 11241100x8000000000000000709300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bec178b8c4fb9c82023-02-07 15:16:54.598root 11241100x8000000000000000709299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c1df3a8871260a2023-02-07 15:16:54.598root 11241100x8000000000000000709304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e539a016226362023-02-07 15:16:54.599root 11241100x8000000000000000709303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5fa8a2cc5cbd262023-02-07 15:16:54.599root 11241100x8000000000000000709305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:54.729{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:16:54.729root 11241100x8000000000000000709308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2fd92e7b6ed4e42023-02-07 15:16:55.095root 11241100x8000000000000000709307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a751e26764595ea92023-02-07 15:16:55.095root 11241100x8000000000000000709306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee05c944988270f2023-02-07 15:16:55.095root 11241100x8000000000000000709312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6edd183ca758702023-02-07 15:16:55.096root 11241100x8000000000000000709311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a616fac51211e712023-02-07 15:16:55.096root 11241100x8000000000000000709310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2c8fc71272c2f2023-02-07 15:16:55.096root 11241100x8000000000000000709309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86df7c53eafe41d42023-02-07 15:16:55.096root 11241100x8000000000000000709316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df8f32c37fcd3db2023-02-07 15:16:55.097root 11241100x8000000000000000709315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd311db2a3464d162023-02-07 15:16:55.097root 11241100x8000000000000000709314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f3afb513de70d92023-02-07 15:16:55.097root 11241100x8000000000000000709313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2942acad35cb1e2023-02-07 15:16:55.097root 11241100x8000000000000000709325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919914840ccf1bf02023-02-07 15:16:55.098root 11241100x8000000000000000709324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed943cf8e47bd132023-02-07 15:16:55.098root 11241100x8000000000000000709323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1315f2c37d46a22023-02-07 15:16:55.098root 11241100x8000000000000000709322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c886e989c7717f052023-02-07 15:16:55.098root 11241100x8000000000000000709321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb982e98f3fda692023-02-07 15:16:55.098root 11241100x8000000000000000709320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dff94d9a7aedd32023-02-07 15:16:55.098root 11241100x8000000000000000709319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748bbbe1a538740b2023-02-07 15:16:55.098root 11241100x8000000000000000709318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc21cfd9afa842792023-02-07 15:16:55.098root 11241100x8000000000000000709317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a152a4f100bff192023-02-07 15:16:55.098root 11241100x8000000000000000709331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c570a92b0b71cf0e2023-02-07 15:16:55.099root 11241100x8000000000000000709330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ab6b28c0ca05c92023-02-07 15:16:55.099root 11241100x8000000000000000709329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837f99b73c07efe2023-02-07 15:16:55.099root 11241100x8000000000000000709328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75114f464667e6472023-02-07 15:16:55.099root 11241100x8000000000000000709327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabeec8f47c7bebb2023-02-07 15:16:55.099root 11241100x8000000000000000709326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0105ad44e18df7e2023-02-07 15:16:55.099root 154100x8000000000000000709332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.297{ec244aba-6b67-63e2-68f4-7d2795550000}6110/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000709333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.312{ec244aba-6b67-63e2-68f4-7d2795550000}6110/bin/psroot 11241100x8000000000000000709340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59d07544fee98a62023-02-07 15:16:55.595root 11241100x8000000000000000709339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f44fc53b27d932023-02-07 15:16:55.595root 11241100x8000000000000000709338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8833fc8927b6a0b22023-02-07 15:16:55.595root 11241100x8000000000000000709337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a8c4ffcd6e98002023-02-07 15:16:55.595root 11241100x8000000000000000709336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add2cdef1d1561772023-02-07 15:16:55.595root 11241100x8000000000000000709335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191f3ef72027e62d2023-02-07 15:16:55.595root 11241100x8000000000000000709334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35202f3b08f37f682023-02-07 15:16:55.595root 11241100x8000000000000000709347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0868b1d81d5c3fc2023-02-07 15:16:55.596root 11241100x8000000000000000709346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b664a7aa6ace6f2023-02-07 15:16:55.596root 11241100x8000000000000000709345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14e0d9b18bca8862023-02-07 15:16:55.596root 11241100x8000000000000000709344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846efbd5b36428202023-02-07 15:16:55.596root 11241100x8000000000000000709343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862a519be1dd469b2023-02-07 15:16:55.596root 11241100x8000000000000000709342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6830f9767167d5782023-02-07 15:16:55.596root 11241100x8000000000000000709341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338ae2d8b81668ca2023-02-07 15:16:55.596root 11241100x8000000000000000709352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc75f5579df4da2023-02-07 15:16:55.597root 11241100x8000000000000000709351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73879d511c03ac012023-02-07 15:16:55.597root 11241100x8000000000000000709350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a78194684d182e2023-02-07 15:16:55.597root 11241100x8000000000000000709349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec7a3fa79ef29532023-02-07 15:16:55.597root 11241100x8000000000000000709348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148843c5982c81d22023-02-07 15:16:55.597root 11241100x8000000000000000709356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dfa988e11290992023-02-07 15:16:55.598root 11241100x8000000000000000709355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a806caf196fbf12023-02-07 15:16:55.598root 11241100x8000000000000000709354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d3cc95210f75e12023-02-07 15:16:55.598root 11241100x8000000000000000709353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b14e677ec0ae292023-02-07 15:16:55.598root 11241100x8000000000000000709361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1b2054dd3fa6442023-02-07 15:16:55.599root 11241100x8000000000000000709360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8434aa30d0462122023-02-07 15:16:55.599root 11241100x8000000000000000709359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468d5ad849ced8812023-02-07 15:16:55.599root 11241100x8000000000000000709358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f583ed836a8f71c2023-02-07 15:16:55.599root 11241100x8000000000000000709357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838eb19c2b5ab2da2023-02-07 15:16:55.599root 11241100x8000000000000000709366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a1a7e8d55e3d152023-02-07 15:16:55.600root 11241100x8000000000000000709365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58665f5978d02e012023-02-07 15:16:55.600root 11241100x8000000000000000709364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301d1d88c8f36ff02023-02-07 15:16:55.600root 11241100x8000000000000000709363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6d257e0ef92e202023-02-07 15:16:55.600root 11241100x8000000000000000709362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:55.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0b3f11e7472e472023-02-07 15:16:55.600root 11241100x8000000000000000709371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60be466c1e271662023-02-07 15:16:56.096root 11241100x8000000000000000709370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a760392ef43aef2023-02-07 15:16:56.096root 11241100x8000000000000000709369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64896fe5764a3cc2023-02-07 15:16:56.096root 11241100x8000000000000000709368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1312cd8c6c283572023-02-07 15:16:56.096root 11241100x8000000000000000709367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c679a7b1835e792023-02-07 15:16:56.096root 11241100x8000000000000000709377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe7598e98b0d3002023-02-07 15:16:56.097root 11241100x8000000000000000709376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6208bf9c7f83d182023-02-07 15:16:56.097root 11241100x8000000000000000709375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c126aa8fea78938a2023-02-07 15:16:56.097root 11241100x8000000000000000709374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c31b28a3c8a6aec2023-02-07 15:16:56.097root 11241100x8000000000000000709373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd7eb4ebaee9ca72023-02-07 15:16:56.097root 11241100x8000000000000000709372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f784e2e2ab62c42023-02-07 15:16:56.097root 11241100x8000000000000000709384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01afae1e3f9bf2db2023-02-07 15:16:56.098root 11241100x8000000000000000709383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c385673732005e8e2023-02-07 15:16:56.098root 11241100x8000000000000000709382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f97b8028f587c72023-02-07 15:16:56.098root 11241100x8000000000000000709381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9f1cb8300bba102023-02-07 15:16:56.098root 11241100x8000000000000000709380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96678fc4da6e04f12023-02-07 15:16:56.098root 11241100x8000000000000000709379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce8de4dab77c99f2023-02-07 15:16:56.098root 11241100x8000000000000000709378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf135ea8579f5ebb2023-02-07 15:16:56.098root 11241100x8000000000000000709390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24a6ee88c1d68de2023-02-07 15:16:56.099root 11241100x8000000000000000709389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb65cc61b8696372023-02-07 15:16:56.099root 11241100x8000000000000000709388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5f22baf16ebee92023-02-07 15:16:56.099root 11241100x8000000000000000709387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45d7a6065e6b6322023-02-07 15:16:56.099root 11241100x8000000000000000709386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba2eaab3118d5e72023-02-07 15:16:56.099root 11241100x8000000000000000709385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba71466874fd6462023-02-07 15:16:56.099root 11241100x8000000000000000709397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fcc96e38d668de2023-02-07 15:16:56.595root 11241100x8000000000000000709396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b38452441b4fe9c2023-02-07 15:16:56.595root 11241100x8000000000000000709395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22e57025986d03e2023-02-07 15:16:56.595root 11241100x8000000000000000709394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9889bb3fe8f9722023-02-07 15:16:56.595root 11241100x8000000000000000709393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6623e4bf9be52b332023-02-07 15:16:56.595root 11241100x8000000000000000709392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19d1bde40b19b232023-02-07 15:16:56.595root 11241100x8000000000000000709391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99195b67c7a826232023-02-07 15:16:56.595root 11241100x8000000000000000709407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e6038ff5d9c3102023-02-07 15:16:56.596root 11241100x8000000000000000709406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41c1b89eeecc50b2023-02-07 15:16:56.596root 11241100x8000000000000000709405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685ce73a2e312b9b2023-02-07 15:16:56.596root 11241100x8000000000000000709404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e2f2ed746efa902023-02-07 15:16:56.596root 11241100x8000000000000000709403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dab1fbd476813122023-02-07 15:16:56.596root 11241100x8000000000000000709402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66983d362656de162023-02-07 15:16:56.596root 11241100x8000000000000000709401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580fb8d80fe306c32023-02-07 15:16:56.596root 11241100x8000000000000000709400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a0e1a6a40495d52023-02-07 15:16:56.596root 11241100x8000000000000000709399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60e84013f69cc02023-02-07 15:16:56.596root 11241100x8000000000000000709398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d608935001759bf2023-02-07 15:16:56.596root 11241100x8000000000000000709417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d4f175abdde0e2023-02-07 15:16:56.597root 11241100x8000000000000000709416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692e22eb30514abe2023-02-07 15:16:56.597root 11241100x8000000000000000709415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc68601d95b6c9e2023-02-07 15:16:56.597root 11241100x8000000000000000709414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c81e7bac7b4da02023-02-07 15:16:56.597root 11241100x8000000000000000709413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c598035b267397222023-02-07 15:16:56.597root 11241100x8000000000000000709412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1f50dac3f839212023-02-07 15:16:56.597root 11241100x8000000000000000709411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dd125985b419632023-02-07 15:16:56.597root 11241100x8000000000000000709410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260efb0d0a4392c62023-02-07 15:16:56.597root 11241100x8000000000000000709409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09960653e3cf6fbf2023-02-07 15:16:56.597root 11241100x8000000000000000709408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e54803ec182b12023-02-07 15:16:56.597root 11241100x8000000000000000709423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d395701e9a665492023-02-07 15:16:56.598root 11241100x8000000000000000709422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f0e3af8cf1cab32023-02-07 15:16:56.598root 11241100x8000000000000000709421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9e8b3b9ce40ea52023-02-07 15:16:56.598root 11241100x8000000000000000709420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf206ecf03ece562023-02-07 15:16:56.598root 11241100x8000000000000000709419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12290b67b95a3cea2023-02-07 15:16:56.598root 11241100x8000000000000000709418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad885ff1ef50f52023-02-07 15:16:56.598root 11241100x8000000000000000709430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11963610432117b2023-02-07 15:16:57.095root 11241100x8000000000000000709429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9dfc0789ee0df2023-02-07 15:16:57.095root 11241100x8000000000000000709428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc320c4d961ba6372023-02-07 15:16:57.095root 11241100x8000000000000000709427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a875319058b4832023-02-07 15:16:57.095root 11241100x8000000000000000709426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffd5c48a35965432023-02-07 15:16:57.095root 11241100x8000000000000000709425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7c105f9386a40d2023-02-07 15:16:57.095root 11241100x8000000000000000709424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b240d87ba3e43d1b2023-02-07 15:16:57.095root 11241100x8000000000000000709439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b815f66da224e4b2023-02-07 15:16:57.096root 11241100x8000000000000000709438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2202143f487c072023-02-07 15:16:57.096root 11241100x8000000000000000709437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e51bdf1c9ca9fb2023-02-07 15:16:57.096root 11241100x8000000000000000709436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2886baacee0242512023-02-07 15:16:57.096root 11241100x8000000000000000709435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068f30df6339a8da2023-02-07 15:16:57.096root 11241100x8000000000000000709434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe17e110639a051d2023-02-07 15:16:57.096root 11241100x8000000000000000709433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affa8bebb0dae5012023-02-07 15:16:57.096root 11241100x8000000000000000709432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f301cffd78fc0a2023-02-07 15:16:57.096root 11241100x8000000000000000709431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3d29a66e15077e2023-02-07 15:16:57.096root 11241100x8000000000000000709447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20a78fd871905592023-02-07 15:16:57.097root 11241100x8000000000000000709446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7209bb4a90b8fed52023-02-07 15:16:57.097root 11241100x8000000000000000709445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36fa340a65fb57e2023-02-07 15:16:57.097root 11241100x8000000000000000709444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764b7e6480d75a252023-02-07 15:16:57.097root 11241100x8000000000000000709443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c062de99a56ea82023-02-07 15:16:57.097root 11241100x8000000000000000709442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7766cb93c5e90b52023-02-07 15:16:57.097root 11241100x8000000000000000709441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7189137cb23e9a7a2023-02-07 15:16:57.097root 11241100x8000000000000000709440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57b6882e3ea5c7b2023-02-07 15:16:57.097root 11241100x8000000000000000709448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc27ea84536f4dcf2023-02-07 15:16:57.098root 11241100x8000000000000000709452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4561284273af27ec2023-02-07 15:16:57.099root 11241100x8000000000000000709451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153e98b08a92b2702023-02-07 15:16:57.099root 11241100x8000000000000000709450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578e4effcc846c402023-02-07 15:16:57.099root 11241100x8000000000000000709449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59deacceb84388592023-02-07 15:16:57.099root 11241100x8000000000000000709456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736ae6149b423e6b2023-02-07 15:16:57.100root 11241100x8000000000000000709455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cc2f1771f7c7092023-02-07 15:16:57.100root 11241100x8000000000000000709454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff429fea3a830042023-02-07 15:16:57.100root 11241100x8000000000000000709453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1048fbe7cb833c2023-02-07 15:16:57.100root 11241100x8000000000000000709459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f270df38d9e270a92023-02-07 15:16:57.101root 11241100x8000000000000000709458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d5f42860a7f9512023-02-07 15:16:57.101root 11241100x8000000000000000709457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3095881b8787010c2023-02-07 15:16:57.101root 11241100x8000000000000000709466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068f1d808dab113c2023-02-07 15:16:57.104root 11241100x8000000000000000709465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3aa10756f7b9782023-02-07 15:16:57.104root 11241100x8000000000000000709464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463557ad7a292b162023-02-07 15:16:57.104root 11241100x8000000000000000709463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388a6ea1a4337c5b2023-02-07 15:16:57.104root 11241100x8000000000000000709462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437d62de20b5a6e62023-02-07 15:16:57.104root 11241100x8000000000000000709461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7474556a78dbdb562023-02-07 15:16:57.104root 11241100x8000000000000000709460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41de1462580b4ff62023-02-07 15:16:57.104root 11241100x8000000000000000709471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88764e7b6776ae42023-02-07 15:16:57.595root 11241100x8000000000000000709470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3a41729295b2362023-02-07 15:16:57.595root 11241100x8000000000000000709469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f723d46bfcbac52023-02-07 15:16:57.595root 11241100x8000000000000000709468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140ee4015b00755e2023-02-07 15:16:57.595root 11241100x8000000000000000709467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043bafc954087d492023-02-07 15:16:57.595root 11241100x8000000000000000709478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fee526c6c8af0f2023-02-07 15:16:57.596root 11241100x8000000000000000709477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb14f98d5c43cf742023-02-07 15:16:57.596root 11241100x8000000000000000709476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d18412d2dae439b2023-02-07 15:16:57.596root 11241100x8000000000000000709475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980b986e449ebecd2023-02-07 15:16:57.596root 11241100x8000000000000000709474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff6e7816edd7dab2023-02-07 15:16:57.596root 11241100x8000000000000000709473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84747d7223396bf12023-02-07 15:16:57.596root 11241100x8000000000000000709472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c7eaa8dbbb5a3f2023-02-07 15:16:57.596root 11241100x8000000000000000709486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e4cd3fdcce3d552023-02-07 15:16:57.597root 11241100x8000000000000000709485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500ab0acadf5a9322023-02-07 15:16:57.597root 11241100x8000000000000000709484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9ade563ddf9fd92023-02-07 15:16:57.597root 11241100x8000000000000000709483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8587c191fd9997a82023-02-07 15:16:57.597root 11241100x8000000000000000709482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e0b5bd40dac4292023-02-07 15:16:57.597root 11241100x8000000000000000709481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01bc3cf8c158bf42023-02-07 15:16:57.597root 11241100x8000000000000000709480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a921bfa6528ca782023-02-07 15:16:57.597root 11241100x8000000000000000709479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f630dab152f369b2023-02-07 15:16:57.597root 11241100x8000000000000000709496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7710c49d88edde92023-02-07 15:16:57.598root 11241100x8000000000000000709495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c41dee560b773da2023-02-07 15:16:57.598root 11241100x8000000000000000709494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66619db2b74d7ed2023-02-07 15:16:57.598root 11241100x8000000000000000709493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeb21e9978538a92023-02-07 15:16:57.598root 11241100x8000000000000000709492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16807dc5bbd42322023-02-07 15:16:57.598root 11241100x8000000000000000709491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cb4ec6cebe177a2023-02-07 15:16:57.598root 11241100x8000000000000000709490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77d74898654a43a2023-02-07 15:16:57.598root 11241100x8000000000000000709489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b41530ec5cf7302023-02-07 15:16:57.598root 11241100x8000000000000000709488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f2f7cf4266ce5b2023-02-07 15:16:57.598root 11241100x8000000000000000709487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c298e65f4c4c82f2023-02-07 15:16:57.598root 11241100x8000000000000000709498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea065742d908e4082023-02-07 15:16:57.599root 11241100x8000000000000000709497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee3f22e35387f412023-02-07 15:16:57.599root 23542300x8000000000000000709499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:57.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000709502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9fb85f554ab53e2023-02-07 15:16:58.095root 11241100x8000000000000000709501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aec0483a39172b42023-02-07 15:16:58.095root 11241100x8000000000000000709500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451e672e109c21de2023-02-07 15:16:58.095root 11241100x8000000000000000709511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0d90293ff2470f2023-02-07 15:16:58.096root 11241100x8000000000000000709510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538850bc5fa6ef362023-02-07 15:16:58.096root 11241100x8000000000000000709509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a57d743bf1d002023-02-07 15:16:58.096root 11241100x8000000000000000709508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec95a36af21372652023-02-07 15:16:58.096root 11241100x8000000000000000709507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4930b798108900fb2023-02-07 15:16:58.096root 11241100x8000000000000000709506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1ff1ad2d143d0d2023-02-07 15:16:58.096root 11241100x8000000000000000709505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73625f2851424a8c2023-02-07 15:16:58.096root 11241100x8000000000000000709504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c7498caa1c9ac72023-02-07 15:16:58.096root 11241100x8000000000000000709503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dce942c47ee8f512023-02-07 15:16:58.096root 11241100x8000000000000000709517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7824bec71104db512023-02-07 15:16:58.097root 11241100x8000000000000000709516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b22f9e0c000ba82023-02-07 15:16:58.097root 11241100x8000000000000000709515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b074f0fb94f5850e2023-02-07 15:16:58.097root 11241100x8000000000000000709514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6bba0448666f832023-02-07 15:16:58.097root 11241100x8000000000000000709513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4daf412379a2e362023-02-07 15:16:58.097root 11241100x8000000000000000709512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a7669603a194222023-02-07 15:16:58.097root 11241100x8000000000000000709525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a74162a264a34c12023-02-07 15:16:58.098root 11241100x8000000000000000709524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41ce601973727d82023-02-07 15:16:58.098root 11241100x8000000000000000709523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3253303545530d2023-02-07 15:16:58.098root 11241100x8000000000000000709522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb11c862d2e372a12023-02-07 15:16:58.098root 11241100x8000000000000000709521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe7cb4b8052d51a2023-02-07 15:16:58.098root 11241100x8000000000000000709520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88549f08b921ef8c2023-02-07 15:16:58.098root 11241100x8000000000000000709519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310f31ab13aaaaa12023-02-07 15:16:58.098root 11241100x8000000000000000709518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212de28866201fc62023-02-07 15:16:58.098root 11241100x8000000000000000709526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1adbdf694ad248d2023-02-07 15:16:58.099root 11241100x8000000000000000709528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0859b0805a86a7e62023-02-07 15:16:58.595root 11241100x8000000000000000709527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91847991e3217e62023-02-07 15:16:58.595root 11241100x8000000000000000709533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25099cbc76e99942023-02-07 15:16:58.596root 11241100x8000000000000000709532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc32d65a38b42bf2023-02-07 15:16:58.596root 11241100x8000000000000000709531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4092567ae8237b512023-02-07 15:16:58.596root 11241100x8000000000000000709530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8845423e6e586ac22023-02-07 15:16:58.596root 11241100x8000000000000000709529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc889b65e75300ff2023-02-07 15:16:58.596root 11241100x8000000000000000709537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf1806caabf92de2023-02-07 15:16:58.597root 11241100x8000000000000000709536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1073f17efdfe1ebd2023-02-07 15:16:58.597root 11241100x8000000000000000709535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f7b0a0fe59b312023-02-07 15:16:58.597root 11241100x8000000000000000709534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcb2a2b13fb279c2023-02-07 15:16:58.597root 11241100x8000000000000000709548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558c115421d11af02023-02-07 15:16:58.598root 11241100x8000000000000000709547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270ff7b3cf62ae782023-02-07 15:16:58.598root 11241100x8000000000000000709546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224e29131cabaedd2023-02-07 15:16:58.598root 11241100x8000000000000000709545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d1f22b341726252023-02-07 15:16:58.598root 11241100x8000000000000000709544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38e1092888cf1b72023-02-07 15:16:58.598root 11241100x8000000000000000709543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ad2df151a637f2023-02-07 15:16:58.598root 11241100x8000000000000000709542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971e246b44c960b2023-02-07 15:16:58.598root 11241100x8000000000000000709541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8618ab2a1f6cbb662023-02-07 15:16:58.598root 11241100x8000000000000000709540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f4e464539d113b2023-02-07 15:16:58.598root 11241100x8000000000000000709539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9c9924a6fe29f62023-02-07 15:16:58.598root 11241100x8000000000000000709538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e925df20707cfad12023-02-07 15:16:58.598root 11241100x8000000000000000709552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb11d590903b3e232023-02-07 15:16:58.599root 11241100x8000000000000000709551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b54c017135556c2023-02-07 15:16:58.599root 11241100x8000000000000000709550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c355d04c0cdff83c2023-02-07 15:16:58.599root 11241100x8000000000000000709549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df533d0c8ecf6d82023-02-07 15:16:58.599root 11241100x8000000000000000709557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a18eb7b10453d42023-02-07 15:16:58.600root 11241100x8000000000000000709556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0f9e0e5122dc72023-02-07 15:16:58.600root 11241100x8000000000000000709555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dd057ae490b8cc2023-02-07 15:16:58.600root 11241100x8000000000000000709554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cebbfa6de4408ce2023-02-07 15:16:58.600root 11241100x8000000000000000709553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:58.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697f216c365dbf122023-02-07 15:16:58.600root 11241100x8000000000000000709563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc060827e5ae078a2023-02-07 15:16:59.095root 11241100x8000000000000000709562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ffabac38fd98562023-02-07 15:16:59.095root 11241100x8000000000000000709561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d5c4034a913be32023-02-07 15:16:59.095root 11241100x8000000000000000709560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9642d9913464472023-02-07 15:16:59.095root 11241100x8000000000000000709559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80785a8fde13f2162023-02-07 15:16:59.095root 11241100x8000000000000000709558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a368f3b45ca725402023-02-07 15:16:59.095root 11241100x8000000000000000709569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f3744b05a5ec872023-02-07 15:16:59.096root 11241100x8000000000000000709568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bac65bdb64204722023-02-07 15:16:59.096root 11241100x8000000000000000709567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e76f368e19ad342023-02-07 15:16:59.096root 11241100x8000000000000000709566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55db5bc171997d02023-02-07 15:16:59.096root 11241100x8000000000000000709565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2860199d66d28e082023-02-07 15:16:59.096root 11241100x8000000000000000709564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabe32400194d35e2023-02-07 15:16:59.096root 11241100x8000000000000000709573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4048ef486d8e952e2023-02-07 15:16:59.097root 11241100x8000000000000000709572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b39ad8578c654352023-02-07 15:16:59.097root 11241100x8000000000000000709571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee67347a7c7bfd62023-02-07 15:16:59.097root 11241100x8000000000000000709570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20e621dfe019b182023-02-07 15:16:59.097root 11241100x8000000000000000709581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be9269ae47bebd72023-02-07 15:16:59.098root 11241100x8000000000000000709580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6da8ed6072df9212023-02-07 15:16:59.098root 11241100x8000000000000000709579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c651ac966563a0a2023-02-07 15:16:59.098root 11241100x8000000000000000709578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcad628186dc42272023-02-07 15:16:59.098root 11241100x8000000000000000709577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa604ef51affda1e2023-02-07 15:16:59.098root 11241100x8000000000000000709576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a151310ee93992023-02-07 15:16:59.098root 11241100x8000000000000000709575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4a357c9e4ecc722023-02-07 15:16:59.098root 11241100x8000000000000000709574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caca7fbbb979aa22023-02-07 15:16:59.098root 11241100x8000000000000000709585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b75ac83012920d2023-02-07 15:16:59.099root 11241100x8000000000000000709584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb2d08b400d2b152023-02-07 15:16:59.099root 11241100x8000000000000000709583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26ea40c6a9af6e72023-02-07 15:16:59.099root 11241100x8000000000000000709582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01b3649757d12962023-02-07 15:16:59.099root 11241100x8000000000000000709591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378c63d7fd9693a2023-02-07 15:16:59.100root 11241100x8000000000000000709590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c96e9bff4b41db2023-02-07 15:16:59.100root 11241100x8000000000000000709589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e2fec06b3276ae2023-02-07 15:16:59.100root 11241100x8000000000000000709588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52844513698b941e2023-02-07 15:16:59.100root 11241100x8000000000000000709587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8343f9e9de9ae02023-02-07 15:16:59.100root 11241100x8000000000000000709586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c9a316858ec9202023-02-07 15:16:59.100root 11241100x8000000000000000709594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6161e1aa8f86412023-02-07 15:16:59.101root 11241100x8000000000000000709593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc29da60f38c9b0d2023-02-07 15:16:59.101root 11241100x8000000000000000709592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f875f559f7034f2023-02-07 15:16:59.101root 11241100x8000000000000000709597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c96b9367ec54e22023-02-07 15:16:59.595root 11241100x8000000000000000709596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a036b98cf76aacf42023-02-07 15:16:59.595root 11241100x8000000000000000709595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fac8366a0a2e7052023-02-07 15:16:59.595root 11241100x8000000000000000709602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ecf817659a39202023-02-07 15:16:59.596root 11241100x8000000000000000709601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c94922481ed8c22023-02-07 15:16:59.596root 11241100x8000000000000000709600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9804ac88763cb242023-02-07 15:16:59.596root 11241100x8000000000000000709599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f347ec57e2b5392023-02-07 15:16:59.596root 11241100x8000000000000000709598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a5eddfb3898df62023-02-07 15:16:59.596root 11241100x8000000000000000709613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cfdcc75f147ce52023-02-07 15:16:59.597root 11241100x8000000000000000709612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c187c926f89bf72023-02-07 15:16:59.597root 11241100x8000000000000000709611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fc5f77a8cc458e2023-02-07 15:16:59.597root 11241100x8000000000000000709610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639fc55386fe42aa2023-02-07 15:16:59.597root 11241100x8000000000000000709609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986f550e66026d072023-02-07 15:16:59.597root 11241100x8000000000000000709608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b285782519e164f2023-02-07 15:16:59.597root 11241100x8000000000000000709607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dcb272842ae0db2023-02-07 15:16:59.597root 11241100x8000000000000000709606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6690cf9f72044fc52023-02-07 15:16:59.597root 11241100x8000000000000000709605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bdac5f19f09fbe2023-02-07 15:16:59.597root 11241100x8000000000000000709604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4743ab60bdceec752023-02-07 15:16:59.597root 11241100x8000000000000000709603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce38eb836f4465612023-02-07 15:16:59.597root 11241100x8000000000000000709625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d10f1e3fc929a72023-02-07 15:16:59.598root 11241100x8000000000000000709624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec541caed786ed12023-02-07 15:16:59.598root 11241100x8000000000000000709623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f5ec2eb4e6a3a2023-02-07 15:16:59.598root 11241100x8000000000000000709622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0e068d8963fe082023-02-07 15:16:59.598root 11241100x8000000000000000709621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95a23511c9055d32023-02-07 15:16:59.598root 11241100x8000000000000000709620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2f494ea33091a62023-02-07 15:16:59.598root 11241100x8000000000000000709619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e08e0608d925f7e2023-02-07 15:16:59.598root 11241100x8000000000000000709618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafff60c5f2206ff2023-02-07 15:16:59.598root 11241100x8000000000000000709617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4266c1f132a1d5d12023-02-07 15:16:59.598root 11241100x8000000000000000709616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da02aef5f5ec7fbb2023-02-07 15:16:59.598root 11241100x8000000000000000709615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10769dff67bc29722023-02-07 15:16:59.598root 11241100x8000000000000000709614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781008e0179b6bb62023-02-07 15:16:59.598root 11241100x8000000000000000709628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1d69828eacaf592023-02-07 15:16:59.599root 11241100x8000000000000000709627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bacb95d4da4cd862023-02-07 15:16:59.599root 11241100x8000000000000000709626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:16:59.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb3fd6182afd1412023-02-07 15:16:59.599root 11241100x8000000000000000709630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab33c75d4cdad612023-02-07 15:17:00.095root 11241100x8000000000000000709629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79cacac7645f3992023-02-07 15:17:00.095root 11241100x8000000000000000709638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26e3e7d9e6d9e1b2023-02-07 15:17:00.096root 11241100x8000000000000000709637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cb4765fb3e41de2023-02-07 15:17:00.096root 11241100x8000000000000000709636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63eb0db76ab36fc2023-02-07 15:17:00.096root 11241100x8000000000000000709635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad341898a1fc0a2c2023-02-07 15:17:00.096root 11241100x8000000000000000709634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c8cda2e7a21b022023-02-07 15:17:00.096root 11241100x8000000000000000709633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f42f2e3c44c0e32023-02-07 15:17:00.096root 11241100x8000000000000000709632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c83ec6e8434f7f2023-02-07 15:17:00.096root 11241100x8000000000000000709631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb989372d5864f72023-02-07 15:17:00.096root 11241100x8000000000000000709644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b6184883f5a4732023-02-07 15:17:00.097root 11241100x8000000000000000709643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d426fa4154dce2023-02-07 15:17:00.097root 11241100x8000000000000000709642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96808ec65f4ee7ba2023-02-07 15:17:00.097root 11241100x8000000000000000709641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7a93c2f12b26a82023-02-07 15:17:00.097root 11241100x8000000000000000709640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4282d8ff07dd29222023-02-07 15:17:00.097root 11241100x8000000000000000709639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e913745ce67ff3a2023-02-07 15:17:00.097root 11241100x8000000000000000709647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254fa0f66d620e132023-02-07 15:17:00.098root 11241100x8000000000000000709646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f699a6de8cfbb1d42023-02-07 15:17:00.098root 11241100x8000000000000000709645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f876a5c3a154e822023-02-07 15:17:00.098root 11241100x8000000000000000709648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf202e54c03bcc52023-02-07 15:17:00.099root 11241100x8000000000000000709651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d98c2a6c026d572023-02-07 15:17:00.100root 11241100x8000000000000000709650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64069fb34a747ed2023-02-07 15:17:00.100root 11241100x8000000000000000709649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0213dc0147fd39fb2023-02-07 15:17:00.100root 11241100x8000000000000000709654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d21807909175e42023-02-07 15:17:00.101root 11241100x8000000000000000709653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3527005a28be6d2023-02-07 15:17:00.101root 11241100x8000000000000000709652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b0f1a561b38c442023-02-07 15:17:00.101root 11241100x8000000000000000709657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295029504bccf0472023-02-07 15:17:00.102root 11241100x8000000000000000709656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296ae159608a3da92023-02-07 15:17:00.102root 11241100x8000000000000000709655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d4d557d78f57032023-02-07 15:17:00.102root 11241100x8000000000000000709661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b71d33cc88c5f02023-02-07 15:17:00.103root 11241100x8000000000000000709660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26747de02fd08ccb2023-02-07 15:17:00.103root 11241100x8000000000000000709659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f311a92cd477c3ac2023-02-07 15:17:00.103root 11241100x8000000000000000709658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c62954b1575e2b2023-02-07 15:17:00.103root 11241100x8000000000000000709664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3b8f97d25fdf172023-02-07 15:17:00.104root 11241100x8000000000000000709663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d5dac9bdf581d12023-02-07 15:17:00.104root 11241100x8000000000000000709662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec25aa584276f632023-02-07 15:17:00.104root 11241100x8000000000000000709665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a9ba8644ae385b2023-02-07 15:17:00.105root 11241100x8000000000000000709670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0235c0b00bab4eb02023-02-07 15:17:00.106root 11241100x8000000000000000709669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8742603990bd9f62023-02-07 15:17:00.106root 11241100x8000000000000000709668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c7ec3920ab1532023-02-07 15:17:00.106root 11241100x8000000000000000709667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16f47d46a58b5392023-02-07 15:17:00.106root 11241100x8000000000000000709666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e99a0b3dfa4c062023-02-07 15:17:00.106root 11241100x8000000000000000709676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926a0fe6719f7f1f2023-02-07 15:17:00.107root 11241100x8000000000000000709675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6725a7b06d045bce2023-02-07 15:17:00.107root 11241100x8000000000000000709674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e00320869bf00132023-02-07 15:17:00.107root 11241100x8000000000000000709673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cd2edaf93a48912023-02-07 15:17:00.107root 11241100x8000000000000000709672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deec0b10430684702023-02-07 15:17:00.107root 11241100x8000000000000000709671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1801f981746c7e2023-02-07 15:17:00.107root 11241100x8000000000000000709683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07bab04ecda03182023-02-07 15:17:00.108root 11241100x8000000000000000709682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b8ab7126c1b8d02023-02-07 15:17:00.108root 11241100x8000000000000000709681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af4c4573940ea252023-02-07 15:17:00.108root 11241100x8000000000000000709680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97a5bfcc05501ac2023-02-07 15:17:00.108root 11241100x8000000000000000709679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc16dafba5a12682023-02-07 15:17:00.108root 11241100x8000000000000000709678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52dfb3160ddb7fc2023-02-07 15:17:00.108root 11241100x8000000000000000709677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124f81735af2ad272023-02-07 15:17:00.108root 11241100x8000000000000000709684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.109{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1831811c405c32023-02-07 15:17:00.109root 354300x8000000000000000709685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.151{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47624-false10.0.1.12-8000- 11241100x8000000000000000709690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de713d38de2e5c232023-02-07 15:17:00.596root 11241100x8000000000000000709689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c175d90693ae412023-02-07 15:17:00.596root 11241100x8000000000000000709688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba483e95b0584ef2023-02-07 15:17:00.596root 11241100x8000000000000000709687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86fe028f053ac712023-02-07 15:17:00.596root 11241100x8000000000000000709686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cef12e5933c863f2023-02-07 15:17:00.596root 11241100x8000000000000000709699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b57816d5569e3d2023-02-07 15:17:00.597root 11241100x8000000000000000709698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbe006ead202be82023-02-07 15:17:00.597root 11241100x8000000000000000709697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e41fc239d88a92023-02-07 15:17:00.597root 11241100x8000000000000000709696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dbef59ee3d8b792023-02-07 15:17:00.597root 11241100x8000000000000000709695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ee073bbd2caadd2023-02-07 15:17:00.597root 11241100x8000000000000000709694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8a1d0aa2ef23ba2023-02-07 15:17:00.597root 11241100x8000000000000000709693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf03abea2f469672023-02-07 15:17:00.597root 11241100x8000000000000000709692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0037761975f1326a2023-02-07 15:17:00.597root 11241100x8000000000000000709691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed3c37f70d908c42023-02-07 15:17:00.597root 11241100x8000000000000000709706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66b69ce55e8c1df2023-02-07 15:17:00.598root 11241100x8000000000000000709705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051a4f93b96fecb92023-02-07 15:17:00.598root 11241100x8000000000000000709704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bffb800cd4166f52023-02-07 15:17:00.598root 11241100x8000000000000000709703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd968a9a113467712023-02-07 15:17:00.598root 11241100x8000000000000000709702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f47438d97567fdb2023-02-07 15:17:00.598root 11241100x8000000000000000709701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e49aa01764c3fb2023-02-07 15:17:00.598root 11241100x8000000000000000709700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b743248532d42b952023-02-07 15:17:00.598root 11241100x8000000000000000709711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d9b0d2a0d89f12023-02-07 15:17:00.599root 11241100x8000000000000000709710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ec7994ce3085b52023-02-07 15:17:00.599root 11241100x8000000000000000709709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7067a45aae406162023-02-07 15:17:00.599root 11241100x8000000000000000709708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c758293f1992862023-02-07 15:17:00.599root 11241100x8000000000000000709707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:00.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89378d04f863da522023-02-07 15:17:00.599root 11241100x8000000000000000709718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e06a992d24e6632023-02-07 15:17:01.095root 11241100x8000000000000000709717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12dfbc9ce4c76a42023-02-07 15:17:01.095root 11241100x8000000000000000709716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08150f225130b0832023-02-07 15:17:01.095root 11241100x8000000000000000709715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c616c32ad3d5c922023-02-07 15:17:01.095root 11241100x8000000000000000709714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7899d476a386f2112023-02-07 15:17:01.095root 11241100x8000000000000000709713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c790f9b91628112023-02-07 15:17:01.095root 11241100x8000000000000000709712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8fe84012ffe4572023-02-07 15:17:01.095root 11241100x8000000000000000709733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc88e70b1b3657692023-02-07 15:17:01.096root 11241100x8000000000000000709732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9b2e478c2094452023-02-07 15:17:01.096root 11241100x8000000000000000709731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796c966ec7ce522c2023-02-07 15:17:01.096root 11241100x8000000000000000709730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2045b107300752023-02-07 15:17:01.096root 11241100x8000000000000000709729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbebcf69b2bff6c2023-02-07 15:17:01.096root 11241100x8000000000000000709728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06604ac184977752023-02-07 15:17:01.096root 11241100x8000000000000000709727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7551e43fb6bb812023-02-07 15:17:01.096root 11241100x8000000000000000709726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f96a10b886964e2023-02-07 15:17:01.096root 11241100x8000000000000000709725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b110a16f5385daf22023-02-07 15:17:01.096root 11241100x8000000000000000709724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10ca6e16f2899432023-02-07 15:17:01.096root 11241100x8000000000000000709723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad0b19a0c3bc20d2023-02-07 15:17:01.096root 11241100x8000000000000000709722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e305a7155ae84832023-02-07 15:17:01.096root 11241100x8000000000000000709721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfd637608f02c0e2023-02-07 15:17:01.096root 11241100x8000000000000000709720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ea05eb812251b2023-02-07 15:17:01.096root 11241100x8000000000000000709719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b31831eb1dc032023-02-07 15:17:01.096root 11241100x8000000000000000709739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75b2f598c4bbbb12023-02-07 15:17:01.097root 11241100x8000000000000000709738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dc2bb5944301192023-02-07 15:17:01.097root 11241100x8000000000000000709737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b2b40ecb8954de2023-02-07 15:17:01.097root 11241100x8000000000000000709736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e984f48eca9ea0d2023-02-07 15:17:01.097root 11241100x8000000000000000709735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d125820dc3c812023-02-07 15:17:01.097root 11241100x8000000000000000709734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5139bda88cb6902023-02-07 15:17:01.097root 11241100x8000000000000000709743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ece33ff6c425b382023-02-07 15:17:01.098root 11241100x8000000000000000709742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f947c72a6811f72023-02-07 15:17:01.098root 11241100x8000000000000000709741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533d1f512784737f2023-02-07 15:17:01.098root 11241100x8000000000000000709740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86cad91ff17de332023-02-07 15:17:01.098root 11241100x8000000000000000709745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3486d4510609b542023-02-07 15:17:01.595root 11241100x8000000000000000709744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f15044d758253c2023-02-07 15:17:01.595root 11241100x8000000000000000709753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78f8ba8aa4dda362023-02-07 15:17:01.596root 11241100x8000000000000000709752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfc19541f95c3222023-02-07 15:17:01.596root 11241100x8000000000000000709751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c07915bc0709e2023-02-07 15:17:01.596root 11241100x8000000000000000709750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9cd1d57c7262b72023-02-07 15:17:01.596root 11241100x8000000000000000709749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bfae2cf07bf2112023-02-07 15:17:01.596root 11241100x8000000000000000709748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8869156a074e63762023-02-07 15:17:01.596root 11241100x8000000000000000709747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356eb3f147d1cca72023-02-07 15:17:01.596root 11241100x8000000000000000709746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833bcadcd49d91ca2023-02-07 15:17:01.596root 11241100x8000000000000000709763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9ea9e764c3aa22023-02-07 15:17:01.597root 11241100x8000000000000000709762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f5489fb49fab72023-02-07 15:17:01.597root 11241100x8000000000000000709761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc0aba2c9c08c8d2023-02-07 15:17:01.597root 11241100x8000000000000000709760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb1a370acf6e7692023-02-07 15:17:01.597root 11241100x8000000000000000709759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb76ff06366ee922023-02-07 15:17:01.597root 11241100x8000000000000000709758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc95376eef2c1042023-02-07 15:17:01.597root 11241100x8000000000000000709757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430125a0f6fb9efe2023-02-07 15:17:01.597root 11241100x8000000000000000709756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47d36f5e7337ec72023-02-07 15:17:01.597root 11241100x8000000000000000709755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707ad3ba833cdf2f2023-02-07 15:17:01.597root 11241100x8000000000000000709754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d9950ab79d516f2023-02-07 15:17:01.597root 11241100x8000000000000000709773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1d84cddf3785272023-02-07 15:17:01.598root 11241100x8000000000000000709772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d2cd264830dbae2023-02-07 15:17:01.598root 11241100x8000000000000000709771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572b5d4c450f776f2023-02-07 15:17:01.598root 11241100x8000000000000000709770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4bc7f90c8d275b2023-02-07 15:17:01.598root 11241100x8000000000000000709769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4bd8dd8970da3f2023-02-07 15:17:01.598root 11241100x8000000000000000709768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c76d18ff468c992023-02-07 15:17:01.598root 11241100x8000000000000000709767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaacc5845e6eb552023-02-07 15:17:01.598root 11241100x8000000000000000709766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39db29cfdc0535ff2023-02-07 15:17:01.598root 11241100x8000000000000000709765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2721f45efb70e62c2023-02-07 15:17:01.598root 11241100x8000000000000000709764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d363abe8fa432612023-02-07 15:17:01.598root 11241100x8000000000000000709774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce4d158423d15162023-02-07 15:17:01.599root 154100x8000000000000000709776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.942{ec244aba-6b6d-63e2-6852-374922560000}6112/bin/dash-----/bin/sh -c cd / && run-parts --report /etc/cron.hourly/rootroot{ec244aba-0000-0000-0000-000000000000}08no level-{00000000-0000-0000-0000-000000000000}6111--- 11241100x8000000000000000709775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.943{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808f28c3040b5a592023-02-07 15:17:01.943root 154100x8000000000000000709777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.944{ec244aba-6b6d-63e2-38fa-7435a9550000}6113/bin/run-parts-----run-parts --report /etc/cron.hourly/root{ec244aba-0000-0000-0000-000000000000}08no level-{ec244aba-6b6d-63e2-6852-374922560000}6112/bin/dash/bin/shroot 534500x8000000000000000709790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-6b6d-63e2-38fa-7435a9550000}6113/bin/run-partsroot 11241100x8000000000000000709785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0badf6d4d8e0f792023-02-07 15:17:01.945root 11241100x8000000000000000709784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5a70f12b409d3a2023-02-07 15:17:01.945root 11241100x8000000000000000709783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb54358451ba60572023-02-07 15:17:01.945root 11241100x8000000000000000709782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f9dfbb1ddf9952023-02-07 15:17:01.945root 11241100x8000000000000000709781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8eb78c2bad89ec2023-02-07 15:17:01.945root 11241100x8000000000000000709780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c230bee6be32e62023-02-07 15:17:01.945root 11241100x8000000000000000709779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9437f4cf2ad11a932023-02-07 15:17:01.945root 11241100x8000000000000000709778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.945{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20574ad6917efcdc2023-02-07 15:17:01.945root 534500x8000000000000000709792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.947{ec244aba-6b6d-63e2-6852-374922560000}6112/bin/dashroot 11241100x8000000000000000709791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.947{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed52441221715ec2023-02-07 15:17:01.947root 11241100x8000000000000000709789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.947{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be60797b20df1e162023-02-07 15:17:01.947root 11241100x8000000000000000709788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.947{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd64c3a0622134c2023-02-07 15:17:01.947root 11241100x8000000000000000709787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.947{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dea4fc0feebe7e2023-02-07 15:17:01.947root 11241100x8000000000000000709786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.947{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c804ecca14fb62232023-02-07 15:17:01.947root 11241100x8000000000000000709804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bd4f224256700b2023-02-07 15:17:01.948root 11241100x8000000000000000709803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23924542734bad2c2023-02-07 15:17:01.948root 11241100x8000000000000000709802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be63b28da3f05f32023-02-07 15:17:01.948root 11241100x8000000000000000709801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311bbab010bfe9532023-02-07 15:17:01.948root 11241100x8000000000000000709800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb947598d91f44f2023-02-07 15:17:01.948root 11241100x8000000000000000709799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eedeb6b4c185bf2023-02-07 15:17:01.948root 11241100x8000000000000000709798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d67afd43f3279552023-02-07 15:17:01.948root 11241100x8000000000000000709797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138ed3e5a68303672023-02-07 15:17:01.948root 534500x8000000000000000709796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{00000000-0000-0000-0000-000000000000}6111<unknown process>root 11241100x8000000000000000709795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fecf45c188b3302023-02-07 15:17:01.948root 11241100x8000000000000000709794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2acbdedf71633cb2023-02-07 15:17:01.948root 11241100x8000000000000000709793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.948{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10480d0bbd8466352023-02-07 15:17:01.948root 11241100x8000000000000000709809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.949{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983dd36eedc22fe32023-02-07 15:17:01.949root 11241100x8000000000000000709808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.949{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28188d66f9a46ce2023-02-07 15:17:01.949root 11241100x8000000000000000709807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.949{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2311bd01a21665e2023-02-07 15:17:01.949root 11241100x8000000000000000709806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.949{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b753dd012edcc72023-02-07 15:17:01.949root 11241100x8000000000000000709805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:01.949{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2b18e0594716ca2023-02-07 15:17:01.949root 11241100x8000000000000000709812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dfb88f741b70b42023-02-07 15:17:02.346root 11241100x8000000000000000709811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ef418c76adea112023-02-07 15:17:02.346root 11241100x8000000000000000709810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1583fb4541565a3b2023-02-07 15:17:02.346root 11241100x8000000000000000709822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87256b95ae664ff2023-02-07 15:17:02.347root 11241100x8000000000000000709821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed089a02f3552d02023-02-07 15:17:02.347root 11241100x8000000000000000709820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be43b939652be68e2023-02-07 15:17:02.347root 11241100x8000000000000000709819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6510832644a06dea2023-02-07 15:17:02.347root 11241100x8000000000000000709818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12838ea29ef706952023-02-07 15:17:02.347root 11241100x8000000000000000709817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c6315432ea9c092023-02-07 15:17:02.347root 11241100x8000000000000000709816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfa3942821a0e952023-02-07 15:17:02.347root 11241100x8000000000000000709815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650620493dab71d62023-02-07 15:17:02.347root 11241100x8000000000000000709814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5915a8a985cc9d02023-02-07 15:17:02.347root 11241100x8000000000000000709813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856ac662cebf7f8d2023-02-07 15:17:02.347root 11241100x8000000000000000709828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cce4dfa6a7f55292023-02-07 15:17:02.348root 11241100x8000000000000000709827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6376cc175a14d4b2023-02-07 15:17:02.348root 11241100x8000000000000000709826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a49ef72371b2a652023-02-07 15:17:02.348root 11241100x8000000000000000709825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7d479b53cd5a8e2023-02-07 15:17:02.348root 11241100x8000000000000000709824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a05b806e65468cd2023-02-07 15:17:02.348root 11241100x8000000000000000709823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db7228911eb9eba2023-02-07 15:17:02.348root 11241100x8000000000000000709837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f39539fb90d9aa2023-02-07 15:17:02.349root 11241100x8000000000000000709836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c70b60a6c916212023-02-07 15:17:02.349root 11241100x8000000000000000709835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72f0cc4d0ee65582023-02-07 15:17:02.349root 11241100x8000000000000000709834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2956ee8161dfcc52023-02-07 15:17:02.349root 11241100x8000000000000000709833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11c7be917d4ef562023-02-07 15:17:02.349root 11241100x8000000000000000709832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6219645464fd0c2023-02-07 15:17:02.349root 11241100x8000000000000000709831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31daef90d6e03c3c2023-02-07 15:17:02.349root 11241100x8000000000000000709830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2d0ee182e08aa2023-02-07 15:17:02.349root 11241100x8000000000000000709829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0432961f0a9132d2023-02-07 15:17:02.349root 11241100x8000000000000000709840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dce2bb83efcb5662023-02-07 15:17:02.350root 11241100x8000000000000000709839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c3b72be385868f2023-02-07 15:17:02.350root 11241100x8000000000000000709838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940446c4560d70e32023-02-07 15:17:02.350root 11241100x8000000000000000709844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34675c7d1e4474332023-02-07 15:17:02.846root 11241100x8000000000000000709843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c0c196b63747d72023-02-07 15:17:02.846root 11241100x8000000000000000709842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9ed22dadcdfe142023-02-07 15:17:02.846root 11241100x8000000000000000709841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf4b541ebd0c9742023-02-07 15:17:02.846root 11241100x8000000000000000709852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf937815e2aa3b82023-02-07 15:17:02.847root 11241100x8000000000000000709851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670a271d4afa3b122023-02-07 15:17:02.847root 11241100x8000000000000000709850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df93e76946d270e2023-02-07 15:17:02.847root 11241100x8000000000000000709849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbfd33604f82c212023-02-07 15:17:02.847root 11241100x8000000000000000709848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a469d6c97a38f9342023-02-07 15:17:02.847root 11241100x8000000000000000709847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b807349765eb6ff52023-02-07 15:17:02.847root 11241100x8000000000000000709846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d72b37d4bd2832023-02-07 15:17:02.847root 11241100x8000000000000000709845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e785876acc39fac52023-02-07 15:17:02.847root 11241100x8000000000000000709858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e285cbe8c106ead22023-02-07 15:17:02.848root 11241100x8000000000000000709857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab2d83f40bfaa42023-02-07 15:17:02.848root 11241100x8000000000000000709856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b82c955a9a503602023-02-07 15:17:02.848root 11241100x8000000000000000709855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d627b346dc2eb52023-02-07 15:17:02.848root 11241100x8000000000000000709854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34264a77577f4e262023-02-07 15:17:02.848root 11241100x8000000000000000709853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e0b797c01e7c0a2023-02-07 15:17:02.848root 11241100x8000000000000000709863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bffa63d003ec442023-02-07 15:17:02.849root 11241100x8000000000000000709862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1281f015e647ef952023-02-07 15:17:02.849root 11241100x8000000000000000709861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3a70a175160ac72023-02-07 15:17:02.849root 11241100x8000000000000000709860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a31e0778b119b3e2023-02-07 15:17:02.849root 11241100x8000000000000000709859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc802f0319947a22023-02-07 15:17:02.849root 11241100x8000000000000000709867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4122ea044d3daa182023-02-07 15:17:02.850root 11241100x8000000000000000709866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db5f70181c06d02023-02-07 15:17:02.850root 11241100x8000000000000000709865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2622db7accbba0c22023-02-07 15:17:02.850root 11241100x8000000000000000709864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb86efdcab0b527e2023-02-07 15:17:02.850root 11241100x8000000000000000709871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2347f28f354615fc2023-02-07 15:17:02.851root 11241100x8000000000000000709870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd64394aba15b1482023-02-07 15:17:02.851root 11241100x8000000000000000709869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885e78adbc0cf8e2023-02-07 15:17:02.851root 11241100x8000000000000000709868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c345b12a8d5e02023-02-07 15:17:02.851root 11241100x8000000000000000709873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4bc9b2636cddc72023-02-07 15:17:03.346root 11241100x8000000000000000709872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85554a4d0f69c2672023-02-07 15:17:03.346root 11241100x8000000000000000709882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ff0ac248c47102023-02-07 15:17:03.347root 11241100x8000000000000000709881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0163047f00a2718e2023-02-07 15:17:03.347root 11241100x8000000000000000709880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fd0313a6bea7ed2023-02-07 15:17:03.347root 11241100x8000000000000000709879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c30d784173ae9bb2023-02-07 15:17:03.347root 11241100x8000000000000000709878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bd9344549f19962023-02-07 15:17:03.347root 11241100x8000000000000000709877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cb713482ce25eb2023-02-07 15:17:03.347root 11241100x8000000000000000709876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84137f2e6c3c12412023-02-07 15:17:03.347root 11241100x8000000000000000709875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c33d8fab31dfb852023-02-07 15:17:03.347root 11241100x8000000000000000709874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2733ea832b2220692023-02-07 15:17:03.347root 11241100x8000000000000000709886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f088b25e3bc593c12023-02-07 15:17:03.348root 11241100x8000000000000000709885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104f29f1d779c8cf2023-02-07 15:17:03.348root 11241100x8000000000000000709884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8c87240d01d2332023-02-07 15:17:03.348root 11241100x8000000000000000709883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7989d5ee7966ac2023-02-07 15:17:03.348root 11241100x8000000000000000709890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e57031b488ec7562023-02-07 15:17:03.349root 11241100x8000000000000000709889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370a2b035a53a4022023-02-07 15:17:03.349root 11241100x8000000000000000709888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea0a99af6d8f01f2023-02-07 15:17:03.349root 11241100x8000000000000000709887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edb18eb1512d3d42023-02-07 15:17:03.349root 11241100x8000000000000000709891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a306005e3134dbd2023-02-07 15:17:03.350root 11241100x8000000000000000709896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9e607b555a4fa52023-02-07 15:17:03.351root 11241100x8000000000000000709895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5168a09fd477a22023-02-07 15:17:03.351root 11241100x8000000000000000709894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c9a661c6d603002023-02-07 15:17:03.351root 11241100x8000000000000000709893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792527bd7db999ce2023-02-07 15:17:03.351root 11241100x8000000000000000709892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5537380769fe66082023-02-07 15:17:03.351root 11241100x8000000000000000709899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8d29b75e936892023-02-07 15:17:03.352root 11241100x8000000000000000709898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d811601799e0dffc2023-02-07 15:17:03.352root 11241100x8000000000000000709897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a810239763b8e3392023-02-07 15:17:03.352root 11241100x8000000000000000709902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1195322bfe3b05ce2023-02-07 15:17:03.353root 11241100x8000000000000000709901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ee9247d94833352023-02-07 15:17:03.353root 11241100x8000000000000000709900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d52e19fd2c52e172023-02-07 15:17:03.353root 11241100x8000000000000000709906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d74bdf22f33bc3c2023-02-07 15:17:03.846root 11241100x8000000000000000709905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5a37e79d6422af2023-02-07 15:17:03.846root 11241100x8000000000000000709904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3458956962060a652023-02-07 15:17:03.846root 11241100x8000000000000000709903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2743050a8c5607ff2023-02-07 15:17:03.846root 11241100x8000000000000000709915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01af523e5b09e4d2023-02-07 15:17:03.847root 11241100x8000000000000000709914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f51bdc3994bcf412023-02-07 15:17:03.847root 11241100x8000000000000000709913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c706d63a3f69d962023-02-07 15:17:03.847root 11241100x8000000000000000709912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95620ca1af5a809a2023-02-07 15:17:03.847root 11241100x8000000000000000709911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4014582242da152023-02-07 15:17:03.847root 11241100x8000000000000000709910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea55296ca986841b2023-02-07 15:17:03.847root 11241100x8000000000000000709909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0e99639d4c8aca2023-02-07 15:17:03.847root 11241100x8000000000000000709908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cbe0adb4d5ec512023-02-07 15:17:03.847root 11241100x8000000000000000709907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dceb0e9c7aa8aa02023-02-07 15:17:03.847root 11241100x8000000000000000709919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47f59c9195fc2722023-02-07 15:17:03.848root 11241100x8000000000000000709918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc5f5c0d09425b2023-02-07 15:17:03.848root 11241100x8000000000000000709917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bd9895316091242023-02-07 15:17:03.848root 11241100x8000000000000000709916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbc037fda933c8f2023-02-07 15:17:03.848root 11241100x8000000000000000709923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a991702029d9e212023-02-07 15:17:03.849root 11241100x8000000000000000709922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59111b5b8daffa502023-02-07 15:17:03.849root 11241100x8000000000000000709921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f713c2d15c7364102023-02-07 15:17:03.849root 11241100x8000000000000000709920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff1f611bafeaba82023-02-07 15:17:03.849root 11241100x8000000000000000709928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc9e7a8a79f08d82023-02-07 15:17:03.850root 11241100x8000000000000000709927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088595520937aa72023-02-07 15:17:03.850root 11241100x8000000000000000709926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a7c67db51408522023-02-07 15:17:03.850root 11241100x8000000000000000709925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3976bc1420c091302023-02-07 15:17:03.850root 11241100x8000000000000000709924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d213c4c2ccd1a8072023-02-07 15:17:03.850root 11241100x8000000000000000709933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a4f13671f1f77e2023-02-07 15:17:03.851root 11241100x8000000000000000709932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71edd93ca8c1784e2023-02-07 15:17:03.851root 11241100x8000000000000000709931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9563c3d968c15a4b2023-02-07 15:17:03.851root 11241100x8000000000000000709930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae5fe303167ade02023-02-07 15:17:03.851root 11241100x8000000000000000709929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:03.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a014ea3c1eb26b2023-02-07 15:17:03.851root 11241100x8000000000000000709939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ac4c53db340e92023-02-07 15:17:04.346root 11241100x8000000000000000709938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3838469f47fddc5d2023-02-07 15:17:04.346root 11241100x8000000000000000709937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96e2cd3cbf1af8c2023-02-07 15:17:04.346root 11241100x8000000000000000709936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c582d3d666b640b2023-02-07 15:17:04.346root 11241100x8000000000000000709935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4b8a81ee4156f02023-02-07 15:17:04.346root 11241100x8000000000000000709934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1632d1e59f97a9c32023-02-07 15:17:04.346root 11241100x8000000000000000709948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f80e299f34199b2023-02-07 15:17:04.347root 11241100x8000000000000000709947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc3ae26fbacbde42023-02-07 15:17:04.347root 11241100x8000000000000000709946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bfade11327bbd32023-02-07 15:17:04.347root 11241100x8000000000000000709945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0c35042c9b2e9f2023-02-07 15:17:04.347root 11241100x8000000000000000709944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56b31744c1460962023-02-07 15:17:04.347root 11241100x8000000000000000709943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f2fc58e496b9492023-02-07 15:17:04.347root 11241100x8000000000000000709942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318863af8fa7f8b02023-02-07 15:17:04.347root 11241100x8000000000000000709941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65eab67cef4ca222023-02-07 15:17:04.347root 11241100x8000000000000000709940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3120ca0526555d632023-02-07 15:17:04.347root 11241100x8000000000000000709954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5232166c57d949212023-02-07 15:17:04.348root 11241100x8000000000000000709953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8855870bb838574d2023-02-07 15:17:04.348root 11241100x8000000000000000709952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4921d74bcaf35bc22023-02-07 15:17:04.348root 11241100x8000000000000000709951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b84751111b59a812023-02-07 15:17:04.348root 11241100x8000000000000000709950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad07924fe07dc2202023-02-07 15:17:04.348root 11241100x8000000000000000709949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69379d33a9dc8e72023-02-07 15:17:04.348root 11241100x8000000000000000709957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6825d6dd8b1521ba2023-02-07 15:17:04.349root 11241100x8000000000000000709956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9c3caf7196488f2023-02-07 15:17:04.349root 11241100x8000000000000000709955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8086bf4ec607bc2023-02-07 15:17:04.349root 11241100x8000000000000000709960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9f5277a8832f172023-02-07 15:17:04.350root 11241100x8000000000000000709959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96b0f94bb88f1b62023-02-07 15:17:04.350root 11241100x8000000000000000709958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6f680dd4b312172023-02-07 15:17:04.350root 11241100x8000000000000000709963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1665c9d3233c512023-02-07 15:17:04.351root 11241100x8000000000000000709962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cde8c0049e63bb22023-02-07 15:17:04.351root 11241100x8000000000000000709961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b69d61ce410834b2023-02-07 15:17:04.351root 11241100x8000000000000000709964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1e7c20dfa3d8522023-02-07 15:17:04.352root 11241100x8000000000000000709966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e5439cac6810db2023-02-07 15:17:04.846root 11241100x8000000000000000709965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b5fcbf2ef342e42023-02-07 15:17:04.846root 11241100x8000000000000000709976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914359e847f484e82023-02-07 15:17:04.847root 11241100x8000000000000000709975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101d2f361a1c2db32023-02-07 15:17:04.847root 11241100x8000000000000000709974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f662006e9bdd71b2023-02-07 15:17:04.847root 11241100x8000000000000000709973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b593c0df13920ee2023-02-07 15:17:04.847root 11241100x8000000000000000709972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970cefd6656f572e2023-02-07 15:17:04.847root 11241100x8000000000000000709971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2052111d0e2d12023-02-07 15:17:04.847root 11241100x8000000000000000709970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb9be83ffedf5e12023-02-07 15:17:04.847root 11241100x8000000000000000709969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a24d5b7eda1dd282023-02-07 15:17:04.847root 11241100x8000000000000000709968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb3f9e1100faa472023-02-07 15:17:04.847root 11241100x8000000000000000709967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1101aa2feb9ea5322023-02-07 15:17:04.847root 11241100x8000000000000000709982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e1c15086e76142023-02-07 15:17:04.848root 11241100x8000000000000000709981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a90cd76bf3b83e2023-02-07 15:17:04.848root 11241100x8000000000000000709980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bab339ea45cab62023-02-07 15:17:04.848root 11241100x8000000000000000709979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341ab65dd0e89e532023-02-07 15:17:04.848root 11241100x8000000000000000709978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259857d094af4fc72023-02-07 15:17:04.848root 11241100x8000000000000000709977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9158d2d7b23d602023-02-07 15:17:04.848root 11241100x8000000000000000709988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c47c1cabcd4f6182023-02-07 15:17:04.849root 11241100x8000000000000000709987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff728134b344692023-02-07 15:17:04.849root 11241100x8000000000000000709986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761e954e9821aa1c2023-02-07 15:17:04.849root 11241100x8000000000000000709985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e6a6cc26d0545a2023-02-07 15:17:04.849root 11241100x8000000000000000709984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c47d1163913ccf52023-02-07 15:17:04.849root 11241100x8000000000000000709983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef8351da9e653492023-02-07 15:17:04.849root 11241100x8000000000000000709991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc2cfd0ef5d9fff2023-02-07 15:17:04.850root 11241100x8000000000000000709990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9952ab17fec14d692023-02-07 15:17:04.850root 11241100x8000000000000000709989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cbc5b8edfbf8bb2023-02-07 15:17:04.850root 11241100x8000000000000000709995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dc2a43d01c74a32023-02-07 15:17:04.852root 11241100x8000000000000000709994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2623a2bb8426e8372023-02-07 15:17:04.852root 11241100x8000000000000000709993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f582275283acebcb2023-02-07 15:17:04.852root 11241100x8000000000000000709992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:04.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6621b56d28f646c2023-02-07 15:17:04.852root 354300x8000000000000000709996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.246{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35624-false10.0.1.12-8000- 11241100x8000000000000000710009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551898f32f754c252023-02-07 15:17:05.247root 11241100x8000000000000000710008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c500650752b3ff92023-02-07 15:17:05.247root 11241100x8000000000000000710007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c5ad51e3534e002023-02-07 15:17:05.247root 11241100x8000000000000000710006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd620ef610ec33082023-02-07 15:17:05.247root 11241100x8000000000000000710005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe60cc9e8eda8ce52023-02-07 15:17:05.247root 11241100x8000000000000000710004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5fe10320d589952023-02-07 15:17:05.247root 11241100x8000000000000000710003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ddc47bc2bbbe92023-02-07 15:17:05.247root 11241100x8000000000000000710002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fbbcb449196db02023-02-07 15:17:05.247root 11241100x8000000000000000710001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836d37abf0d8b3572023-02-07 15:17:05.247root 11241100x8000000000000000710000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa494c6650022fa22023-02-07 15:17:05.247root 11241100x8000000000000000709999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f730c600f69d2792023-02-07 15:17:05.247root 11241100x8000000000000000709998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089c2cb9fcdc859b2023-02-07 15:17:05.247root 11241100x8000000000000000709997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71549dbf957b7d692023-02-07 15:17:05.247root 11241100x8000000000000000710021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaaf00e759001012023-02-07 15:17:05.248root 11241100x8000000000000000710020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0fde4427e6caeb2023-02-07 15:17:05.248root 11241100x8000000000000000710019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b7cf72257113352023-02-07 15:17:05.248root 11241100x8000000000000000710018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae7543e5f89b0572023-02-07 15:17:05.248root 11241100x8000000000000000710017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ba9ce2e50c20d42023-02-07 15:17:05.248root 11241100x8000000000000000710016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416cf4d2e83911032023-02-07 15:17:05.248root 11241100x8000000000000000710015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16365b2cc501fb6f2023-02-07 15:17:05.248root 11241100x8000000000000000710014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d95c06a6610e0272023-02-07 15:17:05.248root 11241100x8000000000000000710013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f0cdd35320c7632023-02-07 15:17:05.248root 11241100x8000000000000000710012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4345132b0877721c2023-02-07 15:17:05.248root 11241100x8000000000000000710011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec07aefc95a16102023-02-07 15:17:05.248root 11241100x8000000000000000710010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2057cf99096f4a652023-02-07 15:17:05.248root 11241100x8000000000000000710031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d684c7a61755cc052023-02-07 15:17:05.249root 11241100x8000000000000000710030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa489c6274cd941a2023-02-07 15:17:05.249root 11241100x8000000000000000710029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f743fdf6c6f991782023-02-07 15:17:05.249root 11241100x8000000000000000710028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23860f87816d952b2023-02-07 15:17:05.249root 11241100x8000000000000000710027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fd5cf740b92f592023-02-07 15:17:05.249root 11241100x8000000000000000710026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef61578def4bf70b2023-02-07 15:17:05.249root 11241100x8000000000000000710025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9275f3bbdb82b522023-02-07 15:17:05.249root 11241100x8000000000000000710024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e30c6c158db57212023-02-07 15:17:05.249root 11241100x8000000000000000710023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874bd7fcd891dd352023-02-07 15:17:05.249root 11241100x8000000000000000710022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4999f961087e792023-02-07 15:17:05.249root 11241100x8000000000000000710038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47c535b6e63c2e52023-02-07 15:17:05.250root 11241100x8000000000000000710037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ea032984bec6b12023-02-07 15:17:05.250root 11241100x8000000000000000710036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25949b907befe1b22023-02-07 15:17:05.250root 11241100x8000000000000000710035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9adfbaf7beef0c2023-02-07 15:17:05.250root 11241100x8000000000000000710034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932b05026bd5c75f2023-02-07 15:17:05.250root 11241100x8000000000000000710033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a3c35f086d7d822023-02-07 15:17:05.250root 11241100x8000000000000000710032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc19f2e34fc0c812023-02-07 15:17:05.250root 11241100x8000000000000000710044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a14ddf2c3f3cdf2023-02-07 15:17:05.595root 11241100x8000000000000000710043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecddd9d6b430a322023-02-07 15:17:05.595root 11241100x8000000000000000710042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f5138f7b34a5bb2023-02-07 15:17:05.595root 11241100x8000000000000000710041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba06a055115591a2023-02-07 15:17:05.595root 11241100x8000000000000000710040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaf8c6a14f03cb52023-02-07 15:17:05.595root 11241100x8000000000000000710039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4576e34f7779682023-02-07 15:17:05.595root 11241100x8000000000000000710054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd266aa74054fdc92023-02-07 15:17:05.596root 11241100x8000000000000000710053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f14cf04ca3cb5792023-02-07 15:17:05.596root 11241100x8000000000000000710052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1a0a54926741bc2023-02-07 15:17:05.596root 11241100x8000000000000000710051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583123e31d39e7692023-02-07 15:17:05.596root 11241100x8000000000000000710050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e9400ea3de3bc62023-02-07 15:17:05.596root 11241100x8000000000000000710049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d925252e3dc86b2023-02-07 15:17:05.596root 11241100x8000000000000000710048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc7e2b5735a5b622023-02-07 15:17:05.596root 11241100x8000000000000000710047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7354577ff57bddf42023-02-07 15:17:05.596root 11241100x8000000000000000710046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ff37eb7bd19ffa2023-02-07 15:17:05.596root 11241100x8000000000000000710045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa94ea62feff03e2023-02-07 15:17:05.596root 11241100x8000000000000000710064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7a832a59b43bb22023-02-07 15:17:05.597root 11241100x8000000000000000710063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea11d018b3394e892023-02-07 15:17:05.597root 11241100x8000000000000000710062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff265384b2df3482023-02-07 15:17:05.597root 11241100x8000000000000000710061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb41f366b0bb2d72023-02-07 15:17:05.597root 11241100x8000000000000000710060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8ce2f4f0929e842023-02-07 15:17:05.597root 11241100x8000000000000000710059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb78bc3e94be2602023-02-07 15:17:05.597root 11241100x8000000000000000710058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832dc333b7a678542023-02-07 15:17:05.597root 11241100x8000000000000000710057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e777309d7a465ce2023-02-07 15:17:05.597root 11241100x8000000000000000710056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c340cf8085676c2023-02-07 15:17:05.597root 11241100x8000000000000000710055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9c74c9d809a2402023-02-07 15:17:05.597root 11241100x8000000000000000710079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7a07a36873bed52023-02-07 15:17:05.598root 11241100x8000000000000000710078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea7b2b70573859d2023-02-07 15:17:05.598root 11241100x8000000000000000710077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93268bcdfac8f7232023-02-07 15:17:05.598root 11241100x8000000000000000710076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4681132a5656d8072023-02-07 15:17:05.598root 11241100x8000000000000000710075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caeaf78d4da72c42023-02-07 15:17:05.598root 11241100x8000000000000000710074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc788844a7d34f2023-02-07 15:17:05.598root 11241100x8000000000000000710073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e1faaa8208617b2023-02-07 15:17:05.598root 11241100x8000000000000000710072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5249fdc3f9b78df2023-02-07 15:17:05.598root 11241100x8000000000000000710071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5808ce3a4415162023-02-07 15:17:05.598root 11241100x8000000000000000710070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa711291f89874a2023-02-07 15:17:05.598root 11241100x8000000000000000710069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cab304f32a2fb92023-02-07 15:17:05.598root 11241100x8000000000000000710068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7bc790c741736d2023-02-07 15:17:05.598root 11241100x8000000000000000710067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6994a459cc1085f62023-02-07 15:17:05.598root 11241100x8000000000000000710066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc650e6c0726b8fe2023-02-07 15:17:05.598root 11241100x8000000000000000710065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d50071d49cab0592023-02-07 15:17:05.598root 11241100x8000000000000000710095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a6340826919f892023-02-07 15:17:05.599root 11241100x8000000000000000710094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcf8ca4ef22d0482023-02-07 15:17:05.599root 11241100x8000000000000000710093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af42f92ff5999e602023-02-07 15:17:05.599root 11241100x8000000000000000710092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9983abdaf56434e42023-02-07 15:17:05.599root 11241100x8000000000000000710091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33e02eadcda5a0b2023-02-07 15:17:05.599root 11241100x8000000000000000710090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e4e1611dffb5c2023-02-07 15:17:05.599root 11241100x8000000000000000710089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac55f8792aee6baf2023-02-07 15:17:05.599root 11241100x8000000000000000710088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051529e9ae2901f82023-02-07 15:17:05.599root 11241100x8000000000000000710087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c51cb7a93d046a2023-02-07 15:17:05.599root 11241100x8000000000000000710086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61124c4652a391d02023-02-07 15:17:05.599root 11241100x8000000000000000710085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f68327673ab3e32023-02-07 15:17:05.599root 11241100x8000000000000000710084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b268672347e5c9962023-02-07 15:17:05.599root 11241100x8000000000000000710083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae7e8e6e50568f62023-02-07 15:17:05.599root 11241100x8000000000000000710082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9b70062719659a2023-02-07 15:17:05.599root 11241100x8000000000000000710081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2841dc19e18437742023-02-07 15:17:05.599root 11241100x8000000000000000710080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafcb8132f0ed2472023-02-07 15:17:05.599root 11241100x8000000000000000710099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013956c80763ed662023-02-07 15:17:05.600root 11241100x8000000000000000710098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e73af472306b90e2023-02-07 15:17:05.600root 11241100x8000000000000000710097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25897a92ebdbcf382023-02-07 15:17:05.600root 11241100x8000000000000000710096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:05.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb26bf2b6fe15a3c2023-02-07 15:17:05.600root 11241100x8000000000000000710106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c273c47168d5441f2023-02-07 15:17:06.095root 11241100x8000000000000000710105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e6b428e8c72f392023-02-07 15:17:06.095root 11241100x8000000000000000710104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4e0cc21ff951d82023-02-07 15:17:06.095root 11241100x8000000000000000710103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15692979df8086a22023-02-07 15:17:06.095root 11241100x8000000000000000710102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf442f6ec82d243a2023-02-07 15:17:06.095root 11241100x8000000000000000710101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74218d07a55443db2023-02-07 15:17:06.095root 11241100x8000000000000000710100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4fca35d9173a6a2023-02-07 15:17:06.095root 11241100x8000000000000000710120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fef74fe6190f112023-02-07 15:17:06.096root 11241100x8000000000000000710119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee9d75b82d2eac72023-02-07 15:17:06.096root 11241100x8000000000000000710118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caf7013aee4ecb82023-02-07 15:17:06.096root 11241100x8000000000000000710117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34276868d468a57d2023-02-07 15:17:06.096root 11241100x8000000000000000710116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521d0537b2921bbb2023-02-07 15:17:06.096root 11241100x8000000000000000710115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aa2ef0157a44f02023-02-07 15:17:06.096root 11241100x8000000000000000710114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f33535474002982023-02-07 15:17:06.096root 11241100x8000000000000000710113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaac66c38b28efb2023-02-07 15:17:06.096root 11241100x8000000000000000710112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd18d97409a0eeb72023-02-07 15:17:06.096root 11241100x8000000000000000710111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4eed3e8731196ad2023-02-07 15:17:06.096root 11241100x8000000000000000710110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76ca27deb19c5932023-02-07 15:17:06.096root 11241100x8000000000000000710109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22749248e3d87212023-02-07 15:17:06.096root 11241100x8000000000000000710108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa85ecaa79e4dc32023-02-07 15:17:06.096root 11241100x8000000000000000710107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bcbcb9ebc2260f2023-02-07 15:17:06.096root 11241100x8000000000000000710135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2287c39cfef24952023-02-07 15:17:06.097root 11241100x8000000000000000710134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc72ecca041a2952023-02-07 15:17:06.097root 11241100x8000000000000000710133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d380ada4c1c68b4f2023-02-07 15:17:06.097root 11241100x8000000000000000710132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ef47ac0d14e862023-02-07 15:17:06.097root 11241100x8000000000000000710131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2549311549c7966b2023-02-07 15:17:06.097root 11241100x8000000000000000710130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03e259f350e3e2c2023-02-07 15:17:06.097root 11241100x8000000000000000710129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b992c999e59d84ab2023-02-07 15:17:06.097root 11241100x8000000000000000710128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e83d39e11386daa2023-02-07 15:17:06.097root 11241100x8000000000000000710127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1848598d1a90232c2023-02-07 15:17:06.097root 11241100x8000000000000000710126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8160068206cc552023-02-07 15:17:06.097root 11241100x8000000000000000710125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f324b9619ca75382023-02-07 15:17:06.097root 11241100x8000000000000000710124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91232e58595b6fd92023-02-07 15:17:06.097root 11241100x8000000000000000710123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0465f822442d872023-02-07 15:17:06.097root 11241100x8000000000000000710122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b6d20d9ade007f2023-02-07 15:17:06.097root 11241100x8000000000000000710121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ebedddf39610872023-02-07 15:17:06.097root 11241100x8000000000000000710143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca506c702540e682023-02-07 15:17:06.098root 11241100x8000000000000000710142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df768ad1ce4882832023-02-07 15:17:06.098root 11241100x8000000000000000710141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942520ec20ae66da2023-02-07 15:17:06.098root 11241100x8000000000000000710140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2004cd031852880d2023-02-07 15:17:06.098root 11241100x8000000000000000710139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296b6266f43aa5b32023-02-07 15:17:06.098root 11241100x8000000000000000710138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405d56adb8e83d22023-02-07 15:17:06.098root 11241100x8000000000000000710137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab51dfa86cafe732023-02-07 15:17:06.098root 11241100x8000000000000000710136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c7671cb0287f162023-02-07 15:17:06.098root 11241100x8000000000000000710150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9519cafe1b32aa582023-02-07 15:17:06.100root 11241100x8000000000000000710149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5067cfa9b9b6a2a42023-02-07 15:17:06.100root 11241100x8000000000000000710148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ffadccdfe947562023-02-07 15:17:06.100root 11241100x8000000000000000710147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d5a55a19e681722023-02-07 15:17:06.100root 11241100x8000000000000000710146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3436c9b98a0b332023-02-07 15:17:06.100root 11241100x8000000000000000710145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488f42004e76cd992023-02-07 15:17:06.100root 11241100x8000000000000000710144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6164a17011472a2f2023-02-07 15:17:06.100root 11241100x8000000000000000710157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d265daf52735ab2023-02-07 15:17:06.101root 11241100x8000000000000000710156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d33d088932d5dca2023-02-07 15:17:06.101root 11241100x8000000000000000710155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca6c140413118182023-02-07 15:17:06.101root 11241100x8000000000000000710154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85f1dcf9bc448082023-02-07 15:17:06.101root 11241100x8000000000000000710153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba708611ec0981af2023-02-07 15:17:06.101root 11241100x8000000000000000710152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece712ec4b328bed2023-02-07 15:17:06.101root 11241100x8000000000000000710151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932412c96422f5662023-02-07 15:17:06.101root 11241100x8000000000000000710162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcee31f0adfcc602023-02-07 15:17:06.102root 11241100x8000000000000000710161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f092ffbd7fca662023-02-07 15:17:06.102root 11241100x8000000000000000710160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa7f02b355ca2d2023-02-07 15:17:06.102root 11241100x8000000000000000710159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f67d8c49280fb12023-02-07 15:17:06.102root 11241100x8000000000000000710158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5316621d9d947ac2023-02-07 15:17:06.102root 11241100x8000000000000000710164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fc678f5baa3b562023-02-07 15:17:06.103root 11241100x8000000000000000710163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8450025d7576d8942023-02-07 15:17:06.103root 11241100x8000000000000000710169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640284257ed983c92023-02-07 15:17:06.104root 11241100x8000000000000000710168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5921376a76afd2712023-02-07 15:17:06.104root 11241100x8000000000000000710167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c88b9953e61bd2023-02-07 15:17:06.104root 11241100x8000000000000000710166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9bd8fb9f6bd94c2023-02-07 15:17:06.104root 11241100x8000000000000000710165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a0199c4fa4e7752023-02-07 15:17:06.104root 11241100x8000000000000000710173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063c3952879dbdb32023-02-07 15:17:06.105root 11241100x8000000000000000710172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6b6d2127d163ec2023-02-07 15:17:06.105root 11241100x8000000000000000710171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef222e07bc6a7ad2023-02-07 15:17:06.105root 11241100x8000000000000000710170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a7e897ae50baf42023-02-07 15:17:06.105root 11241100x8000000000000000710177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da84b5174e484fe2023-02-07 15:17:06.106root 11241100x8000000000000000710176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5807f4454dd4b1092023-02-07 15:17:06.106root 11241100x8000000000000000710175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd8f1421ebfb4322023-02-07 15:17:06.106root 11241100x8000000000000000710174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3d032377b2e9b92023-02-07 15:17:06.106root 11241100x8000000000000000710181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d70dba825e0bdf62023-02-07 15:17:06.107root 11241100x8000000000000000710180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4242ff9af56b1ec2023-02-07 15:17:06.107root 11241100x8000000000000000710179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf997bee54b06912023-02-07 15:17:06.107root 11241100x8000000000000000710178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6b9509512159e2023-02-07 15:17:06.107root 11241100x8000000000000000710184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e875b2d55d8a982023-02-07 15:17:06.108root 11241100x8000000000000000710183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8fdebe2bc11a4a2023-02-07 15:17:06.108root 11241100x8000000000000000710182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d7f3a41a8cf33a2023-02-07 15:17:06.108root 11241100x8000000000000000710191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efef8e07411fd5b2023-02-07 15:17:06.595root 11241100x8000000000000000710190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52033720c19365482023-02-07 15:17:06.595root 11241100x8000000000000000710189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea5397ec1f8f2712023-02-07 15:17:06.595root 11241100x8000000000000000710188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca74fb30a70c66e2023-02-07 15:17:06.595root 11241100x8000000000000000710187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96078df29d239572023-02-07 15:17:06.595root 11241100x8000000000000000710186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53530b52c845b12023-02-07 15:17:06.595root 11241100x8000000000000000710185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab42079a1de820c22023-02-07 15:17:06.595root 11241100x8000000000000000710196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb5dffff1c7086d2023-02-07 15:17:06.596root 11241100x8000000000000000710195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3845ae34143644c62023-02-07 15:17:06.596root 11241100x8000000000000000710194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5598f82f8da1998b2023-02-07 15:17:06.596root 11241100x8000000000000000710193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcc43e3fa424d652023-02-07 15:17:06.596root 11241100x8000000000000000710192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad5e6ac0f8aea132023-02-07 15:17:06.596root 11241100x8000000000000000710201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f352d6e4a26dcebd2023-02-07 15:17:06.597root 11241100x8000000000000000710200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb22fd6b7c64be92023-02-07 15:17:06.597root 11241100x8000000000000000710199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab83b9c8f056af72023-02-07 15:17:06.597root 11241100x8000000000000000710198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f46571491166442023-02-07 15:17:06.597root 11241100x8000000000000000710197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0dd9a654083c7d2023-02-07 15:17:06.597root 11241100x8000000000000000710204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c33a09259cc9a2023-02-07 15:17:06.598root 11241100x8000000000000000710203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4627dac2d2e71e9c2023-02-07 15:17:06.598root 11241100x8000000000000000710202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b91326cbed50222023-02-07 15:17:06.598root 11241100x8000000000000000710211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b2951d02f87d72023-02-07 15:17:06.599root 11241100x8000000000000000710210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c41455d97a18382023-02-07 15:17:06.599root 11241100x8000000000000000710209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d2964bbdfe0c472023-02-07 15:17:06.599root 11241100x8000000000000000710208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5e8bac01887a3f2023-02-07 15:17:06.599root 11241100x8000000000000000710207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec08bb246e78de12023-02-07 15:17:06.599root 11241100x8000000000000000710206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e921c8192f4f06712023-02-07 15:17:06.599root 11241100x8000000000000000710205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d139818c75c48f2023-02-07 15:17:06.599root 11241100x8000000000000000710218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2689b163356a10382023-02-07 15:17:06.600root 11241100x8000000000000000710217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9268b3acc9c0702023-02-07 15:17:06.600root 11241100x8000000000000000710216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5c7c676ec54e812023-02-07 15:17:06.600root 11241100x8000000000000000710215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1a1deddca5650e2023-02-07 15:17:06.600root 11241100x8000000000000000710214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a2570a903e6c6d2023-02-07 15:17:06.600root 11241100x8000000000000000710213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c6e053b06f09e32023-02-07 15:17:06.600root 11241100x8000000000000000710212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42ef82d6e1281fe2023-02-07 15:17:06.600root 11241100x8000000000000000710222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5553afee06d05af02023-02-07 15:17:06.601root 11241100x8000000000000000710221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb7d3c49190a25d2023-02-07 15:17:06.601root 11241100x8000000000000000710220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33535b687573ad0e2023-02-07 15:17:06.601root 11241100x8000000000000000710219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf1fe929396a56d2023-02-07 15:17:06.601root 11241100x8000000000000000710225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2864ce251e86f2023-02-07 15:17:06.602root 11241100x8000000000000000710224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04272e75a7f3f1572023-02-07 15:17:06.602root 11241100x8000000000000000710223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b85f31eb2776902023-02-07 15:17:06.602root 11241100x8000000000000000710227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bf39ed9d8fcc992023-02-07 15:17:06.603root 11241100x8000000000000000710226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ae9854786757812023-02-07 15:17:06.603root 11241100x8000000000000000710230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9871d1326c2099772023-02-07 15:17:06.604root 11241100x8000000000000000710229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0d7ad2d051a0bc2023-02-07 15:17:06.604root 11241100x8000000000000000710228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:06.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44a527b1a7fd4ca2023-02-07 15:17:06.604root 11241100x8000000000000000710235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16817c8f2853a6432023-02-07 15:17:07.095root 11241100x8000000000000000710234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af392a10f0a189ed2023-02-07 15:17:07.095root 11241100x8000000000000000710233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4293c9cedd657b02023-02-07 15:17:07.095root 11241100x8000000000000000710232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81039dccbd745df82023-02-07 15:17:07.095root 11241100x8000000000000000710231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ee3ab2c8a99e3e2023-02-07 15:17:07.095root 11241100x8000000000000000710244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c83071242727762023-02-07 15:17:07.096root 11241100x8000000000000000710243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e38e5f5641483772023-02-07 15:17:07.096root 11241100x8000000000000000710242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fa23f9a3585fda2023-02-07 15:17:07.096root 11241100x8000000000000000710241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a829ece1118f12f2023-02-07 15:17:07.096root 11241100x8000000000000000710240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735b69d1b6999f9c2023-02-07 15:17:07.096root 11241100x8000000000000000710239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a255856a4fef9122023-02-07 15:17:07.096root 11241100x8000000000000000710238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcd0d333e14adfb2023-02-07 15:17:07.096root 11241100x8000000000000000710237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1df7461c0d2c8b2023-02-07 15:17:07.096root 11241100x8000000000000000710236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2b95db7010bcbe2023-02-07 15:17:07.096root 11241100x8000000000000000710252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4da0400f4f2a682023-02-07 15:17:07.097root 11241100x8000000000000000710251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb45595a57b526bc2023-02-07 15:17:07.097root 11241100x8000000000000000710250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bcb6f08b5fbff62023-02-07 15:17:07.097root 11241100x8000000000000000710249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41456c4bfe8db91f2023-02-07 15:17:07.097root 11241100x8000000000000000710248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6913620541c51a102023-02-07 15:17:07.097root 11241100x8000000000000000710247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d00f3a0c1e7552023-02-07 15:17:07.097root 11241100x8000000000000000710246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f57fd9e598a3f62023-02-07 15:17:07.097root 11241100x8000000000000000710245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c061bf6f99427c22023-02-07 15:17:07.097root 11241100x8000000000000000710262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab81f584b2fd85c82023-02-07 15:17:07.098root 11241100x8000000000000000710261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3428078abe013be72023-02-07 15:17:07.098root 11241100x8000000000000000710260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a0b897d3303dc42023-02-07 15:17:07.098root 11241100x8000000000000000710259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d5e44be3005542023-02-07 15:17:07.098root 11241100x8000000000000000710258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749f7d2abc6182be2023-02-07 15:17:07.098root 11241100x8000000000000000710257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5f34512651fbc42023-02-07 15:17:07.098root 11241100x8000000000000000710256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459aeaa8e104f062023-02-07 15:17:07.098root 11241100x8000000000000000710255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f495241e1939370e2023-02-07 15:17:07.098root 11241100x8000000000000000710254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7afb1a755c3bf072023-02-07 15:17:07.098root 11241100x8000000000000000710253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eafdb71e966d1322023-02-07 15:17:07.098root 11241100x8000000000000000710271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ba366f42feeff62023-02-07 15:17:07.099root 11241100x8000000000000000710270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e246f1d94b94322023-02-07 15:17:07.099root 11241100x8000000000000000710269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d626cc45169a2f752023-02-07 15:17:07.099root 11241100x8000000000000000710268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0238a96abbe26472023-02-07 15:17:07.099root 11241100x8000000000000000710267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dedd5f1076c715e2023-02-07 15:17:07.099root 11241100x8000000000000000710266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce81e2f2d89110a2023-02-07 15:17:07.099root 11241100x8000000000000000710265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275107d05012b0a52023-02-07 15:17:07.099root 11241100x8000000000000000710264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dc1de3a3086c762023-02-07 15:17:07.099root 11241100x8000000000000000710263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2739b9a7c0108812023-02-07 15:17:07.099root 11241100x8000000000000000710279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac9417ed94c1f9f2023-02-07 15:17:07.100root 11241100x8000000000000000710278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dbe5003fd0e2862023-02-07 15:17:07.100root 11241100x8000000000000000710277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b181d2c810fd41f2023-02-07 15:17:07.100root 11241100x8000000000000000710276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d815cacfe5afca1c2023-02-07 15:17:07.100root 11241100x8000000000000000710275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f00cf08c67102d2023-02-07 15:17:07.100root 11241100x8000000000000000710274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989079d0013fe0092023-02-07 15:17:07.100root 11241100x8000000000000000710273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c53e9cc9c1824ef2023-02-07 15:17:07.100root 11241100x8000000000000000710272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66fe8c99c84300f2023-02-07 15:17:07.100root 11241100x8000000000000000710284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf21234ee7a2139a2023-02-07 15:17:07.595root 11241100x8000000000000000710283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582824df6baa62c82023-02-07 15:17:07.595root 11241100x8000000000000000710282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea06953454bca862023-02-07 15:17:07.595root 11241100x8000000000000000710281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949f8b74afa62d132023-02-07 15:17:07.595root 11241100x8000000000000000710280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27e1dfc979d880b2023-02-07 15:17:07.595root 11241100x8000000000000000710292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94839a0f44c7fed2023-02-07 15:17:07.596root 11241100x8000000000000000710291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724e23095ea1788d2023-02-07 15:17:07.596root 11241100x8000000000000000710290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97c59eabbbb72602023-02-07 15:17:07.596root 11241100x8000000000000000710289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ededf20348b90f092023-02-07 15:17:07.596root 11241100x8000000000000000710288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10950483dd610282023-02-07 15:17:07.596root 11241100x8000000000000000710287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24d60455230ba142023-02-07 15:17:07.596root 11241100x8000000000000000710286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cb75bac84e69712023-02-07 15:17:07.596root 11241100x8000000000000000710285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed412dd349cb0eb2023-02-07 15:17:07.596root 11241100x8000000000000000710301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e622fe78bb03dd2023-02-07 15:17:07.597root 11241100x8000000000000000710300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b9f681b9565d9f2023-02-07 15:17:07.597root 11241100x8000000000000000710299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc8bb10b8bc6b1a2023-02-07 15:17:07.597root 11241100x8000000000000000710298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8718d017446982023-02-07 15:17:07.597root 11241100x8000000000000000710297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a606f5d5901dc12023-02-07 15:17:07.597root 11241100x8000000000000000710296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc602a8a462d964d2023-02-07 15:17:07.597root 11241100x8000000000000000710295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1671b8ff1cd3a3712023-02-07 15:17:07.597root 11241100x8000000000000000710294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059ad1d928d532ee2023-02-07 15:17:07.597root 11241100x8000000000000000710293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731808843384c55d2023-02-07 15:17:07.597root 11241100x8000000000000000710311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ef58282bb12bcd2023-02-07 15:17:07.598root 11241100x8000000000000000710310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fe49d6a6510a662023-02-07 15:17:07.598root 11241100x8000000000000000710309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47370985c4ef27c82023-02-07 15:17:07.598root 11241100x8000000000000000710308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349a32eba69cfede2023-02-07 15:17:07.598root 11241100x8000000000000000710307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451f78c8d35ca7732023-02-07 15:17:07.598root 11241100x8000000000000000710306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b39072141d56a52023-02-07 15:17:07.598root 11241100x8000000000000000710305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7503d42609aa663e2023-02-07 15:17:07.598root 11241100x8000000000000000710304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ee8addc2815da12023-02-07 15:17:07.598root 11241100x8000000000000000710303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349715f23ee896d22023-02-07 15:17:07.598root 11241100x8000000000000000710302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e90fecdcba59aab2023-02-07 15:17:07.598root 11241100x8000000000000000710319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bba4277eb54ab62023-02-07 15:17:07.599root 11241100x8000000000000000710318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dbc3aaa509c4892023-02-07 15:17:07.599root 11241100x8000000000000000710317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ca53842ef870732023-02-07 15:17:07.599root 11241100x8000000000000000710316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f220a695b5fb7332023-02-07 15:17:07.599root 11241100x8000000000000000710315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8000c8dfa306fb2023-02-07 15:17:07.599root 11241100x8000000000000000710314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e16977a491631c2023-02-07 15:17:07.599root 11241100x8000000000000000710313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc1dcea841fca02023-02-07 15:17:07.599root 11241100x8000000000000000710312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17949df0b4bc69ec2023-02-07 15:17:07.599root 11241100x8000000000000000710326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241c32522fc537d42023-02-07 15:17:07.600root 11241100x8000000000000000710325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3788d855aa7b9102023-02-07 15:17:07.600root 11241100x8000000000000000710324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebb15747da5495e2023-02-07 15:17:07.600root 11241100x8000000000000000710323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251aa9c3f324b0642023-02-07 15:17:07.600root 11241100x8000000000000000710322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f9fd665c321472023-02-07 15:17:07.600root 11241100x8000000000000000710321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7a924e58350332023-02-07 15:17:07.600root 11241100x8000000000000000710320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6445aea721c20e2023-02-07 15:17:07.600root 11241100x8000000000000000710330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c1d82ccb53bf932023-02-07 15:17:07.601root 11241100x8000000000000000710329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4fd26805883e032023-02-07 15:17:07.601root 11241100x8000000000000000710328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eab825a66d54922023-02-07 15:17:07.601root 11241100x8000000000000000710327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:07.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34a11ca07a485282023-02-07 15:17:07.601root 11241100x8000000000000000710338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c558678ae3065da2023-02-07 15:17:08.096root 11241100x8000000000000000710337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bc3dedd35b82a72023-02-07 15:17:08.096root 11241100x8000000000000000710336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d55f606da47b3da2023-02-07 15:17:08.096root 11241100x8000000000000000710335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b49f4a4bc6c5fe2023-02-07 15:17:08.096root 11241100x8000000000000000710334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1469668107a19172023-02-07 15:17:08.096root 11241100x8000000000000000710333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c057645d45030fd2023-02-07 15:17:08.096root 11241100x8000000000000000710332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b38d32fbe89ca4f2023-02-07 15:17:08.096root 11241100x8000000000000000710331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fccae1e77e71dae2023-02-07 15:17:08.096root 11241100x8000000000000000710347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44c245310149bee2023-02-07 15:17:08.097root 11241100x8000000000000000710346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38c0d5a23fb89d12023-02-07 15:17:08.097root 11241100x8000000000000000710345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1421b6b1c73926032023-02-07 15:17:08.097root 11241100x8000000000000000710344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193eb7175daccf32023-02-07 15:17:08.097root 11241100x8000000000000000710343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222d3416a9907ef2023-02-07 15:17:08.097root 11241100x8000000000000000710342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fdc7c4c8cb09cc2023-02-07 15:17:08.097root 11241100x8000000000000000710341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914324230b8522252023-02-07 15:17:08.097root 11241100x8000000000000000710340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9051f84d04c6a0722023-02-07 15:17:08.097root 11241100x8000000000000000710339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be17b7ad9ae868f2023-02-07 15:17:08.097root 11241100x8000000000000000710356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737946ad2ec827062023-02-07 15:17:08.098root 11241100x8000000000000000710355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbdf739fd1d4abb2023-02-07 15:17:08.098root 11241100x8000000000000000710354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa3f2d38baafd772023-02-07 15:17:08.098root 11241100x8000000000000000710353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4172d047bfc9f18b2023-02-07 15:17:08.098root 11241100x8000000000000000710352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e314d3b1a6cefcb92023-02-07 15:17:08.098root 11241100x8000000000000000710351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e7cbc9500a70522023-02-07 15:17:08.098root 11241100x8000000000000000710350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cf27a146475e6c2023-02-07 15:17:08.098root 11241100x8000000000000000710349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c5a662ba7b83e42023-02-07 15:17:08.098root 11241100x8000000000000000710348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57050ec424fdd7fe2023-02-07 15:17:08.098root 11241100x8000000000000000710362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036f33c42f263ac92023-02-07 15:17:08.099root 11241100x8000000000000000710361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1496ab81a8a4292023-02-07 15:17:08.099root 11241100x8000000000000000710360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99cb23295d0c4c52023-02-07 15:17:08.099root 11241100x8000000000000000710359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f687c2d6162a3252023-02-07 15:17:08.099root 11241100x8000000000000000710358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c2eb857efa5ef42023-02-07 15:17:08.099root 11241100x8000000000000000710357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e976c53b05db542023-02-07 15:17:08.099root 11241100x8000000000000000710369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aae260dcec8e572023-02-07 15:17:08.595root 11241100x8000000000000000710368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb96d6d41f0e4fc2023-02-07 15:17:08.595root 11241100x8000000000000000710367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10de4441bd4339b92023-02-07 15:17:08.595root 11241100x8000000000000000710366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9080dc3f57cde82023-02-07 15:17:08.595root 11241100x8000000000000000710365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0718128523cc32023-02-07 15:17:08.595root 11241100x8000000000000000710364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09b308bc89189ad2023-02-07 15:17:08.595root 11241100x8000000000000000710363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787d6121354bb5542023-02-07 15:17:08.595root 11241100x8000000000000000710381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95edfa1fe7a700f2023-02-07 15:17:08.596root 11241100x8000000000000000710380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c35e8961949352023-02-07 15:17:08.596root 11241100x8000000000000000710379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753d21cd6ecf12312023-02-07 15:17:08.596root 11241100x8000000000000000710378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d092b9ca4d19a5f72023-02-07 15:17:08.596root 11241100x8000000000000000710377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112f146fccb06cf52023-02-07 15:17:08.596root 11241100x8000000000000000710376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0b13074f4873602023-02-07 15:17:08.596root 11241100x8000000000000000710375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1926c7a400b0a242023-02-07 15:17:08.596root 11241100x8000000000000000710374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e1a94e07ccb1c32023-02-07 15:17:08.596root 11241100x8000000000000000710373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7b86e253cff7082023-02-07 15:17:08.596root 11241100x8000000000000000710372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26440999038755762023-02-07 15:17:08.596root 11241100x8000000000000000710371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc82874cb2abb252023-02-07 15:17:08.596root 11241100x8000000000000000710370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29d59c5d9fabd6c2023-02-07 15:17:08.596root 11241100x8000000000000000710385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5d328853e1f0902023-02-07 15:17:08.597root 11241100x8000000000000000710384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ef36735aaed1792023-02-07 15:17:08.597root 11241100x8000000000000000710383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb7052a19ebd3f92023-02-07 15:17:08.597root 11241100x8000000000000000710382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b72cf8d37498fd2023-02-07 15:17:08.597root 11241100x8000000000000000710390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d397d7c46170852023-02-07 15:17:08.598root 11241100x8000000000000000710389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deac1227f1a7a5fb2023-02-07 15:17:08.598root 11241100x8000000000000000710388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3f3e500fd46c452023-02-07 15:17:08.598root 11241100x8000000000000000710387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c6603d1b3cda972023-02-07 15:17:08.598root 11241100x8000000000000000710386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b10d5620909297b2023-02-07 15:17:08.598root 11241100x8000000000000000710394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deacfb8de61547492023-02-07 15:17:08.599root 11241100x8000000000000000710393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77ac18181b82d192023-02-07 15:17:08.599root 11241100x8000000000000000710392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4495edf4a0d625f92023-02-07 15:17:08.599root 11241100x8000000000000000710391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:08.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c8e2547249b3b12023-02-07 15:17:08.599root 11241100x8000000000000000710397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce655bf3305ad12023-02-07 15:17:09.095root 11241100x8000000000000000710396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c95f96cd580555d2023-02-07 15:17:09.095root 11241100x8000000000000000710395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7ecb958b4f20ec2023-02-07 15:17:09.095root 11241100x8000000000000000710406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bab05a16d96be12023-02-07 15:17:09.096root 11241100x8000000000000000710405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98623b1b6e613e712023-02-07 15:17:09.096root 11241100x8000000000000000710404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98306874fa9ad6262023-02-07 15:17:09.096root 11241100x8000000000000000710403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f49333b8aa6e0d2023-02-07 15:17:09.096root 11241100x8000000000000000710402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b32428ead4fcd12023-02-07 15:17:09.096root 11241100x8000000000000000710401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd61b880ad1515f2023-02-07 15:17:09.096root 11241100x8000000000000000710400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71da9988b28c6802023-02-07 15:17:09.096root 11241100x8000000000000000710399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70464c1526a17dc2023-02-07 15:17:09.096root 11241100x8000000000000000710398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be67bb0cce154da32023-02-07 15:17:09.096root 11241100x8000000000000000710417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c1b7149f1c929d2023-02-07 15:17:09.097root 11241100x8000000000000000710416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d71102417db0adb2023-02-07 15:17:09.097root 11241100x8000000000000000710415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc53b4148f64f6122023-02-07 15:17:09.097root 11241100x8000000000000000710414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041bf9b94cb685e22023-02-07 15:17:09.097root 11241100x8000000000000000710413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4cdbad02cb4ead2023-02-07 15:17:09.097root 11241100x8000000000000000710412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d12fa901deed6c2023-02-07 15:17:09.097root 11241100x8000000000000000710411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d7473c52fe66262023-02-07 15:17:09.097root 11241100x8000000000000000710410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd45db65ecb7b7372023-02-07 15:17:09.097root 11241100x8000000000000000710409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4af673217e4a142023-02-07 15:17:09.097root 11241100x8000000000000000710408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99883b41f463fc372023-02-07 15:17:09.097root 11241100x8000000000000000710407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0204b35933201842023-02-07 15:17:09.097root 11241100x8000000000000000710427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d269df89b629c38f2023-02-07 15:17:09.098root 11241100x8000000000000000710426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63279a6b648a6ccb2023-02-07 15:17:09.098root 11241100x8000000000000000710425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb82ef7c4ee1a3e2023-02-07 15:17:09.098root 11241100x8000000000000000710424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af744141c8a9ddd2023-02-07 15:17:09.098root 11241100x8000000000000000710423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfecd4611eff5eb22023-02-07 15:17:09.098root 11241100x8000000000000000710422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16921bdfb375c86b2023-02-07 15:17:09.098root 11241100x8000000000000000710421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3f7a04122eea642023-02-07 15:17:09.098root 11241100x8000000000000000710420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e1ce5acf0430412023-02-07 15:17:09.098root 11241100x8000000000000000710419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cb8de5f5b6d3592023-02-07 15:17:09.098root 11241100x8000000000000000710418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae2fff3670b9b9e2023-02-07 15:17:09.098root 11241100x8000000000000000710429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d52ed37680812c2023-02-07 15:17:09.099root 11241100x8000000000000000710428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf4bccab16d886b2023-02-07 15:17:09.099root 11241100x8000000000000000710433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c2d9c3d778748e2023-02-07 15:17:09.595root 11241100x8000000000000000710432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa84be9284418de2023-02-07 15:17:09.595root 11241100x8000000000000000710431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da6fd4d2a227cbb2023-02-07 15:17:09.595root 11241100x8000000000000000710430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efea617c8ea6548a2023-02-07 15:17:09.595root 11241100x8000000000000000710442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd918c5b786fa232023-02-07 15:17:09.596root 11241100x8000000000000000710441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc2749710a9e3f62023-02-07 15:17:09.596root 11241100x8000000000000000710440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fdf0a0cf01d1f72023-02-07 15:17:09.596root 11241100x8000000000000000710439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cb4b59b81aca3d2023-02-07 15:17:09.596root 11241100x8000000000000000710438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e635e6b05929e92023-02-07 15:17:09.596root 11241100x8000000000000000710437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6b952c95ec63c72023-02-07 15:17:09.596root 11241100x8000000000000000710436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a5d6a8ad2fbd782023-02-07 15:17:09.596root 11241100x8000000000000000710435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3cca95b46e2cf72023-02-07 15:17:09.596root 11241100x8000000000000000710434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f35d8bd7e680b02023-02-07 15:17:09.596root 11241100x8000000000000000710452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdb2b6b9fe094fb2023-02-07 15:17:09.597root 11241100x8000000000000000710451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022888475438be62023-02-07 15:17:09.597root 11241100x8000000000000000710450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4284e066920e2ee82023-02-07 15:17:09.597root 11241100x8000000000000000710449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eea114aa8cf1e32023-02-07 15:17:09.597root 11241100x8000000000000000710448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd7bb6704aceea52023-02-07 15:17:09.597root 11241100x8000000000000000710447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cd730f8e88633b2023-02-07 15:17:09.597root 11241100x8000000000000000710446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c673c7c6e41f9f62023-02-07 15:17:09.597root 11241100x8000000000000000710445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505172cdb8cc233b2023-02-07 15:17:09.597root 11241100x8000000000000000710444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4118690441e6562023-02-07 15:17:09.597root 11241100x8000000000000000710443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d601d20000f2ffca2023-02-07 15:17:09.597root 11241100x8000000000000000710460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc870a01467fd6612023-02-07 15:17:09.598root 11241100x8000000000000000710459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90c1a49180adaa2023-02-07 15:17:09.598root 11241100x8000000000000000710458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b7ab40bf29c4832023-02-07 15:17:09.598root 11241100x8000000000000000710457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d96720dbe82f4d42023-02-07 15:17:09.598root 11241100x8000000000000000710456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eb75c09a3a29682023-02-07 15:17:09.598root 11241100x8000000000000000710455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c378bcea8b1abbe32023-02-07 15:17:09.598root 11241100x8000000000000000710454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2eb0d3d166a99d92023-02-07 15:17:09.598root 11241100x8000000000000000710453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d7e7d19778d4f92023-02-07 15:17:09.598root 11241100x8000000000000000710469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e41cb78c95ea082023-02-07 15:17:09.599root 11241100x8000000000000000710468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e9ae7cac08e41e2023-02-07 15:17:09.599root 11241100x8000000000000000710467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febdb4d4b58963992023-02-07 15:17:09.599root 11241100x8000000000000000710466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba96462564a99fd62023-02-07 15:17:09.599root 11241100x8000000000000000710465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1d2b93d3bc421d2023-02-07 15:17:09.599root 11241100x8000000000000000710464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d399d6cdc5e7bba02023-02-07 15:17:09.599root 11241100x8000000000000000710463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1bb1a4a92c265d2023-02-07 15:17:09.599root 11241100x8000000000000000710462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb3ff5ae47379e12023-02-07 15:17:09.599root 11241100x8000000000000000710461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75d414d78702e612023-02-07 15:17:09.599root 11241100x8000000000000000710474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20dbe156863fb0d2023-02-07 15:17:09.600root 11241100x8000000000000000710473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef9a8af9cef7bb2023-02-07 15:17:09.600root 11241100x8000000000000000710472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937abdef334df3722023-02-07 15:17:09.600root 11241100x8000000000000000710471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3090088aeaef05a82023-02-07 15:17:09.600root 11241100x8000000000000000710470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4882a45c74c0f62023-02-07 15:17:09.600root 11241100x8000000000000000710482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87ff5d511a8a0872023-02-07 15:17:09.601root 11241100x8000000000000000710481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09986ea7ebc56fa2023-02-07 15:17:09.601root 11241100x8000000000000000710480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6ee3245a715d2c2023-02-07 15:17:09.601root 11241100x8000000000000000710479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869b2fc23a002f862023-02-07 15:17:09.601root 11241100x8000000000000000710478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67eb73d0ad11efa2023-02-07 15:17:09.601root 11241100x8000000000000000710477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6ff1841fec1dbe2023-02-07 15:17:09.601root 11241100x8000000000000000710476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439024363a6734c32023-02-07 15:17:09.601root 11241100x8000000000000000710475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:09.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf4e4282ec6fe402023-02-07 15:17:09.601root 11241100x8000000000000000710484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8ba385196827d32023-02-07 15:17:10.095root 11241100x8000000000000000710483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9670dd09b817e8d42023-02-07 15:17:10.095root 11241100x8000000000000000710493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0524b83e0c8365f92023-02-07 15:17:10.096root 11241100x8000000000000000710492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7d2e7c0b720732023-02-07 15:17:10.096root 11241100x8000000000000000710491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49c99614ae5c9572023-02-07 15:17:10.096root 11241100x8000000000000000710490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce57a42352263d622023-02-07 15:17:10.096root 11241100x8000000000000000710489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f5aa41f6d086942023-02-07 15:17:10.096root 11241100x8000000000000000710488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73af450446097892023-02-07 15:17:10.096root 11241100x8000000000000000710487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77688919aeb23bc52023-02-07 15:17:10.096root 11241100x8000000000000000710486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50809fb72c00d2592023-02-07 15:17:10.096root 11241100x8000000000000000710485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d551d350ba6f922023-02-07 15:17:10.096root 11241100x8000000000000000710503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc98ee9f1ab06f562023-02-07 15:17:10.097root 11241100x8000000000000000710502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637099cc413087d32023-02-07 15:17:10.097root 11241100x8000000000000000710501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7460a834fd93d5602023-02-07 15:17:10.097root 11241100x8000000000000000710500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4ee6551dad5c652023-02-07 15:17:10.097root 11241100x8000000000000000710499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c9e2676ebdda622023-02-07 15:17:10.097root 11241100x8000000000000000710498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197bb8494e51b4592023-02-07 15:17:10.097root 11241100x8000000000000000710497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9d2d23c55798e02023-02-07 15:17:10.097root 11241100x8000000000000000710496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6212879103fcfcad2023-02-07 15:17:10.097root 11241100x8000000000000000710495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2bfd3e9a45508e2023-02-07 15:17:10.097root 11241100x8000000000000000710494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad65fbcfd22f5aa2023-02-07 15:17:10.097root 11241100x8000000000000000710509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456ce0f1b74fd4492023-02-07 15:17:10.098root 11241100x8000000000000000710508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baec5c69c63d2bd2023-02-07 15:17:10.098root 11241100x8000000000000000710507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ebb7ec2c0c07442023-02-07 15:17:10.098root 11241100x8000000000000000710506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895d9236ed3091d82023-02-07 15:17:10.098root 11241100x8000000000000000710505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1851b1b9b864e3932023-02-07 15:17:10.098root 11241100x8000000000000000710504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d04e778cb1565a2023-02-07 15:17:10.098root 11241100x8000000000000000710515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ef30308d8ed82f2023-02-07 15:17:10.099root 11241100x8000000000000000710514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2def149ee02ce22023-02-07 15:17:10.099root 11241100x8000000000000000710513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ccb9a3791808ba2023-02-07 15:17:10.099root 11241100x8000000000000000710512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c2090239c8ab182023-02-07 15:17:10.099root 11241100x8000000000000000710511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a8f198ee7b1f3e2023-02-07 15:17:10.099root 11241100x8000000000000000710510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d5de18214f4bd72023-02-07 15:17:10.099root 11241100x8000000000000000710524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1a65f81c470d6a2023-02-07 15:17:10.100root 11241100x8000000000000000710523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5cb1b24143edcf2023-02-07 15:17:10.100root 11241100x8000000000000000710522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a0916b4d28207c2023-02-07 15:17:10.100root 11241100x8000000000000000710521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4578138f7fc2e6532023-02-07 15:17:10.100root 11241100x8000000000000000710520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10919b8755b61dd82023-02-07 15:17:10.100root 11241100x8000000000000000710519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed3dc1c3c97b0102023-02-07 15:17:10.100root 11241100x8000000000000000710518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c125e091ca52c02023-02-07 15:17:10.100root 11241100x8000000000000000710517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529b58d714ffacac2023-02-07 15:17:10.100root 11241100x8000000000000000710516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f4eccf7750cc462023-02-07 15:17:10.100root 11241100x8000000000000000710527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d15a4f9c1d228f2023-02-07 15:17:10.595root 11241100x8000000000000000710526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a90d4fb56c71d182023-02-07 15:17:10.595root 11241100x8000000000000000710525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ada22f8e7ce8e62023-02-07 15:17:10.595root 11241100x8000000000000000710535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4df45bf309a0622023-02-07 15:17:10.596root 11241100x8000000000000000710534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87b5aaf5ed76c32023-02-07 15:17:10.596root 11241100x8000000000000000710533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bfc5e80a71c71b2023-02-07 15:17:10.596root 11241100x8000000000000000710532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29a8c7819a1bd792023-02-07 15:17:10.596root 11241100x8000000000000000710531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac9911dc896b85f2023-02-07 15:17:10.596root 11241100x8000000000000000710530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99755ae52fd5f1032023-02-07 15:17:10.596root 11241100x8000000000000000710529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743ba718bdf948e32023-02-07 15:17:10.596root 11241100x8000000000000000710528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aabe4d1032a3812023-02-07 15:17:10.596root 11241100x8000000000000000710545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c107e0af4cd9d72023-02-07 15:17:10.597root 11241100x8000000000000000710544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0176a4d03f8f492023-02-07 15:17:10.597root 11241100x8000000000000000710543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a5d672b00591ab2023-02-07 15:17:10.597root 11241100x8000000000000000710542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4b39cc22db63542023-02-07 15:17:10.597root 11241100x8000000000000000710541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65e02d1382076662023-02-07 15:17:10.597root 11241100x8000000000000000710540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064bcbbd7d019a7f2023-02-07 15:17:10.597root 11241100x8000000000000000710539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6b61af68a04df42023-02-07 15:17:10.597root 11241100x8000000000000000710538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3017afb90e1a5ce2023-02-07 15:17:10.597root 11241100x8000000000000000710537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e173b8dd6f20a3a2023-02-07 15:17:10.597root 11241100x8000000000000000710536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12d9850272d9e112023-02-07 15:17:10.597root 11241100x8000000000000000710554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02af2f2a0dacc9d2023-02-07 15:17:10.598root 11241100x8000000000000000710553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e01145ba09c83b62023-02-07 15:17:10.598root 11241100x8000000000000000710552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd716920d4e098302023-02-07 15:17:10.598root 11241100x8000000000000000710551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a8496aa874d5a82023-02-07 15:17:10.598root 11241100x8000000000000000710550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fb553df3c80b692023-02-07 15:17:10.598root 11241100x8000000000000000710549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d833a858439859e2023-02-07 15:17:10.598root 11241100x8000000000000000710548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069ee79c61114672023-02-07 15:17:10.598root 11241100x8000000000000000710547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fed81e6909a44c2023-02-07 15:17:10.598root 11241100x8000000000000000710546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13dd48ccda3f8042023-02-07 15:17:10.598root 11241100x8000000000000000710560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5e964977d3a32c2023-02-07 15:17:10.599root 11241100x8000000000000000710559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72b2d6741a702e82023-02-07 15:17:10.599root 11241100x8000000000000000710558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c61c477e2899a32023-02-07 15:17:10.599root 11241100x8000000000000000710557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22e7af3dc7a158c2023-02-07 15:17:10.599root 11241100x8000000000000000710556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dcd7d48caa19542023-02-07 15:17:10.599root 11241100x8000000000000000710555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce444bf062a13c2023-02-07 15:17:10.599root 11241100x8000000000000000710570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87184e8fde3a5ccd2023-02-07 15:17:10.600root 11241100x8000000000000000710569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ecf024e68d70952023-02-07 15:17:10.600root 11241100x8000000000000000710568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e490b2ec6e25cf2023-02-07 15:17:10.600root 11241100x8000000000000000710567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2870f1067b7b0b72023-02-07 15:17:10.600root 11241100x8000000000000000710566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021a6bd1f70f90c2023-02-07 15:17:10.600root 11241100x8000000000000000710565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f72a02f676fd972023-02-07 15:17:10.600root 11241100x8000000000000000710564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dd438fa79b792c2023-02-07 15:17:10.600root 11241100x8000000000000000710563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31329f38a0a929bb2023-02-07 15:17:10.600root 11241100x8000000000000000710562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c79612c6ba7e972023-02-07 15:17:10.600root 11241100x8000000000000000710561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:10.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062b59a0d81b82ba2023-02-07 15:17:10.600root 11241100x8000000000000000710572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e82a491e6380012023-02-07 15:17:11.096root 11241100x8000000000000000710571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2bc6e3dfacd5042023-02-07 15:17:11.096root 11241100x8000000000000000710580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab402b6905b295e62023-02-07 15:17:11.097root 11241100x8000000000000000710579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7334b255dde2a992023-02-07 15:17:11.097root 11241100x8000000000000000710578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc7c49b69bf2b152023-02-07 15:17:11.097root 11241100x8000000000000000710577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b907c909c6501e902023-02-07 15:17:11.097root 11241100x8000000000000000710576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beb41922f0cef0f2023-02-07 15:17:11.097root 11241100x8000000000000000710575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c017cf832d168ff52023-02-07 15:17:11.097root 11241100x8000000000000000710574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ed9725efc1e5c72023-02-07 15:17:11.097root 11241100x8000000000000000710573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61d85711a60451c2023-02-07 15:17:11.097root 11241100x8000000000000000710589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86e52eaed4cff4d2023-02-07 15:17:11.098root 11241100x8000000000000000710588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed64c43bfaf64b422023-02-07 15:17:11.098root 11241100x8000000000000000710587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f600476a6b52606f2023-02-07 15:17:11.098root 11241100x8000000000000000710586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5121ecf9dccc942023-02-07 15:17:11.098root 11241100x8000000000000000710585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4623086bb4769f192023-02-07 15:17:11.098root 11241100x8000000000000000710584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569a90bacba879812023-02-07 15:17:11.098root 11241100x8000000000000000710583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef40e8450426b8302023-02-07 15:17:11.098root 11241100x8000000000000000710582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3809f4c2c961096d2023-02-07 15:17:11.098root 11241100x8000000000000000710581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e41bfe2550a0dd2023-02-07 15:17:11.098root 11241100x8000000000000000710591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b9b13b709a64562023-02-07 15:17:11.099root 11241100x8000000000000000710590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906d4e9bccd508ed2023-02-07 15:17:11.099root 11241100x8000000000000000710595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b0c30eb27a8892023-02-07 15:17:11.100root 11241100x8000000000000000710594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74e8ec15f56b5aa2023-02-07 15:17:11.100root 11241100x8000000000000000710593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05645bd31d6f5cc92023-02-07 15:17:11.100root 11241100x8000000000000000710592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164b1808e91b04e42023-02-07 15:17:11.100root 11241100x8000000000000000710601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72d07ae450722612023-02-07 15:17:11.101root 11241100x8000000000000000710600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a4a561b5a23c232023-02-07 15:17:11.101root 11241100x8000000000000000710599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ae2cfe39f6c5e32023-02-07 15:17:11.101root 11241100x8000000000000000710598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427fe9cf0de0ee5b2023-02-07 15:17:11.101root 11241100x8000000000000000710597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2dab562d8a5bd72023-02-07 15:17:11.101root 11241100x8000000000000000710596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf924006fe997f82023-02-07 15:17:11.101root 11241100x8000000000000000710602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0988a03a312cb1492023-02-07 15:17:11.102root 354300x8000000000000000710603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.149{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35634-false10.0.1.12-8000- 11241100x8000000000000000710605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6818baa5a205f1f22023-02-07 15:17:11.596root 11241100x8000000000000000710604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2823b122c07cc0b12023-02-07 15:17:11.596root 11241100x8000000000000000710619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66a51a4982d7d042023-02-07 15:17:11.597root 11241100x8000000000000000710618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a393965022d1977e2023-02-07 15:17:11.597root 11241100x8000000000000000710617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14f8427a3aa29e42023-02-07 15:17:11.597root 11241100x8000000000000000710616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e697ca18d34fc82023-02-07 15:17:11.597root 11241100x8000000000000000710615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85e57f4308ddee22023-02-07 15:17:11.597root 11241100x8000000000000000710614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff099d696ba258a2023-02-07 15:17:11.597root 11241100x8000000000000000710613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5d022c2695776a2023-02-07 15:17:11.597root 11241100x8000000000000000710612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b473bb386ac1ed2023-02-07 15:17:11.597root 11241100x8000000000000000710611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c06177edad89a02023-02-07 15:17:11.597root 11241100x8000000000000000710610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bac93b3ad2de5af2023-02-07 15:17:11.597root 11241100x8000000000000000710609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3347286b9b3c26a72023-02-07 15:17:11.597root 11241100x8000000000000000710608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20416601cc5b8baa2023-02-07 15:17:11.597root 11241100x8000000000000000710607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe271835af1b0e72023-02-07 15:17:11.597root 11241100x8000000000000000710606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80ff7d9bd838f322023-02-07 15:17:11.597root 11241100x8000000000000000710625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853b56f330fdb682023-02-07 15:17:11.598root 11241100x8000000000000000710624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54558eda8155db232023-02-07 15:17:11.598root 11241100x8000000000000000710623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a551e3fa8f3c62023-02-07 15:17:11.598root 11241100x8000000000000000710622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a522500c9c1be46b2023-02-07 15:17:11.598root 11241100x8000000000000000710621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3227fe4ac7b70a402023-02-07 15:17:11.598root 11241100x8000000000000000710620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8f10daf498da32023-02-07 15:17:11.598root 11241100x8000000000000000710632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e058861987d672882023-02-07 15:17:11.599root 11241100x8000000000000000710631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93957333c5f935032023-02-07 15:17:11.599root 11241100x8000000000000000710630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfb8820853c76822023-02-07 15:17:11.599root 11241100x8000000000000000710629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9b949de7ac098c2023-02-07 15:17:11.599root 11241100x8000000000000000710628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f4ee9cf6d15e762023-02-07 15:17:11.599root 11241100x8000000000000000710627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb197574865dd0542023-02-07 15:17:11.599root 11241100x8000000000000000710626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef77021655fee2c32023-02-07 15:17:11.599root 11241100x8000000000000000710636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b79588f89691752023-02-07 15:17:11.600root 11241100x8000000000000000710635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0171b5fcc40ba4c02023-02-07 15:17:11.600root 11241100x8000000000000000710634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0fbc02aec8d7432023-02-07 15:17:11.600root 11241100x8000000000000000710633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:11.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e5233d0b7c6962023-02-07 15:17:11.600root 11241100x8000000000000000710640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ecd418df70e1852023-02-07 15:17:12.095root 11241100x8000000000000000710639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e2a3af1a0452312023-02-07 15:17:12.095root 11241100x8000000000000000710638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fe8cf47b114cfa2023-02-07 15:17:12.095root 11241100x8000000000000000710637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7109cca28ce8c822023-02-07 15:17:12.095root 11241100x8000000000000000710650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b20c8231cd16c32023-02-07 15:17:12.096root 11241100x8000000000000000710649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe3b6e1dfb0073b2023-02-07 15:17:12.096root 11241100x8000000000000000710648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620363ac05a266e62023-02-07 15:17:12.096root 11241100x8000000000000000710647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a96a825d48b78c2023-02-07 15:17:12.096root 11241100x8000000000000000710646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e02d32e4fb4b2f72023-02-07 15:17:12.096root 11241100x8000000000000000710645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593754c601965c972023-02-07 15:17:12.096root 11241100x8000000000000000710644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5050ad7bfca0d28f2023-02-07 15:17:12.096root 11241100x8000000000000000710643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da67cd77a7ac5692023-02-07 15:17:12.096root 11241100x8000000000000000710642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219ed126f50aa87c2023-02-07 15:17:12.096root 11241100x8000000000000000710641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0bd4a69b69a6722023-02-07 15:17:12.096root 11241100x8000000000000000710659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3656362db785712023-02-07 15:17:12.097root 11241100x8000000000000000710658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ecda192d8f515a2023-02-07 15:17:12.097root 11241100x8000000000000000710657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7809af32ffb852562023-02-07 15:17:12.097root 11241100x8000000000000000710656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcb9a92dd60850c2023-02-07 15:17:12.097root 11241100x8000000000000000710655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bbb6211252d82a2023-02-07 15:17:12.097root 11241100x8000000000000000710654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373c1d1019af75412023-02-07 15:17:12.097root 11241100x8000000000000000710653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc5b0804b8e28e32023-02-07 15:17:12.097root 11241100x8000000000000000710652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97d78ad2d19c3612023-02-07 15:17:12.097root 11241100x8000000000000000710651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ee446a1ca512fa2023-02-07 15:17:12.097root 11241100x8000000000000000710667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186802f83253ca222023-02-07 15:17:12.098root 11241100x8000000000000000710666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dd7b97147b38a92023-02-07 15:17:12.098root 11241100x8000000000000000710665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9ee06309ed63b42023-02-07 15:17:12.098root 11241100x8000000000000000710664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1edd811497418482023-02-07 15:17:12.098root 11241100x8000000000000000710663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1092c52fb959d42023-02-07 15:17:12.098root 11241100x8000000000000000710662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae87fc05216853df2023-02-07 15:17:12.098root 11241100x8000000000000000710661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e05220070805052023-02-07 15:17:12.098root 11241100x8000000000000000710660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9f04197d1f69992023-02-07 15:17:12.098root 11241100x8000000000000000710671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599e046eefd8438c2023-02-07 15:17:12.099root 11241100x8000000000000000710670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb873dd78441dd422023-02-07 15:17:12.099root 11241100x8000000000000000710669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c26201f5745b342023-02-07 15:17:12.099root 11241100x8000000000000000710668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb471d0bc1a0b1f2023-02-07 15:17:12.099root 11241100x8000000000000000710675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365a4b44910714c52023-02-07 15:17:12.595root 11241100x8000000000000000710674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2088923d9b37c7622023-02-07 15:17:12.595root 11241100x8000000000000000710673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e036d1b14047760b2023-02-07 15:17:12.595root 11241100x8000000000000000710672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f7bf1468f4cf8a2023-02-07 15:17:12.595root 11241100x8000000000000000710685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69827f74cb30c1962023-02-07 15:17:12.596root 11241100x8000000000000000710684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd60bcc4eb2106e42023-02-07 15:17:12.596root 11241100x8000000000000000710683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589fc62f5b838b1f2023-02-07 15:17:12.596root 11241100x8000000000000000710682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445e1da35bea28d62023-02-07 15:17:12.596root 11241100x8000000000000000710681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaa64a9498977292023-02-07 15:17:12.596root 11241100x8000000000000000710680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b56c5f3f66fc9e2023-02-07 15:17:12.596root 11241100x8000000000000000710679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5e06ac8805f3e62023-02-07 15:17:12.596root 11241100x8000000000000000710678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0482b004f9dbda2023-02-07 15:17:12.596root 11241100x8000000000000000710677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e612d883241b05b2023-02-07 15:17:12.596root 11241100x8000000000000000710676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c652bbcc8fa79f2023-02-07 15:17:12.596root 11241100x8000000000000000710694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e2a9137d2f94192023-02-07 15:17:12.597root 11241100x8000000000000000710693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0958085f6c672fbb2023-02-07 15:17:12.597root 11241100x8000000000000000710692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a2abb39248f3272023-02-07 15:17:12.597root 11241100x8000000000000000710691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb426f1d8ce6ed42023-02-07 15:17:12.597root 11241100x8000000000000000710690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fc1e55181efe132023-02-07 15:17:12.597root 11241100x8000000000000000710689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b294cc202c9760d2023-02-07 15:17:12.597root 11241100x8000000000000000710688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e352880a09738eb2023-02-07 15:17:12.597root 11241100x8000000000000000710687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc28f58acec5ac2023-02-07 15:17:12.597root 11241100x8000000000000000710686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de9febd14709b742023-02-07 15:17:12.597root 11241100x8000000000000000710698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b3e9aa482499782023-02-07 15:17:12.598root 11241100x8000000000000000710697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2cbd3fcdcc5aaa2023-02-07 15:17:12.598root 11241100x8000000000000000710696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4aade47dacdb6042023-02-07 15:17:12.598root 11241100x8000000000000000710695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565617e2e79989c12023-02-07 15:17:12.598root 11241100x8000000000000000710701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c969563f4659a1f2023-02-07 15:17:12.602root 11241100x8000000000000000710700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00af0346e5d0602023-02-07 15:17:12.602root 11241100x8000000000000000710699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb46489e919a4822023-02-07 15:17:12.602root 11241100x8000000000000000710709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f820b6e14b16deab2023-02-07 15:17:12.603root 11241100x8000000000000000710708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febf48fb7cd27afd2023-02-07 15:17:12.603root 11241100x8000000000000000710707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0613278e555095c2023-02-07 15:17:12.603root 11241100x8000000000000000710706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94f844e7622c9452023-02-07 15:17:12.603root 11241100x8000000000000000710705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2e88cc01906ed12023-02-07 15:17:12.603root 11241100x8000000000000000710704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb5a2a423aa586c2023-02-07 15:17:12.603root 11241100x8000000000000000710703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7652eec60346402023-02-07 15:17:12.603root 11241100x8000000000000000710702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787a1606ed6e8ef62023-02-07 15:17:12.603root 11241100x8000000000000000710710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:12.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d9f20a7ef8e10e2023-02-07 15:17:12.604root 11241100x8000000000000000710715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fae71e8b4061502023-02-07 15:17:13.095root 11241100x8000000000000000710714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad0379e68db4ab72023-02-07 15:17:13.095root 11241100x8000000000000000710713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06bbe17bd4684612023-02-07 15:17:13.095root 11241100x8000000000000000710712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba912fde37d74cdf2023-02-07 15:17:13.095root 11241100x8000000000000000710711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f0c24bc5d125ca2023-02-07 15:17:13.095root 11241100x8000000000000000710725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ce6baef461a9b62023-02-07 15:17:13.096root 11241100x8000000000000000710724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabd43089f4da3bc2023-02-07 15:17:13.096root 11241100x8000000000000000710723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9076451baa7a89f02023-02-07 15:17:13.096root 11241100x8000000000000000710722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033825ac8d3874f32023-02-07 15:17:13.096root 11241100x8000000000000000710721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124ed43b232eb4f52023-02-07 15:17:13.096root 11241100x8000000000000000710720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde377be5c2d0ff12023-02-07 15:17:13.096root 11241100x8000000000000000710719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fdff05bd7fd35b2023-02-07 15:17:13.096root 11241100x8000000000000000710718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a4eb1e6a99f602023-02-07 15:17:13.096root 11241100x8000000000000000710717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fdb250227b1ed72023-02-07 15:17:13.096root 11241100x8000000000000000710716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d86ff9e3204c8e2023-02-07 15:17:13.096root 11241100x8000000000000000710733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef675c121b143522023-02-07 15:17:13.097root 11241100x8000000000000000710732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df33da060de485da2023-02-07 15:17:13.097root 11241100x8000000000000000710731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59207009a7e407022023-02-07 15:17:13.097root 11241100x8000000000000000710730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a24cb60ccdcf3342023-02-07 15:17:13.097root 11241100x8000000000000000710729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e64f285172bcb12023-02-07 15:17:13.097root 11241100x8000000000000000710728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df185792c17eddd2023-02-07 15:17:13.097root 11241100x8000000000000000710727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9cfe636e6946e32023-02-07 15:17:13.097root 11241100x8000000000000000710726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a684fefeb934242023-02-07 15:17:13.097root 11241100x8000000000000000710740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1efe48447f9e212023-02-07 15:17:13.098root 11241100x8000000000000000710739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e9895c0613e3302023-02-07 15:17:13.098root 11241100x8000000000000000710738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb2d96c68d58adb2023-02-07 15:17:13.098root 11241100x8000000000000000710737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a25022640b5e1e2023-02-07 15:17:13.098root 11241100x8000000000000000710736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369678c7578cbbf92023-02-07 15:17:13.098root 11241100x8000000000000000710735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9109a363b7fe25612023-02-07 15:17:13.098root 11241100x8000000000000000710734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765dd69d293713f02023-02-07 15:17:13.098root 11241100x8000000000000000710749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d8cc4fc7682562023-02-07 15:17:13.099root 11241100x8000000000000000710748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d685f197f927652023-02-07 15:17:13.099root 11241100x8000000000000000710747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024c64b5496f0732023-02-07 15:17:13.099root 11241100x8000000000000000710746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c302714d9be4b3a52023-02-07 15:17:13.099root 11241100x8000000000000000710745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14ca5315fe0c1482023-02-07 15:17:13.099root 11241100x8000000000000000710744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015b8732045cfae22023-02-07 15:17:13.099root 11241100x8000000000000000710743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1b0c9bd7a0d862023-02-07 15:17:13.099root 11241100x8000000000000000710742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d538da8073bf6c12023-02-07 15:17:13.099root 11241100x8000000000000000710741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9516669523381022023-02-07 15:17:13.099root 11241100x8000000000000000710751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a76130d5ac9a582023-02-07 15:17:13.100root 11241100x8000000000000000710750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:13.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f950ce5790f4832023-02-07 15:17:13.100root 354300x8000000000000000710787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:23.112{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48866-false10.0.1.12-8000- 11241100x8000000000000000710788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe854ed2b9fe0c872023-02-07 15:17:23.595root 11241100x8000000000000000710789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c714cccd9912d92023-02-07 15:17:24.095root 11241100x8000000000000000710790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787a5dd7cadabc432023-02-07 15:17:24.595root 11241100x8000000000000000710791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:24.729{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:17:24.729root 11241100x8000000000000000710793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a924391873f0272023-02-07 15:17:25.095root 11241100x8000000000000000710792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1bc9d3fc7c19d62023-02-07 15:17:25.095root 11241100x8000000000000000710795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81f89165d1a03f92023-02-07 15:17:25.595root 11241100x8000000000000000710794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5bf74a92ec92e42023-02-07 15:17:25.595root 11241100x8000000000000000710797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd5b661b9625f792023-02-07 15:17:26.095root 11241100x8000000000000000710796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4448f6b9ef2af1e2023-02-07 15:17:26.095root 11241100x8000000000000000710799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492557c65ff912502023-02-07 15:17:26.595root 11241100x8000000000000000710798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b0c304c739ccbc2023-02-07 15:17:26.595root 11241100x8000000000000000710801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d764d6253997b3d62023-02-07 15:17:27.095root 11241100x8000000000000000710800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b24d731738a0942023-02-07 15:17:27.095root 11241100x8000000000000000710803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333971b8607cab542023-02-07 15:17:27.595root 11241100x8000000000000000710802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88d70b791f27f342023-02-07 15:17:27.595root 23542300x8000000000000000710804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:27.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000710807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82171a90d0bc815a2023-02-07 15:17:28.095root 11241100x8000000000000000710806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f46ed035bf5bb4e2023-02-07 15:17:28.095root 11241100x8000000000000000710805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c825c5dbd845c6732023-02-07 15:17:28.095root 354300x8000000000000000710808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.213{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42914-false10.0.1.12-8000- 11241100x8000000000000000710812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9caa4bb3caa04b2023-02-07 15:17:28.595root 11241100x8000000000000000710811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a24469770ced54b2023-02-07 15:17:28.595root 11241100x8000000000000000710810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c827cdd26415e4bc2023-02-07 15:17:28.595root 11241100x8000000000000000710809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff833978559e492023-02-07 15:17:28.595root 11241100x8000000000000000710816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940b880c95790f9e2023-02-07 15:17:29.095root 11241100x8000000000000000710815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f95adf61c202762023-02-07 15:17:29.095root 11241100x8000000000000000710814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801a4f7154c4730c2023-02-07 15:17:29.095root 11241100x8000000000000000710813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37303fa58daf3c8d2023-02-07 15:17:29.095root 11241100x8000000000000000710820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a55be4feef3a6c2023-02-07 15:17:29.595root 11241100x8000000000000000710819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5690a0aabb05cda2023-02-07 15:17:29.595root 11241100x8000000000000000710818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4549ffb67a12a4812023-02-07 15:17:29.595root 11241100x8000000000000000710817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd999cb56db2e8e2023-02-07 15:17:29.595root 11241100x8000000000000000710824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfeb01c69dc94112023-02-07 15:17:30.095root 11241100x8000000000000000710823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00e4debf2a60c1f2023-02-07 15:17:30.095root 11241100x8000000000000000710822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98658b73ba0e29d22023-02-07 15:17:30.095root 11241100x8000000000000000710821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0866cb07a806ea432023-02-07 15:17:30.095root 11241100x8000000000000000710828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357be4e7995122a52023-02-07 15:17:30.595root 11241100x8000000000000000710827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8905c2ae9a778b032023-02-07 15:17:30.595root 11241100x8000000000000000710826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fe33e1766c7822023-02-07 15:17:30.595root 11241100x8000000000000000710825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d285afad159e07312023-02-07 15:17:30.595root 11241100x8000000000000000710832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb16a236195554f82023-02-07 15:17:31.095root 11241100x8000000000000000710831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27037d5f88c016fe2023-02-07 15:17:31.095root 11241100x8000000000000000710830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a34413265589692023-02-07 15:17:31.095root 11241100x8000000000000000710829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b747e04c14fbe12023-02-07 15:17:31.095root 11241100x8000000000000000710835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d32b2ab19963fe2023-02-07 15:17:31.595root 11241100x8000000000000000710834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d953de1a012dc702023-02-07 15:17:31.595root 11241100x8000000000000000710833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c20718c6a05792023-02-07 15:17:31.595root 11241100x8000000000000000710836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bbca5a55bfaf812023-02-07 15:17:31.596root 11241100x8000000000000000710840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c4dd04401629c32023-02-07 15:17:32.095root 11241100x8000000000000000710839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40c5c4d5e24fa4f2023-02-07 15:17:32.095root 11241100x8000000000000000710838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a597e91735625d2023-02-07 15:17:32.095root 11241100x8000000000000000710837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7116e17e823aed562023-02-07 15:17:32.095root 11241100x8000000000000000710844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88602d26c4e473002023-02-07 15:17:32.595root 11241100x8000000000000000710843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e0a338fac3ff542023-02-07 15:17:32.595root 11241100x8000000000000000710842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc97bbdc894325c2023-02-07 15:17:32.595root 11241100x8000000000000000710841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc0aa2a82ae02f62023-02-07 15:17:32.595root 11241100x8000000000000000710848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d87fc2c75ded0db2023-02-07 15:17:33.095root 11241100x8000000000000000710847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bda0325e22cf052023-02-07 15:17:33.095root 11241100x8000000000000000710846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018bae0117271e352023-02-07 15:17:33.095root 11241100x8000000000000000710845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305577653da471a2023-02-07 15:17:33.095root 11241100x8000000000000000710851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618ea888cdbc5b1d2023-02-07 15:17:33.595root 11241100x8000000000000000710850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9596a234ec9c702023-02-07 15:17:33.595root 11241100x8000000000000000710849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675d8775e3b3228d2023-02-07 15:17:33.595root 11241100x8000000000000000710852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bf252d0ac0619d2023-02-07 15:17:33.596root 11241100x8000000000000000710856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54cd2ff2eec8332023-02-07 15:17:34.095root 11241100x8000000000000000710855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e045d68137ca2bd2023-02-07 15:17:34.095root 11241100x8000000000000000710854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039fb17b57f22e132023-02-07 15:17:34.095root 11241100x8000000000000000710853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9db8717d23d5592023-02-07 15:17:34.095root 354300x8000000000000000710857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.138{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42926-false10.0.1.12-8000- 11241100x8000000000000000710860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac81feae6ea2dd1b2023-02-07 15:17:34.595root 11241100x8000000000000000710859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35cb412776339fa2023-02-07 15:17:34.595root 11241100x8000000000000000710858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64d4550af9b17a32023-02-07 15:17:34.595root 11241100x8000000000000000710862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609d315023f0734b2023-02-07 15:17:34.596root 11241100x8000000000000000710861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b800d086507cb37c2023-02-07 15:17:34.596root 11241100x8000000000000000710866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a9b89ff1cb75c22023-02-07 15:17:35.095root 11241100x8000000000000000710865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed2c332cfc666ed2023-02-07 15:17:35.095root 11241100x8000000000000000710864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aa73f4154f807e2023-02-07 15:17:35.095root 11241100x8000000000000000710863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757d286678352ded2023-02-07 15:17:35.095root 11241100x8000000000000000710867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1524f4edd9957c2023-02-07 15:17:35.096root 11241100x8000000000000000710870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943d1bc43f844a32023-02-07 15:17:35.595root 11241100x8000000000000000710869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b10af763b980c452023-02-07 15:17:35.595root 11241100x8000000000000000710868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d81170f803b3c562023-02-07 15:17:35.595root 11241100x8000000000000000710872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019767a228ad274c2023-02-07 15:17:35.596root 11241100x8000000000000000710871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e02c36f1de7df2023-02-07 15:17:35.596root 11241100x8000000000000000710875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5028409fc7778d362023-02-07 15:17:36.095root 11241100x8000000000000000710874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80edff2eac5211c22023-02-07 15:17:36.095root 11241100x8000000000000000710873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c6b79530429ca22023-02-07 15:17:36.095root 11241100x8000000000000000710877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c77cb21e5dd2fb2023-02-07 15:17:36.096root 11241100x8000000000000000710876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd77d62586c3e30a2023-02-07 15:17:36.096root 11241100x8000000000000000710880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527d3345642b82b52023-02-07 15:17:36.595root 11241100x8000000000000000710879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd1a1959ce598f2023-02-07 15:17:36.595root 11241100x8000000000000000710878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9268185623b11d692023-02-07 15:17:36.595root 11241100x8000000000000000710882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8048130d2f94782023-02-07 15:17:36.596root 11241100x8000000000000000710881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b878ee7efd21572023-02-07 15:17:36.596root 11241100x8000000000000000710886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d27a50cc5d8262023-02-07 15:17:37.095root 11241100x8000000000000000710885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429a9b1e47ab46492023-02-07 15:17:37.095root 11241100x8000000000000000710884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f23cd1e306018362023-02-07 15:17:37.095root 11241100x8000000000000000710883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cc75348fa896f32023-02-07 15:17:37.095root 11241100x8000000000000000710887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6b324371ed09a12023-02-07 15:17:37.096root 11241100x8000000000000000710890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3fa5dc64e4fcb22023-02-07 15:17:37.595root 11241100x8000000000000000710889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7c21b389b472702023-02-07 15:17:37.595root 11241100x8000000000000000710888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e445336ff1e20df52023-02-07 15:17:37.595root 11241100x8000000000000000710892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754c2dd250f26f8d2023-02-07 15:17:37.596root 11241100x8000000000000000710891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ae71ff1ee4d32b2023-02-07 15:17:37.596root 11241100x8000000000000000710896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87be90a600fb1092023-02-07 15:17:38.095root 11241100x8000000000000000710895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd35c433f123a322023-02-07 15:17:38.095root 11241100x8000000000000000710894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a2158c2a7a23a02023-02-07 15:17:38.095root 11241100x8000000000000000710893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf075c5a4d8de412023-02-07 15:17:38.095root 11241100x8000000000000000710897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468f26b79dec0252023-02-07 15:17:38.096root 11241100x8000000000000000710900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80ef3472e9960ee2023-02-07 15:17:38.595root 11241100x8000000000000000710899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9850335a87033bd92023-02-07 15:17:38.595root 11241100x8000000000000000710898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0a3d8f93fa1bb82023-02-07 15:17:38.595root 11241100x8000000000000000710902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169e0fe8942112c82023-02-07 15:17:38.596root 11241100x8000000000000000710901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e2a32db8551602023-02-07 15:17:38.596root 11241100x8000000000000000710905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69d31387426277f2023-02-07 15:17:39.095root 11241100x8000000000000000710904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b92cbd352400f2023-02-07 15:17:39.095root 11241100x8000000000000000710903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be15e390f0c396272023-02-07 15:17:39.095root 11241100x8000000000000000710907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeef5eace3098a12023-02-07 15:17:39.096root 11241100x8000000000000000710906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b783af544806f6e62023-02-07 15:17:39.096root 11241100x8000000000000000710912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da34d5961dd7fc52023-02-07 15:17:39.595root 11241100x8000000000000000710911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba6e55c7c37b35b2023-02-07 15:17:39.595root 11241100x8000000000000000710910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3528c753fcbc1c212023-02-07 15:17:39.595root 11241100x8000000000000000710909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd49f0a8c3f2e32023-02-07 15:17:39.595root 11241100x8000000000000000710908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12c7ba864eb4b972023-02-07 15:17:39.595root 11241100x8000000000000000710917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff98af4b7a280f2023-02-07 15:17:40.095root 11241100x8000000000000000710916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d76677dc4238f72023-02-07 15:17:40.095root 11241100x8000000000000000710915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a152525a17831fd2023-02-07 15:17:40.095root 11241100x8000000000000000710914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2958edc63e88fcf2023-02-07 15:17:40.095root 11241100x8000000000000000710913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef21753a77a89db2023-02-07 15:17:40.095root 354300x8000000000000000710918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.123{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49148-false10.0.1.12-8000- 11241100x8000000000000000710923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23e2811d9f3ed8b2023-02-07 15:17:40.595root 11241100x8000000000000000710922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365d360f27ab76062023-02-07 15:17:40.595root 11241100x8000000000000000710921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d2f4c766b5f3f62023-02-07 15:17:40.595root 11241100x8000000000000000710920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896262c6565ad9162023-02-07 15:17:40.595root 11241100x8000000000000000710919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2383cafe55b8252023-02-07 15:17:40.595root 11241100x8000000000000000710924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a60d53b0afa68c52023-02-07 15:17:40.596root 11241100x8000000000000000710929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa48649e42bc4e32023-02-07 15:17:41.095root 11241100x8000000000000000710928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43aa5febaff9132e2023-02-07 15:17:41.095root 11241100x8000000000000000710927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e37c8629bfa1fc2023-02-07 15:17:41.095root 11241100x8000000000000000710926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaf5a6354116b842023-02-07 15:17:41.095root 11241100x8000000000000000710925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041722d44d7e3b182023-02-07 15:17:41.095root 11241100x8000000000000000710930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2247ac8359ff35302023-02-07 15:17:41.096root 11241100x8000000000000000710934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04af5e038f121fa92023-02-07 15:17:41.595root 11241100x8000000000000000710933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e58419596f7fca72023-02-07 15:17:41.595root 11241100x8000000000000000710932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b08c2df82010952023-02-07 15:17:41.595root 11241100x8000000000000000710931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e79da2fa129a5c2023-02-07 15:17:41.595root 11241100x8000000000000000710936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fdfc2e90e6937d2023-02-07 15:17:41.596root 11241100x8000000000000000710935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbfc7c5cd3c2f2f2023-02-07 15:17:41.596root 11241100x8000000000000000710940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd686800ddefc72023-02-07 15:17:42.095root 11241100x8000000000000000710939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa81d135a41bf892023-02-07 15:17:42.095root 11241100x8000000000000000710938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f375573f468efc2023-02-07 15:17:42.095root 11241100x8000000000000000710937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1990715076604a122023-02-07 15:17:42.095root 11241100x8000000000000000710942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ac499a93748e402023-02-07 15:17:42.096root 11241100x8000000000000000710941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84433f89a0db6012023-02-07 15:17:42.096root 11241100x8000000000000000710946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d861d003cb4f6b2023-02-07 15:17:42.595root 11241100x8000000000000000710945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f8bfbfa6a63eed2023-02-07 15:17:42.595root 11241100x8000000000000000710944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375165228be9014f2023-02-07 15:17:42.595root 11241100x8000000000000000710943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28fafc56ddaa1c92023-02-07 15:17:42.595root 11241100x8000000000000000710948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b759a166dadba42023-02-07 15:17:42.596root 11241100x8000000000000000710947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb516212fc781222023-02-07 15:17:42.596root 11241100x8000000000000000710953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e89b627726b3582023-02-07 15:17:43.095root 11241100x8000000000000000710952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c50d1d06d9a54832023-02-07 15:17:43.095root 11241100x8000000000000000710951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a092fd53eba88442023-02-07 15:17:43.095root 11241100x8000000000000000710950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068f90e36e89f7002023-02-07 15:17:43.095root 11241100x8000000000000000710949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f651c6c2543cca2023-02-07 15:17:43.095root 11241100x8000000000000000710954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe2339cd07efee82023-02-07 15:17:43.096root 11241100x8000000000000000710958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41292a1265042b582023-02-07 15:17:43.595root 11241100x8000000000000000710957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ecee849cf838002023-02-07 15:17:43.595root 11241100x8000000000000000710956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4d11836f6c5bda2023-02-07 15:17:43.595root 11241100x8000000000000000710955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a0603732f3ddb2023-02-07 15:17:43.595root 11241100x8000000000000000710960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225eac3136d826c92023-02-07 15:17:43.596root 11241100x8000000000000000710959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17f181b365d51132023-02-07 15:17:43.596root 11241100x8000000000000000710965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e58636894a79532023-02-07 15:17:44.095root 11241100x8000000000000000710964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc94b3c8f370b3cf2023-02-07 15:17:44.095root 11241100x8000000000000000710963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65f79af358811572023-02-07 15:17:44.095root 11241100x8000000000000000710962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8fa6092c7fb69e2023-02-07 15:17:44.095root 11241100x8000000000000000710961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca35dc145a4e83b2023-02-07 15:17:44.095root 11241100x8000000000000000710966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff066c36a205af52023-02-07 15:17:44.096root 11241100x8000000000000000710971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143b069d879214b32023-02-07 15:17:44.595root 11241100x8000000000000000710970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb96db899902b85b2023-02-07 15:17:44.595root 11241100x8000000000000000710969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aff665ba8c627d2023-02-07 15:17:44.595root 11241100x8000000000000000710968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7484703f64d984a2023-02-07 15:17:44.595root 11241100x8000000000000000710967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99a184de559fe322023-02-07 15:17:44.595root 11241100x8000000000000000710972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be6dc4d0e8987652023-02-07 15:17:44.596root 11241100x8000000000000000710975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7004e085d6e80c2023-02-07 15:17:45.095root 11241100x8000000000000000710974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c61839f5e55172023-02-07 15:17:45.095root 11241100x8000000000000000710973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67935a0e0f76558c2023-02-07 15:17:45.095root 11241100x8000000000000000710978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e8dea203ee66ae2023-02-07 15:17:45.096root 11241100x8000000000000000710977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496df2581a4beb062023-02-07 15:17:45.096root 11241100x8000000000000000710976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c32feaf0f12b702023-02-07 15:17:45.096root 354300x8000000000000000710979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.213{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47696-false10.0.1.12-8000- 11241100x8000000000000000710981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881c3a421ddcf7b22023-02-07 15:17:45.595root 11241100x8000000000000000710980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628602c8f4f1b8802023-02-07 15:17:45.595root 11241100x8000000000000000710983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9c90d7e79aa032023-02-07 15:17:45.596root 11241100x8000000000000000710982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673506ca73b9a88e2023-02-07 15:17:45.596root 11241100x8000000000000000710985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e393493fe3a83f02023-02-07 15:17:45.597root 11241100x8000000000000000710984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4265e38df2a643f42023-02-07 15:17:45.597root 11241100x8000000000000000710986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06be96b276b5a4822023-02-07 15:17:45.598root 11241100x8000000000000000710991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83ea95e04812f142023-02-07 15:17:46.095root 11241100x8000000000000000710990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80257e92b1cc6aae2023-02-07 15:17:46.095root 11241100x8000000000000000710989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1948b42d53531e9c2023-02-07 15:17:46.095root 11241100x8000000000000000710988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3cc725bd9f51bc2023-02-07 15:17:46.095root 11241100x8000000000000000710987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52a15c98a4c21962023-02-07 15:17:46.095root 11241100x8000000000000000710993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229294f0a23bbbb72023-02-07 15:17:46.096root 11241100x8000000000000000710992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d800541d3775312023-02-07 15:17:46.096root 11241100x8000000000000000710995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29b5ef3c32fa0a32023-02-07 15:17:46.595root 11241100x8000000000000000710994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8533d9de64862932023-02-07 15:17:46.595root 11241100x8000000000000000710999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f958608ff622e12023-02-07 15:17:46.596root 11241100x8000000000000000710998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c3482eb402c3562023-02-07 15:17:46.596root 11241100x8000000000000000710997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbf05bb7d4038d42023-02-07 15:17:46.596root 11241100x8000000000000000710996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a767ccab18bf6c2023-02-07 15:17:46.596root 11241100x8000000000000000711000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee045c81fa9e204a2023-02-07 15:17:46.597root 11241100x8000000000000000711002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29df65e8addf1ce52023-02-07 15:17:47.095root 11241100x8000000000000000711001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ededd7d64e6f802023-02-07 15:17:47.095root 11241100x8000000000000000711007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b92f05240a341b2023-02-07 15:17:47.096root 11241100x8000000000000000711006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7866f8f77751f62023-02-07 15:17:47.096root 11241100x8000000000000000711005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b98bb64bdc788d02023-02-07 15:17:47.096root 11241100x8000000000000000711004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3d0e60ce703c602023-02-07 15:17:47.096root 11241100x8000000000000000711003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29f85fa509756d82023-02-07 15:17:47.096root 11241100x8000000000000000711010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48422af1055527f2023-02-07 15:17:47.595root 11241100x8000000000000000711009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d515048cae7e2e912023-02-07 15:17:47.595root 11241100x8000000000000000711008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6899f25dbd91e5b32023-02-07 15:17:47.595root 11241100x8000000000000000711014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d14513f2a600432023-02-07 15:17:47.596root 11241100x8000000000000000711013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f43b6d131c1dc82023-02-07 15:17:47.596root 11241100x8000000000000000711012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02eb82020e9a460c2023-02-07 15:17:47.596root 11241100x8000000000000000711011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac318e9aa115a802023-02-07 15:17:47.596root 11241100x8000000000000000711016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eff2af4250bb4d2023-02-07 15:17:48.095root 11241100x8000000000000000711015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09704788b27886c22023-02-07 15:17:48.095root 11241100x8000000000000000711021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfda52ba300d9b782023-02-07 15:17:48.096root 11241100x8000000000000000711020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c900eb3ab70df72023-02-07 15:17:48.096root 11241100x8000000000000000711019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445ac7dcd56c00cc2023-02-07 15:17:48.096root 11241100x8000000000000000711018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f1abd49cd7ef32023-02-07 15:17:48.096root 11241100x8000000000000000711017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9132f76b87266c192023-02-07 15:17:48.096root 11241100x8000000000000000711023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a75a0f3a828ca2023-02-07 15:17:48.595root 11241100x8000000000000000711022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451f1f8479ab8fd2023-02-07 15:17:48.595root 11241100x8000000000000000711027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5bed426b181c72023-02-07 15:17:48.596root 11241100x8000000000000000711026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85209917b5e965f52023-02-07 15:17:48.596root 11241100x8000000000000000711025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a084697b004cdc812023-02-07 15:17:48.596root 11241100x8000000000000000711024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31913890c1b947e82023-02-07 15:17:48.596root 11241100x8000000000000000711028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e6a522185653fb2023-02-07 15:17:48.597root 11241100x8000000000000000711030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877cdcd05a3fad4e2023-02-07 15:17:49.095root 11241100x8000000000000000711029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da46627846f0dbe2023-02-07 15:17:49.095root 11241100x8000000000000000711033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b03ef2e2744e8b2023-02-07 15:17:49.096root 11241100x8000000000000000711032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc661a99726a2f542023-02-07 15:17:49.096root 11241100x8000000000000000711031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e195f7eaa97a2062023-02-07 15:17:49.096root 11241100x8000000000000000711035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6e533cb70f28d22023-02-07 15:17:49.097root 11241100x8000000000000000711034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef10899d3f885d92023-02-07 15:17:49.097root 11241100x8000000000000000711040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709cfdd29c8b6c972023-02-07 15:17:49.595root 11241100x8000000000000000711039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5d57f362af467d2023-02-07 15:17:49.595root 11241100x8000000000000000711038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8285248a84f1522023-02-07 15:17:49.595root 11241100x8000000000000000711037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3886312fa21f581a2023-02-07 15:17:49.595root 11241100x8000000000000000711036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2a83c610707d292023-02-07 15:17:49.595root 11241100x8000000000000000711042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92733916b99428642023-02-07 15:17:49.596root 11241100x8000000000000000711041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d7fd331e3403a72023-02-07 15:17:49.596root 11241100x8000000000000000711047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b26057c9200cdb2023-02-07 15:17:50.095root 11241100x8000000000000000711046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac6a948b74c96ba2023-02-07 15:17:50.095root 11241100x8000000000000000711045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8954065e6ff2822023-02-07 15:17:50.095root 11241100x8000000000000000711044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab411bcd891f19302023-02-07 15:17:50.095root 11241100x8000000000000000711043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c433ac454343a2023-02-07 15:17:50.095root 11241100x8000000000000000711049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d738742e92cc152023-02-07 15:17:50.096root 11241100x8000000000000000711048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af6489ae1afea702023-02-07 15:17:50.096root 354300x8000000000000000711050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.257{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47704-false10.0.1.12-8000- 11241100x8000000000000000711055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfbac7beccddae2023-02-07 15:17:50.595root 11241100x8000000000000000711054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af92267017e574b2023-02-07 15:17:50.595root 11241100x8000000000000000711053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba99d83f1de0be112023-02-07 15:17:50.595root 11241100x8000000000000000711052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72601d099cb842dd2023-02-07 15:17:50.595root 11241100x8000000000000000711051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f160e1c61fc8892023-02-07 15:17:50.595root 11241100x8000000000000000711058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0412ea6dfe22df2023-02-07 15:17:50.596root 11241100x8000000000000000711057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50652d94f4b51b82023-02-07 15:17:50.596root 11241100x8000000000000000711056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:50.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5be05ce837da3e2023-02-07 15:17:50.596root 11241100x8000000000000000711062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc40a3b550457ea22023-02-07 15:17:51.095root 11241100x8000000000000000711061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc7ae7a04bb22722023-02-07 15:17:51.095root 11241100x8000000000000000711060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddbeefc307963ed2023-02-07 15:17:51.095root 11241100x8000000000000000711059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc5a510710968712023-02-07 15:17:51.095root 11241100x8000000000000000711066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20df52704821d9d2023-02-07 15:17:51.096root 11241100x8000000000000000711065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8804650a376c8522023-02-07 15:17:51.096root 11241100x8000000000000000711064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acc10a6386450e32023-02-07 15:17:51.096root 11241100x8000000000000000711063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec21edd42b014d822023-02-07 15:17:51.096root 11241100x8000000000000000711070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4c6a4bc59cd7202023-02-07 15:17:51.595root 11241100x8000000000000000711069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0940844977f08c2023-02-07 15:17:51.595root 11241100x8000000000000000711068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da81ad0b98e3bd1f2023-02-07 15:17:51.595root 11241100x8000000000000000711067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a037d5860d3ce1172023-02-07 15:17:51.595root 11241100x8000000000000000711073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562fcacf6183366b2023-02-07 15:17:51.596root 11241100x8000000000000000711072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342f9fc5d7f468932023-02-07 15:17:51.596root 11241100x8000000000000000711071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0626233878c442692023-02-07 15:17:51.596root 11241100x8000000000000000711074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:51.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29bb24c8496c9d02023-02-07 15:17:51.597root 11241100x8000000000000000711076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c3686493fa06ec2023-02-07 15:17:52.095root 11241100x8000000000000000711075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aab847277d062ba2023-02-07 15:17:52.095root 11241100x8000000000000000711077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ea85431f9dee622023-02-07 15:17:52.096root 11241100x8000000000000000711079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbe1a1571a1f4bc2023-02-07 15:17:52.097root 11241100x8000000000000000711078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e23d8cde4702e5d2023-02-07 15:17:52.097root 11241100x8000000000000000711081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5891aaf12765542023-02-07 15:17:52.098root 11241100x8000000000000000711080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10610aa2bc464af2023-02-07 15:17:52.098root 11241100x8000000000000000711082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e32646e597cf7c42023-02-07 15:17:52.099root 11241100x8000000000000000711084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04167bcf76cf96a2023-02-07 15:17:52.595root 11241100x8000000000000000711083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bba2038720ecccf2023-02-07 15:17:52.595root 11241100x8000000000000000711086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0040ff5092288742023-02-07 15:17:52.596root 11241100x8000000000000000711085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54a3ba5e2c407822023-02-07 15:17:52.596root 11241100x8000000000000000711088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325d3439b61af1e22023-02-07 15:17:52.597root 11241100x8000000000000000711087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575408e45f0bc9662023-02-07 15:17:52.597root 11241100x8000000000000000711090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb43369e790710902023-02-07 15:17:52.598root 11241100x8000000000000000711089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:52.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78baf712274a4dde2023-02-07 15:17:52.598root 11241100x8000000000000000711094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db1cdb1e329852a2023-02-07 15:17:53.095root 11241100x8000000000000000711093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2dc7f2c04ad9d22023-02-07 15:17:53.095root 11241100x8000000000000000711092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d17730f2cb65252023-02-07 15:17:53.095root 11241100x8000000000000000711091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7eff179ebe2f022023-02-07 15:17:53.095root 11241100x8000000000000000711098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3745edb27add4d012023-02-07 15:17:53.096root 11241100x8000000000000000711097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90d1090e27182a22023-02-07 15:17:53.096root 11241100x8000000000000000711096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060717005d7a30c2023-02-07 15:17:53.096root 11241100x8000000000000000711095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8f801dc2932b4c2023-02-07 15:17:53.096root 11241100x8000000000000000711101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d32c857103e99c2023-02-07 15:17:53.596root 11241100x8000000000000000711100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc0a49e9db3cf8a2023-02-07 15:17:53.596root 11241100x8000000000000000711099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976bc9552feb2da42023-02-07 15:17:53.596root 11241100x8000000000000000711106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70a11e8447f513d2023-02-07 15:17:53.597root 11241100x8000000000000000711105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffccbf191834b0bc2023-02-07 15:17:53.597root 11241100x8000000000000000711104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2c3a104a51f2cd2023-02-07 15:17:53.597root 11241100x8000000000000000711103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b076bf37f8f582023-02-07 15:17:53.597root 11241100x8000000000000000711102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf18b56704af08e2023-02-07 15:17:53.597root 11241100x8000000000000000711110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4ccfd7086382a52023-02-07 15:17:54.095root 11241100x8000000000000000711109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4803a2e3f765a372023-02-07 15:17:54.095root 11241100x8000000000000000711108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c345e7a67b0610192023-02-07 15:17:54.095root 11241100x8000000000000000711107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cbce12636079472023-02-07 15:17:54.095root 11241100x8000000000000000711114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b591821d9b1e7d2023-02-07 15:17:54.096root 11241100x8000000000000000711113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe59a93feba4f402023-02-07 15:17:54.096root 11241100x8000000000000000711112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668b1baedcfb79252023-02-07 15:17:54.096root 11241100x8000000000000000711111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5885aa4bf0606ef92023-02-07 15:17:54.096root 11241100x8000000000000000711118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cad92addfee1372023-02-07 15:17:54.595root 11241100x8000000000000000711117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e7db5bbbe90c22023-02-07 15:17:54.595root 11241100x8000000000000000711116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a279bec06352762023-02-07 15:17:54.595root 11241100x8000000000000000711115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36709ca381b4a6d22023-02-07 15:17:54.595root 11241100x8000000000000000711122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e71c2daf221e1cd2023-02-07 15:17:54.596root 11241100x8000000000000000711121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad66d57cd9deec592023-02-07 15:17:54.596root 11241100x8000000000000000711120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cdb9ad565fb50a2023-02-07 15:17:54.596root 11241100x8000000000000000711119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ecd99259de5e622023-02-07 15:17:54.596root 11241100x8000000000000000711123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:54.729{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:17:54.729root 11241100x8000000000000000711130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fa2162d8d536b22023-02-07 15:17:55.095root 11241100x8000000000000000711129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e9d5e9aaf08dd52023-02-07 15:17:55.095root 11241100x8000000000000000711128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062972ae7fe766c82023-02-07 15:17:55.095root 11241100x8000000000000000711127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50f04485d0f157e2023-02-07 15:17:55.095root 11241100x8000000000000000711126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a16f5f22663abf2023-02-07 15:17:55.095root 11241100x8000000000000000711125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b48642a50b1ea432023-02-07 15:17:55.095root 11241100x8000000000000000711124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ffd93e23013ed92023-02-07 15:17:55.095root 11241100x8000000000000000711132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede9a1f488135f312023-02-07 15:17:55.096root 11241100x8000000000000000711131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ee434e633082be2023-02-07 15:17:55.096root 11241100x8000000000000000711135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9eadd0018815de2023-02-07 15:17:55.595root 11241100x8000000000000000711134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16df06d706d6bee12023-02-07 15:17:55.595root 11241100x8000000000000000711133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb2ec101d4faea2023-02-07 15:17:55.595root 11241100x8000000000000000711141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b2f2ec60eea97d2023-02-07 15:17:55.596root 11241100x8000000000000000711140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b995fcbb9cee28a92023-02-07 15:17:55.596root 11241100x8000000000000000711139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c1ab27e5234dbc2023-02-07 15:17:55.596root 11241100x8000000000000000711138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f5c7041d8d369f2023-02-07 15:17:55.596root 11241100x8000000000000000711137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcab33159c98f7e2023-02-07 15:17:55.596root 11241100x8000000000000000711136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105c9f8b386fa5422023-02-07 15:17:55.596root 354300x8000000000000000711142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.021{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33610-false10.0.1.12-8000- 11241100x8000000000000000711148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180d8dd69e318e012023-02-07 15:17:56.022root 11241100x8000000000000000711147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5018d2ea85e3812023-02-07 15:17:56.022root 11241100x8000000000000000711146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60db6fc659420d12023-02-07 15:17:56.022root 11241100x8000000000000000711145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060af1f9c4b057352023-02-07 15:17:56.022root 11241100x8000000000000000711144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94632a12236146972023-02-07 15:17:56.022root 11241100x8000000000000000711143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56dc4979fd523262023-02-07 15:17:56.022root 11241100x8000000000000000711152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc01e912912854662023-02-07 15:17:56.023root 11241100x8000000000000000711151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5405ecc87cfd8b9e2023-02-07 15:17:56.023root 11241100x8000000000000000711150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c952661bbe65262023-02-07 15:17:56.023root 11241100x8000000000000000711149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d37937c204203eb2023-02-07 15:17:56.023root 154100x8000000000000000711153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.313{ec244aba-6ba4-63e2-6834-4d84ea550000}6114/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 11241100x8000000000000000711163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795a98316ea53ea92023-02-07 15:17:56.315root 11241100x8000000000000000711162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec4ea9cc63e89012023-02-07 15:17:56.315root 11241100x8000000000000000711161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ab0dce35b360092023-02-07 15:17:56.315root 11241100x8000000000000000711160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa6cc2d047a5f742023-02-07 15:17:56.315root 11241100x8000000000000000711159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9760bb57e1a160842023-02-07 15:17:56.315root 11241100x8000000000000000711158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6bb477a047cd542023-02-07 15:17:56.315root 11241100x8000000000000000711157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aa6effac6262622023-02-07 15:17:56.315root 11241100x8000000000000000711156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e6b23049aec5182023-02-07 15:17:56.315root 11241100x8000000000000000711155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc7ad1c7f3b46aa2023-02-07 15:17:56.315root 11241100x8000000000000000711154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.315{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a30a1cfa7fd5bdb2023-02-07 15:17:56.315root 11241100x8000000000000000711164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.316{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f319a382da537f1b2023-02-07 15:17:56.316root 534500x8000000000000000711165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.328{ec244aba-6ba4-63e2-6834-4d84ea550000}6114/bin/psroot 11241100x8000000000000000711171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9921d183101ad7832023-02-07 15:17:56.595root 11241100x8000000000000000711170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74010c7ba37be33e2023-02-07 15:17:56.595root 11241100x8000000000000000711169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e2fcd8ace26fc2023-02-07 15:17:56.595root 11241100x8000000000000000711168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258dec8c13b885a62023-02-07 15:17:56.595root 11241100x8000000000000000711167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9362fee7fc1de8672023-02-07 15:17:56.595root 11241100x8000000000000000711166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccfdf98affca2272023-02-07 15:17:56.595root 11241100x8000000000000000711177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f542775e7d7dc732023-02-07 15:17:56.596root 11241100x8000000000000000711176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a1c0474ef1c9b92023-02-07 15:17:56.596root 11241100x8000000000000000711175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a373637b07325c2023-02-07 15:17:56.596root 11241100x8000000000000000711174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fcaa3cc4ba6d4d2023-02-07 15:17:56.596root 11241100x8000000000000000711173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc16a479cb28c772023-02-07 15:17:56.596root 11241100x8000000000000000711172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284697a023f2b812023-02-07 15:17:56.596root 11241100x8000000000000000711181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e32840ab3e76992023-02-07 15:17:57.095root 11241100x8000000000000000711180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea35f5a7202913d2023-02-07 15:17:57.095root 11241100x8000000000000000711179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47be950752c669fc2023-02-07 15:17:57.095root 11241100x8000000000000000711178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c198c29740c8e0632023-02-07 15:17:57.095root 11241100x8000000000000000711188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98956444dcab5df52023-02-07 15:17:57.096root 11241100x8000000000000000711187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee2a3bf482d10382023-02-07 15:17:57.096root 11241100x8000000000000000711186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa72c87a7634d062023-02-07 15:17:57.096root 11241100x8000000000000000711185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02122f14997522a2023-02-07 15:17:57.096root 11241100x8000000000000000711184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a48c1e983a46e712023-02-07 15:17:57.096root 11241100x8000000000000000711183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baefe442a41d2052023-02-07 15:17:57.096root 11241100x8000000000000000711182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00f93b837153ad72023-02-07 15:17:57.096root 11241100x8000000000000000711189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5e599bc59d5f12023-02-07 15:17:57.097root 11241100x8000000000000000711193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5101f6de67e214b22023-02-07 15:17:57.595root 11241100x8000000000000000711192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b41ca85c28a9f12023-02-07 15:17:57.595root 11241100x8000000000000000711191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab1c4856ff4fa412023-02-07 15:17:57.595root 11241100x8000000000000000711190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a85eaab4b03372023-02-07 15:17:57.595root 11241100x8000000000000000711200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabb88b0d24042c72023-02-07 15:17:57.596root 11241100x8000000000000000711199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de5dbf221a4220b2023-02-07 15:17:57.596root 11241100x8000000000000000711198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc0920c54bd48092023-02-07 15:17:57.596root 11241100x8000000000000000711197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3c1a33f8e84a7d2023-02-07 15:17:57.596root 11241100x8000000000000000711196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387c37c6c1f256172023-02-07 15:17:57.596root 11241100x8000000000000000711195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ee2db4c272e5fa2023-02-07 15:17:57.596root 11241100x8000000000000000711194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fdb1cc09edc78d2023-02-07 15:17:57.596root 11241100x8000000000000000711201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a0c762ad34fa6f2023-02-07 15:17:57.597root 23542300x8000000000000000711202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:57.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000711206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554ffb6d835e0402023-02-07 15:17:58.095root 11241100x8000000000000000711205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d67da0a8525c9c2023-02-07 15:17:58.095root 11241100x8000000000000000711204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4844ec9d8a11252023-02-07 15:17:58.095root 11241100x8000000000000000711203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571c55a5a953a0242023-02-07 15:17:58.095root 11241100x8000000000000000711215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeded1724279c5902023-02-07 15:17:58.096root 11241100x8000000000000000711214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc846ca38093ae12023-02-07 15:17:58.096root 11241100x8000000000000000711213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd85c50a37db27ea2023-02-07 15:17:58.096root 11241100x8000000000000000711212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a1378d341aa27b2023-02-07 15:17:58.096root 11241100x8000000000000000711211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255196b6ac8491aa2023-02-07 15:17:58.096root 11241100x8000000000000000711210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f8ffd06bfa703b2023-02-07 15:17:58.096root 11241100x8000000000000000711209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593496cb9f3953332023-02-07 15:17:58.096root 11241100x8000000000000000711208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc422d3762e74ccd2023-02-07 15:17:58.096root 11241100x8000000000000000711207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec6fc079e2e09b82023-02-07 15:17:58.096root 11241100x8000000000000000711219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50fb67d1842f18f2023-02-07 15:17:58.595root 11241100x8000000000000000711218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d51ccf0eaaf1ca92023-02-07 15:17:58.595root 11241100x8000000000000000711217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b02b8a874b8f1c2023-02-07 15:17:58.595root 11241100x8000000000000000711216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d28bf5da165c4b02023-02-07 15:17:58.595root 11241100x8000000000000000711227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568ded2e9e25ed532023-02-07 15:17:58.596root 11241100x8000000000000000711226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65566d4f6504e632023-02-07 15:17:58.596root 11241100x8000000000000000711225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e0e6e7012f0b812023-02-07 15:17:58.596root 11241100x8000000000000000711224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05aaf5f5f2b5052b2023-02-07 15:17:58.596root 11241100x8000000000000000711223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12445adb6adf81eb2023-02-07 15:17:58.596root 11241100x8000000000000000711222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9509b0a9ab6e4aa92023-02-07 15:17:58.596root 11241100x8000000000000000711221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b302a1d9219595382023-02-07 15:17:58.596root 11241100x8000000000000000711220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4e09311ec867af2023-02-07 15:17:58.596root 11241100x8000000000000000711228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020df8c9c76aa9fe2023-02-07 15:17:58.597root 11241100x8000000000000000711230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab326d421de97c82023-02-07 15:17:59.095root 11241100x8000000000000000711229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9f4a2913a008a82023-02-07 15:17:59.095root 11241100x8000000000000000711235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd20256345a46302023-02-07 15:17:59.096root 11241100x8000000000000000711234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6918f76fcf85c76d2023-02-07 15:17:59.096root 11241100x8000000000000000711233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8d1a5ff03e7e8f2023-02-07 15:17:59.096root 11241100x8000000000000000711232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1276369b3b9638702023-02-07 15:17:59.096root 11241100x8000000000000000711231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9a1bc1a113070e2023-02-07 15:17:59.096root 11241100x8000000000000000711239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca61c5943b425752023-02-07 15:17:59.097root 11241100x8000000000000000711238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239b0c4cba5bf57b2023-02-07 15:17:59.097root 11241100x8000000000000000711237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd34bfdb1ad61b152023-02-07 15:17:59.097root 11241100x8000000000000000711236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aa8c555ba363ac2023-02-07 15:17:59.097root 11241100x8000000000000000711241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a6cfeb2309d0ea2023-02-07 15:17:59.098root 11241100x8000000000000000711240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9085343a2b26b6de2023-02-07 15:17:59.098root 11241100x8000000000000000711243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c656583ed8532be02023-02-07 15:17:59.595root 11241100x8000000000000000711242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369db08df8879caa2023-02-07 15:17:59.595root 11241100x8000000000000000711249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded9b050654172742023-02-07 15:17:59.596root 11241100x8000000000000000711248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b40fe6d5e7341d2023-02-07 15:17:59.596root 11241100x8000000000000000711247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4015b6b5d240e7672023-02-07 15:17:59.596root 11241100x8000000000000000711246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710661f5e79750f52023-02-07 15:17:59.596root 11241100x8000000000000000711245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5837b3cbe419c92023-02-07 15:17:59.596root 11241100x8000000000000000711244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb7ff3fc32140b42023-02-07 15:17:59.596root 11241100x8000000000000000711254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d91db13d0bf93192023-02-07 15:17:59.597root 11241100x8000000000000000711253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f50b643289d672023-02-07 15:17:59.597root 11241100x8000000000000000711252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829154aef0b26a4b2023-02-07 15:17:59.597root 11241100x8000000000000000711251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15ced93ea397b902023-02-07 15:17:59.597root 11241100x8000000000000000711250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:17:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e08ed6779e7cf92023-02-07 15:17:59.597root 11241100x8000000000000000711256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76dc2744737a4812023-02-07 15:18:00.095root 11241100x8000000000000000711255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d900a1c57609c722023-02-07 15:18:00.095root 11241100x8000000000000000711260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c15aa3f050e4c32023-02-07 15:18:00.096root 11241100x8000000000000000711259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017d0e43da09782c2023-02-07 15:18:00.096root 11241100x8000000000000000711258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4914cc46c89e1fb22023-02-07 15:18:00.096root 11241100x8000000000000000711257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ae41ce69f35ccf2023-02-07 15:18:00.096root 11241100x8000000000000000711264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30e8ea11f812d962023-02-07 15:18:00.097root 11241100x8000000000000000711263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c46fddfd1239a02023-02-07 15:18:00.097root 11241100x8000000000000000711262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a8d3e8e90addd92023-02-07 15:18:00.097root 11241100x8000000000000000711261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d982feb2222ed82023-02-07 15:18:00.097root 11241100x8000000000000000711267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09254e0262255492023-02-07 15:18:00.098root 11241100x8000000000000000711266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf620904444333e42023-02-07 15:18:00.098root 11241100x8000000000000000711265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b28ffd69186741d2023-02-07 15:18:00.098root 11241100x8000000000000000711272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4649ca0f0b49b1962023-02-07 15:18:00.595root 11241100x8000000000000000711271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d167a6fc41803a2023-02-07 15:18:00.595root 11241100x8000000000000000711270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127dc892c44c6f162023-02-07 15:18:00.595root 11241100x8000000000000000711269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731c16aa7364b6e02023-02-07 15:18:00.595root 11241100x8000000000000000711268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc203622712185932023-02-07 15:18:00.595root 11241100x8000000000000000711277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd2abb49e1195092023-02-07 15:18:00.596root 11241100x8000000000000000711276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec027e58212d40042023-02-07 15:18:00.596root 11241100x8000000000000000711275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4754856e9884daae2023-02-07 15:18:00.596root 11241100x8000000000000000711274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8439a82f099a6a2023-02-07 15:18:00.596root 11241100x8000000000000000711273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfd1898b5be35c22023-02-07 15:18:00.596root 11241100x8000000000000000711280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d842896d41f4bb302023-02-07 15:18:00.597root 11241100x8000000000000000711279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3824333beeaa7842023-02-07 15:18:00.597root 11241100x8000000000000000711278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8498e8f4ccf461532023-02-07 15:18:00.597root 11241100x8000000000000000711282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afb08eaf683fe6f2023-02-07 15:18:01.095root 11241100x8000000000000000711281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92195aa9e90181ef2023-02-07 15:18:01.095root 11241100x8000000000000000711288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56851f11fc7f62f12023-02-07 15:18:01.096root 11241100x8000000000000000711287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6022e8176c3ac982023-02-07 15:18:01.096root 11241100x8000000000000000711286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e618231d4814002023-02-07 15:18:01.096root 11241100x8000000000000000711285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f09afc34978c3b92023-02-07 15:18:01.096root 11241100x8000000000000000711284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0113bbb9d19177ac2023-02-07 15:18:01.096root 11241100x8000000000000000711283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bee4d6c682ac2572023-02-07 15:18:01.096root 11241100x8000000000000000711293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5bc23e9fdb84222023-02-07 15:18:01.097root 11241100x8000000000000000711292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316a967a8e0c246b2023-02-07 15:18:01.097root 11241100x8000000000000000711291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33f64594aada1d2023-02-07 15:18:01.097root 11241100x8000000000000000711290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9cdf7c28b3e6812023-02-07 15:18:01.097root 11241100x8000000000000000711289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023b4378f968baa42023-02-07 15:18:01.097root 354300x8000000000000000711294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.124{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33624-false10.0.1.12-8000- 11241100x8000000000000000711298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5545bb9c97ff605c2023-02-07 15:18:01.595root 11241100x8000000000000000711297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f87b77701f84512023-02-07 15:18:01.595root 11241100x8000000000000000711296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7643f3bc4d16d52023-02-07 15:18:01.595root 11241100x8000000000000000711295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9823946306774242023-02-07 15:18:01.595root 11241100x8000000000000000711308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db5359ff3faf6a32023-02-07 15:18:01.596root 11241100x8000000000000000711307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24aba82177de50e2023-02-07 15:18:01.596root 11241100x8000000000000000711306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3758c18f8a03e42023-02-07 15:18:01.596root 11241100x8000000000000000711305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92f02af582ebfdb2023-02-07 15:18:01.596root 11241100x8000000000000000711304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664776b1ab068eb02023-02-07 15:18:01.596root 11241100x8000000000000000711303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc99b654f78f3832023-02-07 15:18:01.596root 11241100x8000000000000000711302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ff3b92a54d464a2023-02-07 15:18:01.596root 11241100x8000000000000000711301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7b1c5df79067cf2023-02-07 15:18:01.596root 11241100x8000000000000000711300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8150e0acc2b37ff82023-02-07 15:18:01.596root 11241100x8000000000000000711299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc67a3a894a752d92023-02-07 15:18:01.596root 11241100x8000000000000000711310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0743228ddc29a29b2023-02-07 15:18:02.095root 11241100x8000000000000000711309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b669981b38475a802023-02-07 15:18:02.095root 11241100x8000000000000000711314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c49e39ae3a271ea2023-02-07 15:18:02.096root 11241100x8000000000000000711313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c5cfcde0e676cf2023-02-07 15:18:02.096root 11241100x8000000000000000711312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8d6a53b93a47432023-02-07 15:18:02.096root 11241100x8000000000000000711311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01731634052221622023-02-07 15:18:02.096root 11241100x8000000000000000711324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da347f569cf3cdcf2023-02-07 15:18:02.097root 11241100x8000000000000000711323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ce0cd60d88882a2023-02-07 15:18:02.097root 11241100x8000000000000000711322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123d2c55360ed342023-02-07 15:18:02.097root 11241100x8000000000000000711321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e7eb833dff5c02023-02-07 15:18:02.097root 11241100x8000000000000000711320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1c62db7bf64f1c2023-02-07 15:18:02.097root 11241100x8000000000000000711319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8df3b2dce1a0e962023-02-07 15:18:02.097root 11241100x8000000000000000711318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5124414adeb34da2023-02-07 15:18:02.097root 11241100x8000000000000000711317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f28450ac2ee25ec2023-02-07 15:18:02.097root 11241100x8000000000000000711316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932324ec082a1d4a2023-02-07 15:18:02.097root 11241100x8000000000000000711315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef4da7cbe99ebe32023-02-07 15:18:02.097root 11241100x8000000000000000711328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bbf530cd564d932023-02-07 15:18:02.595root 11241100x8000000000000000711327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb7febfc190984d2023-02-07 15:18:02.595root 11241100x8000000000000000711326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaae5f6e473d1542023-02-07 15:18:02.595root 11241100x8000000000000000711325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b976fafe2135452023-02-07 15:18:02.595root 11241100x8000000000000000711334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8541557a4474843e2023-02-07 15:18:02.596root 11241100x8000000000000000711333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12bcbf492581aa42023-02-07 15:18:02.596root 11241100x8000000000000000711332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0c3463ae8962122023-02-07 15:18:02.596root 11241100x8000000000000000711331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff2e4a496b818872023-02-07 15:18:02.596root 11241100x8000000000000000711330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9ded78a5767dc32023-02-07 15:18:02.596root 11241100x8000000000000000711329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df117f3ac0936a32023-02-07 15:18:02.596root 11241100x8000000000000000711338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2140655cf2a9452023-02-07 15:18:02.597root 11241100x8000000000000000711337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345ab8b992beb3032023-02-07 15:18:02.597root 11241100x8000000000000000711336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d50e75b3e11fd2023-02-07 15:18:02.597root 11241100x8000000000000000711335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:02.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6d52fd1cbf2aaa2023-02-07 15:18:02.597root 11241100x8000000000000000711341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99241d57d11d059c2023-02-07 15:18:03.095root 11241100x8000000000000000711340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d4732cf8fe3fe22023-02-07 15:18:03.095root 11241100x8000000000000000711339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8d19ab9d12cf2e2023-02-07 15:18:03.095root 11241100x8000000000000000711348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f721436d6899782023-02-07 15:18:03.096root 11241100x8000000000000000711347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50eb2abdeabd2742023-02-07 15:18:03.096root 11241100x8000000000000000711346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351725aada1303f72023-02-07 15:18:03.096root 11241100x8000000000000000711345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c49cb04682c6f52023-02-07 15:18:03.096root 11241100x8000000000000000711344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f580be260aaef72023-02-07 15:18:03.096root 11241100x8000000000000000711343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dcee49854079d22023-02-07 15:18:03.096root 11241100x8000000000000000711342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0b6669bb5d8b802023-02-07 15:18:03.096root 11241100x8000000000000000711352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae09247762b3c6f2023-02-07 15:18:03.097root 11241100x8000000000000000711351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fb2f5c201ba2e12023-02-07 15:18:03.097root 11241100x8000000000000000711350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56df1590468052162023-02-07 15:18:03.097root 11241100x8000000000000000711349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5134ef1c226b6682023-02-07 15:18:03.097root 11241100x8000000000000000711356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf62780bba26a72023-02-07 15:18:03.595root 11241100x8000000000000000711355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03701b2dc7eb8ece2023-02-07 15:18:03.595root 11241100x8000000000000000711354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd90a051e07f21a62023-02-07 15:18:03.595root 11241100x8000000000000000711353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fb68822e746e4e2023-02-07 15:18:03.595root 11241100x8000000000000000711362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8834bb3133ce2c542023-02-07 15:18:03.596root 11241100x8000000000000000711361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45ee4b8c0dfea82023-02-07 15:18:03.596root 11241100x8000000000000000711360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f88b9fd76d363282023-02-07 15:18:03.596root 11241100x8000000000000000711359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6fa013a4382a502023-02-07 15:18:03.596root 11241100x8000000000000000711358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068ac9dbd45fe00d2023-02-07 15:18:03.596root 11241100x8000000000000000711357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef48ad5da857ebc12023-02-07 15:18:03.596root 11241100x8000000000000000711366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d58a260791e40dc2023-02-07 15:18:03.597root 11241100x8000000000000000711365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82803a4130a21bc2023-02-07 15:18:03.597root 11241100x8000000000000000711364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccb92e9bb1c967a2023-02-07 15:18:03.597root 11241100x8000000000000000711363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:03.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19b1682ab3583672023-02-07 15:18:03.597root 11241100x8000000000000000711368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e3ae905964a9f02023-02-07 15:18:04.095root 11241100x8000000000000000711367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4509c9a8ffda29102023-02-07 15:18:04.095root 11241100x8000000000000000711379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d2640cbbb226f92023-02-07 15:18:04.096root 11241100x8000000000000000711378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b9ee75dba5dd612023-02-07 15:18:04.096root 11241100x8000000000000000711377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8243ad3123401ee62023-02-07 15:18:04.096root 11241100x8000000000000000711376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbf5358a24fe4c82023-02-07 15:18:04.096root 11241100x8000000000000000711375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d889f90f623b622023-02-07 15:18:04.096root 11241100x8000000000000000711374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a3e1ca14447522023-02-07 15:18:04.096root 11241100x8000000000000000711373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61f0e4d27046ba82023-02-07 15:18:04.096root 11241100x8000000000000000711372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0913473f7996cc3c2023-02-07 15:18:04.096root 11241100x8000000000000000711371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf79361efa9eb9f2023-02-07 15:18:04.096root 11241100x8000000000000000711370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0be61756724e712023-02-07 15:18:04.096root 11241100x8000000000000000711369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3255066b8a963f2023-02-07 15:18:04.096root 11241100x8000000000000000711380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb67c9fb7f15d4bf2023-02-07 15:18:04.097root 11241100x8000000000000000711384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1e902063089b122023-02-07 15:18:04.595root 11241100x8000000000000000711383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1daf816de360062023-02-07 15:18:04.595root 11241100x8000000000000000711382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6315936d97c6532023-02-07 15:18:04.595root 11241100x8000000000000000711381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523bb941606244b62023-02-07 15:18:04.595root 11241100x8000000000000000711390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d44c4379204d412023-02-07 15:18:04.596root 11241100x8000000000000000711389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425ace6a8bca36292023-02-07 15:18:04.596root 11241100x8000000000000000711388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1f701585d9de562023-02-07 15:18:04.596root 11241100x8000000000000000711387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afa786ccd3c71932023-02-07 15:18:04.596root 11241100x8000000000000000711386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14f8f48dd70e0042023-02-07 15:18:04.596root 11241100x8000000000000000711385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c1001a8919488a2023-02-07 15:18:04.596root 11241100x8000000000000000711394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7e63a320b088a2023-02-07 15:18:04.597root 11241100x8000000000000000711393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9f3f5762c028042023-02-07 15:18:04.597root 11241100x8000000000000000711392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a1e7af89e01ea92023-02-07 15:18:04.597root 11241100x8000000000000000711391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a31139bda2cbaec2023-02-07 15:18:04.597root 11241100x8000000000000000711398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3895e0b2c8b97b2023-02-07 15:18:05.095root 11241100x8000000000000000711397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52eb4237bbf11322023-02-07 15:18:05.095root 11241100x8000000000000000711396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18956bdfdca02f32023-02-07 15:18:05.095root 11241100x8000000000000000711395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1f2af6adbe53782023-02-07 15:18:05.095root 11241100x8000000000000000711406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041a8d4c11e67502023-02-07 15:18:05.096root 11241100x8000000000000000711405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a459bc0d5ca7d2023-02-07 15:18:05.096root 11241100x8000000000000000711404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b32a5b446e123dd2023-02-07 15:18:05.096root 11241100x8000000000000000711403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f304c47473dc32f2023-02-07 15:18:05.096root 11241100x8000000000000000711402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf752493cc3766c2023-02-07 15:18:05.096root 11241100x8000000000000000711401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cbadc0fb0dae1f2023-02-07 15:18:05.096root 11241100x8000000000000000711400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3dc6b7977ecbfe2023-02-07 15:18:05.096root 11241100x8000000000000000711399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6c2feeb1ae853a2023-02-07 15:18:05.096root 11241100x8000000000000000711408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2545cdc0c968c7e92023-02-07 15:18:05.097root 11241100x8000000000000000711407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14109e1b11b2ec62023-02-07 15:18:05.097root 11241100x8000000000000000711412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707fd5d7bb2f20e02023-02-07 15:18:05.595root 11241100x8000000000000000711411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae28332133ab24272023-02-07 15:18:05.595root 11241100x8000000000000000711410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4e58dddef0f0752023-02-07 15:18:05.595root 11241100x8000000000000000711409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedddcc838710b2f2023-02-07 15:18:05.595root 11241100x8000000000000000711417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9596653ea5286f462023-02-07 15:18:05.596root 11241100x8000000000000000711416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae507b9d13c2ae32023-02-07 15:18:05.596root 11241100x8000000000000000711415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b320a75a7809f9192023-02-07 15:18:05.596root 11241100x8000000000000000711414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39391b0acb7f680f2023-02-07 15:18:05.596root 11241100x8000000000000000711413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d385d5b64b6acee2023-02-07 15:18:05.596root 11241100x8000000000000000711421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe60ca1f665c8e2023-02-07 15:18:05.597root 11241100x8000000000000000711420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b357c1d67789b62023-02-07 15:18:05.597root 11241100x8000000000000000711419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ad6ec69b115b4b2023-02-07 15:18:05.597root 11241100x8000000000000000711418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16236a4f57f13272023-02-07 15:18:05.597root 11241100x8000000000000000711422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2fac8932b298352023-02-07 15:18:05.598root 11241100x8000000000000000711427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8e50298d9104002023-02-07 15:18:06.095root 11241100x8000000000000000711426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf763baa50b77d52023-02-07 15:18:06.095root 11241100x8000000000000000711425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba1dc52e488824a2023-02-07 15:18:06.095root 11241100x8000000000000000711424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625b3140c3dc8fc72023-02-07 15:18:06.095root 11241100x8000000000000000711423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7373f1f72e3184b2023-02-07 15:18:06.095root 11241100x8000000000000000711431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cadcaf0db8bd812023-02-07 15:18:06.096root 11241100x8000000000000000711430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d752f95bc20f628f2023-02-07 15:18:06.096root 11241100x8000000000000000711429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da22dc400ac49cb62023-02-07 15:18:06.096root 11241100x8000000000000000711428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5e0881cb312f32023-02-07 15:18:06.096root 11241100x8000000000000000711435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78b39a6e3cb82882023-02-07 15:18:06.097root 11241100x8000000000000000711434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1a24c852868992023-02-07 15:18:06.097root 11241100x8000000000000000711433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fa3d486f9179c12023-02-07 15:18:06.097root 11241100x8000000000000000711432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913bd92de37ce7202023-02-07 15:18:06.097root 11241100x8000000000000000711436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41bf1b52a8bd3412023-02-07 15:18:06.098root 11241100x8000000000000000711438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc632eb9fd57001c2023-02-07 15:18:06.595root 11241100x8000000000000000711437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba402141ece2e5e12023-02-07 15:18:06.595root 11241100x8000000000000000711442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953c80c725211d9e2023-02-07 15:18:06.596root 11241100x8000000000000000711441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cbc1c5284f3d842023-02-07 15:18:06.596root 11241100x8000000000000000711440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d043cd3f6d7aace2023-02-07 15:18:06.596root 11241100x8000000000000000711439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9288ce14e4148fbf2023-02-07 15:18:06.596root 11241100x8000000000000000711446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f390a263a04178d22023-02-07 15:18:06.597root 11241100x8000000000000000711445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb8deb0276bbdc72023-02-07 15:18:06.597root 11241100x8000000000000000711444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587fdf4ffe0057782023-02-07 15:18:06.597root 11241100x8000000000000000711443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ec4bc31e6c7cfa2023-02-07 15:18:06.597root 11241100x8000000000000000711450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd394b8eec8162a52023-02-07 15:18:06.598root 11241100x8000000000000000711449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31de761f2f53f20b2023-02-07 15:18:06.598root 11241100x8000000000000000711448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc95bce299c5d9d2023-02-07 15:18:06.598root 11241100x8000000000000000711447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8788122d05016552023-02-07 15:18:06.598root 354300x8000000000000000711451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.057{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52938-false10.0.1.12-8000- 11241100x8000000000000000711459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de2c6c33cee531d2023-02-07 15:18:07.058root 11241100x8000000000000000711458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0065e2ba1718112023-02-07 15:18:07.058root 11241100x8000000000000000711457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e71e769114bb5692023-02-07 15:18:07.058root 11241100x8000000000000000711456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1bde1b43b0685b2023-02-07 15:18:07.058root 11241100x8000000000000000711455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c316673b0f73482023-02-07 15:18:07.058root 11241100x8000000000000000711454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90677f1cc59c0cb2023-02-07 15:18:07.058root 11241100x8000000000000000711453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da68e3df93c09752023-02-07 15:18:07.058root 11241100x8000000000000000711452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde95c9bcb6481b12023-02-07 15:18:07.058root 11241100x8000000000000000711465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfb0e2cdae6295a2023-02-07 15:18:07.059root 11241100x8000000000000000711464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29a3ec2a0296afe2023-02-07 15:18:07.059root 11241100x8000000000000000711463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773e32925bcfb7ab2023-02-07 15:18:07.059root 11241100x8000000000000000711462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5187a94f24013d2023-02-07 15:18:07.059root 11241100x8000000000000000711461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565b7380434f7cff2023-02-07 15:18:07.059root 11241100x8000000000000000711460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474f481dfac35eba2023-02-07 15:18:07.059root 11241100x8000000000000000711466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.060{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07839cc4a70acee12023-02-07 15:18:07.060root 11241100x8000000000000000711467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daedda0e71174a62023-02-07 15:18:07.345root 11241100x8000000000000000711480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9769a69eeca3c582023-02-07 15:18:07.346root 11241100x8000000000000000711479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc4296400802a52023-02-07 15:18:07.346root 11241100x8000000000000000711478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0caacc26a7e4fd2023-02-07 15:18:07.346root 11241100x8000000000000000711477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c2243c22b9d1a2023-02-07 15:18:07.346root 11241100x8000000000000000711476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc63ddfa9d078752023-02-07 15:18:07.346root 11241100x8000000000000000711475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4593aa0628d0445f2023-02-07 15:18:07.346root 11241100x8000000000000000711474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf54e9a2a5e60d82023-02-07 15:18:07.346root 11241100x8000000000000000711473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b80a1b5590ba4ec2023-02-07 15:18:07.346root 11241100x8000000000000000711472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150d89757997358d2023-02-07 15:18:07.346root 11241100x8000000000000000711471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627b1a1b8620cef2023-02-07 15:18:07.346root 11241100x8000000000000000711470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3d5973ecfade622023-02-07 15:18:07.346root 11241100x8000000000000000711469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7cc790ca562da62023-02-07 15:18:07.346root 11241100x8000000000000000711468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7472d7b9457a0cb82023-02-07 15:18:07.346root 11241100x8000000000000000711481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5ed05e0b804c052023-02-07 15:18:07.347root 11241100x8000000000000000711482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117500924917e0002023-02-07 15:18:07.845root 11241100x8000000000000000711490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2545f95269e7bd142023-02-07 15:18:07.846root 11241100x8000000000000000711489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca215d06a569c692023-02-07 15:18:07.846root 11241100x8000000000000000711488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1845dbecf909f42023-02-07 15:18:07.846root 11241100x8000000000000000711487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c63ca65f8028c792023-02-07 15:18:07.846root 11241100x8000000000000000711486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c121bab1bd7ad982023-02-07 15:18:07.846root 11241100x8000000000000000711485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2332695f167280d2023-02-07 15:18:07.846root 11241100x8000000000000000711484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263eec0f714c72682023-02-07 15:18:07.846root 11241100x8000000000000000711483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fc8e3e38eeec952023-02-07 15:18:07.846root 11241100x8000000000000000711496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7467937f9507582023-02-07 15:18:07.847root 11241100x8000000000000000711495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b5393f812dea412023-02-07 15:18:07.847root 11241100x8000000000000000711494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2462d0c123b252023-02-07 15:18:07.847root 11241100x8000000000000000711493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c173e9876da7b02023-02-07 15:18:07.847root 11241100x8000000000000000711492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04485541a2cec8e62023-02-07 15:18:07.847root 11241100x8000000000000000711491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e168752991ea766c2023-02-07 15:18:07.847root 11241100x8000000000000000711497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8500a7bace8d345f2023-02-07 15:18:08.345root 11241100x8000000000000000711506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f4e16bfe0089a42023-02-07 15:18:08.346root 11241100x8000000000000000711505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26ced9d66958ab52023-02-07 15:18:08.346root 11241100x8000000000000000711504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa0230c3c4f19e2023-02-07 15:18:08.346root 11241100x8000000000000000711503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5f580f8608f7a02023-02-07 15:18:08.346root 11241100x8000000000000000711502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9579213844f3962023-02-07 15:18:08.346root 11241100x8000000000000000711501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3890b32408641cdf2023-02-07 15:18:08.346root 11241100x8000000000000000711500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca1e259915597f2023-02-07 15:18:08.346root 11241100x8000000000000000711499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204a8bf826d0efa12023-02-07 15:18:08.346root 11241100x8000000000000000711498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3956c3f3c5c220b02023-02-07 15:18:08.346root 11241100x8000000000000000711511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0206a3c2194a95722023-02-07 15:18:08.347root 11241100x8000000000000000711510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd648105339747b32023-02-07 15:18:08.347root 11241100x8000000000000000711509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceae68d828523e12023-02-07 15:18:08.347root 11241100x8000000000000000711508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7779cb7f7c6f62023-02-07 15:18:08.347root 11241100x8000000000000000711507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ff536c1e83eb682023-02-07 15:18:08.347root 11241100x8000000000000000711512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcb8a623ab197b92023-02-07 15:18:08.845root 11241100x8000000000000000711521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d20146f5623cdbf2023-02-07 15:18:08.846root 11241100x8000000000000000711520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae2fc93e5fe41f52023-02-07 15:18:08.846root 11241100x8000000000000000711519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d38912c79aa8e772023-02-07 15:18:08.846root 11241100x8000000000000000711518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10513ddbe97849f2023-02-07 15:18:08.846root 11241100x8000000000000000711517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57410e4e833374552023-02-07 15:18:08.846root 11241100x8000000000000000711516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493cc9746a9cefe72023-02-07 15:18:08.846root 11241100x8000000000000000711515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9dfff0d73de62e2023-02-07 15:18:08.846root 11241100x8000000000000000711514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9d161128d776ae2023-02-07 15:18:08.846root 11241100x8000000000000000711513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb41b676814c8462023-02-07 15:18:08.846root 11241100x8000000000000000711526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4886968d2accc52023-02-07 15:18:08.847root 11241100x8000000000000000711525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aae54572a9619d12023-02-07 15:18:08.847root 11241100x8000000000000000711524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5de76b111c60932023-02-07 15:18:08.847root 11241100x8000000000000000711523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66687f60f8a100e72023-02-07 15:18:08.847root 11241100x8000000000000000711522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:08.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028e12dec482c7702023-02-07 15:18:08.847root 11241100x8000000000000000711527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c222a7713ae47ef2023-02-07 15:18:09.345root 11241100x8000000000000000711541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf3f26f1bf38baf2023-02-07 15:18:09.346root 11241100x8000000000000000711540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783227f4ce250b4e2023-02-07 15:18:09.346root 11241100x8000000000000000711539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043680c652fd66d32023-02-07 15:18:09.346root 11241100x8000000000000000711538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e737c310a8740d3c2023-02-07 15:18:09.346root 11241100x8000000000000000711537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7b1c2ba01d7ef82023-02-07 15:18:09.346root 11241100x8000000000000000711536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1c297a6455f51f2023-02-07 15:18:09.346root 11241100x8000000000000000711535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9f6da0583ebaaa2023-02-07 15:18:09.346root 11241100x8000000000000000711534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331bda0da7b73af92023-02-07 15:18:09.346root 11241100x8000000000000000711533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65f2bf6ed7aa9ea2023-02-07 15:18:09.346root 11241100x8000000000000000711532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1064aa766fb0a102023-02-07 15:18:09.346root 11241100x8000000000000000711531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e51d02789fd489b2023-02-07 15:18:09.346root 11241100x8000000000000000711530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d76b6431cf53d12023-02-07 15:18:09.346root 11241100x8000000000000000711529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f7bbcc42452772023-02-07 15:18:09.346root 11241100x8000000000000000711528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467b1ce6742bb49a2023-02-07 15:18:09.346root 11241100x8000000000000000711542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae915d70c58fdc2023-02-07 15:18:09.845root 11241100x8000000000000000711556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e6095c529a50be2023-02-07 15:18:09.846root 11241100x8000000000000000711555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612895ea5aec988f2023-02-07 15:18:09.846root 11241100x8000000000000000711554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c53a8a986eb78902023-02-07 15:18:09.846root 11241100x8000000000000000711553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328b631dd3fac4b2023-02-07 15:18:09.846root 11241100x8000000000000000711552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd960b7bd40393c52023-02-07 15:18:09.846root 11241100x8000000000000000711551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900c364a0495d4642023-02-07 15:18:09.846root 11241100x8000000000000000711550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0362b570e6e19a902023-02-07 15:18:09.846root 11241100x8000000000000000711549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e164d5f113948d42023-02-07 15:18:09.846root 11241100x8000000000000000711548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed3890cb4f7c6e82023-02-07 15:18:09.846root 11241100x8000000000000000711547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83cf75f73b75c442023-02-07 15:18:09.846root 11241100x8000000000000000711546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fd9e63d79496972023-02-07 15:18:09.846root 11241100x8000000000000000711545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69206ac0aff65dd42023-02-07 15:18:09.846root 11241100x8000000000000000711544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c94e04e3d6241c2023-02-07 15:18:09.846root 11241100x8000000000000000711543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:09.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888341a5bff5fd4c2023-02-07 15:18:09.846root 11241100x8000000000000000711557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7701a77488bf35202023-02-07 15:18:10.345root 11241100x8000000000000000711571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25743503a4e74792023-02-07 15:18:10.346root 11241100x8000000000000000711570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9057979a2ab6fc12023-02-07 15:18:10.346root 11241100x8000000000000000711569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bccf939939f6d12023-02-07 15:18:10.346root 11241100x8000000000000000711568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd285636a25f18b2023-02-07 15:18:10.346root 11241100x8000000000000000711567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4217ecb90665b0ba2023-02-07 15:18:10.346root 11241100x8000000000000000711566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5fdd30578a46f32023-02-07 15:18:10.346root 11241100x8000000000000000711565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4125f4f2f0618c82023-02-07 15:18:10.346root 11241100x8000000000000000711564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd4f8892a30b9942023-02-07 15:18:10.346root 11241100x8000000000000000711563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7f77980536232d2023-02-07 15:18:10.346root 11241100x8000000000000000711562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3298ab655478cd132023-02-07 15:18:10.346root 11241100x8000000000000000711561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2f5dd8497ce9d92023-02-07 15:18:10.346root 11241100x8000000000000000711560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd06bab416e3f202023-02-07 15:18:10.346root 11241100x8000000000000000711559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfe70364ce47ae92023-02-07 15:18:10.346root 11241100x8000000000000000711558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b31ff5a0c212d9f2023-02-07 15:18:10.346root 11241100x8000000000000000711572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaeb4fc05a68fa12023-02-07 15:18:10.845root 11241100x8000000000000000711585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dedd754dbe07ae2023-02-07 15:18:10.846root 11241100x8000000000000000711584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcc6214096a19982023-02-07 15:18:10.846root 11241100x8000000000000000711583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9fdd5578b33ecc2023-02-07 15:18:10.846root 11241100x8000000000000000711582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb79e1809711736d2023-02-07 15:18:10.846root 11241100x8000000000000000711581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbedd5f026f08af92023-02-07 15:18:10.846root 11241100x8000000000000000711580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d43a7098c60b5d2023-02-07 15:18:10.846root 11241100x8000000000000000711579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fb3265280e14102023-02-07 15:18:10.846root 11241100x8000000000000000711578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec2a51dfe5fafe42023-02-07 15:18:10.846root 11241100x8000000000000000711577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c85163c409fa902023-02-07 15:18:10.846root 11241100x8000000000000000711576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5f36f62468f7df2023-02-07 15:18:10.846root 11241100x8000000000000000711575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b443dea2c4016372023-02-07 15:18:10.846root 11241100x8000000000000000711574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a643b443b516ba32023-02-07 15:18:10.846root 11241100x8000000000000000711573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8120bdc57366823f2023-02-07 15:18:10.846root 11241100x8000000000000000711586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0ee82361819f7a2023-02-07 15:18:10.847root 11241100x8000000000000000711587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57472bae3424865c2023-02-07 15:18:11.346root 11241100x8000000000000000711596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557629e46e96a2f2023-02-07 15:18:11.347root 11241100x8000000000000000711595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a9a91f10e45fd72023-02-07 15:18:11.347root 11241100x8000000000000000711594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dbe6e6e26b29c52023-02-07 15:18:11.347root 11241100x8000000000000000711593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf95e512ea0106a32023-02-07 15:18:11.347root 11241100x8000000000000000711592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556f9efe003b91fa2023-02-07 15:18:11.347root 11241100x8000000000000000711591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7452830376ace3e2023-02-07 15:18:11.347root 11241100x8000000000000000711590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b98892fadfa354d2023-02-07 15:18:11.347root 11241100x8000000000000000711589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75742982d92a16a12023-02-07 15:18:11.347root 11241100x8000000000000000711588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e872f50c43d07ee2023-02-07 15:18:11.347root 11241100x8000000000000000711601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393e079a2a5b44d82023-02-07 15:18:11.348root 11241100x8000000000000000711600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340c43d2ed42c01b2023-02-07 15:18:11.348root 11241100x8000000000000000711599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f1bae6b377a2ea2023-02-07 15:18:11.348root 11241100x8000000000000000711598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c1d9a7b815e1ac2023-02-07 15:18:11.348root 11241100x8000000000000000711597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53ee392cf076d832023-02-07 15:18:11.348root 11241100x8000000000000000711602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49b995d38dbb63e2023-02-07 15:18:11.845root 11241100x8000000000000000711611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb5f7935dce8b142023-02-07 15:18:11.846root 11241100x8000000000000000711610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020be3735125eac02023-02-07 15:18:11.846root 11241100x8000000000000000711609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b617dde582d67f2023-02-07 15:18:11.846root 11241100x8000000000000000711608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b70402653fd14c2023-02-07 15:18:11.846root 11241100x8000000000000000711607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84682b6600d1e642023-02-07 15:18:11.846root 11241100x8000000000000000711606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a12af2ebcc16e082023-02-07 15:18:11.846root 11241100x8000000000000000711605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb808dd30c19cb1d2023-02-07 15:18:11.846root 11241100x8000000000000000711604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8462ad467d640c2023-02-07 15:18:11.846root 11241100x8000000000000000711603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052d06eb8a715f4b2023-02-07 15:18:11.846root 11241100x8000000000000000711616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7aedb281b146872023-02-07 15:18:11.847root 11241100x8000000000000000711615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3480293b0fa82cd52023-02-07 15:18:11.847root 11241100x8000000000000000711614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603162aa55f08e7f2023-02-07 15:18:11.847root 11241100x8000000000000000711613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4eb362d421b7382023-02-07 15:18:11.847root 11241100x8000000000000000711612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a25474f82473e952023-02-07 15:18:11.847root 354300x8000000000000000711617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.074{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52952-false10.0.1.12-8000- 11241100x8000000000000000711618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d9675228700c012023-02-07 15:18:12.345root 11241100x8000000000000000711626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a291dc84dd59d35d2023-02-07 15:18:12.346root 11241100x8000000000000000711625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006bf73845d382432023-02-07 15:18:12.346root 11241100x8000000000000000711624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e803adea5093242023-02-07 15:18:12.346root 11241100x8000000000000000711623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7365b2ed5d5fa8ed2023-02-07 15:18:12.346root 11241100x8000000000000000711622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181a07c410862dc92023-02-07 15:18:12.346root 11241100x8000000000000000711621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83aeb8e5b0e22ac62023-02-07 15:18:12.346root 11241100x8000000000000000711620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d040106a9502a6d62023-02-07 15:18:12.346root 11241100x8000000000000000711619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a50efd81f7e7c52023-02-07 15:18:12.346root 11241100x8000000000000000711633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e055f4d41549dcf92023-02-07 15:18:12.347root 11241100x8000000000000000711632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf2b1e13975d94e2023-02-07 15:18:12.347root 11241100x8000000000000000711631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b0b18b702e3bc2023-02-07 15:18:12.347root 11241100x8000000000000000711630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196fb93bc801e432023-02-07 15:18:12.347root 11241100x8000000000000000711629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca6df06c4d20d022023-02-07 15:18:12.347root 11241100x8000000000000000711628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b01f4b7ae4fb62023-02-07 15:18:12.347root 11241100x8000000000000000711627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f2558f55b369d52023-02-07 15:18:12.347root 11241100x8000000000000000711634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd045b1107ccafbe2023-02-07 15:18:12.845root 11241100x8000000000000000711643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a644782cdfaf492023-02-07 15:18:12.846root 11241100x8000000000000000711642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d995e1524e720f2023-02-07 15:18:12.846root 11241100x8000000000000000711641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f49fcb9ed8f3952023-02-07 15:18:12.846root 11241100x8000000000000000711640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42306f8049afc8422023-02-07 15:18:12.846root 11241100x8000000000000000711639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184c555f376e9f372023-02-07 15:18:12.846root 11241100x8000000000000000711638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f4a9ec5dfc53cd2023-02-07 15:18:12.846root 11241100x8000000000000000711637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e19366b5157bef2023-02-07 15:18:12.846root 11241100x8000000000000000711636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec822a38cd3b59b12023-02-07 15:18:12.846root 11241100x8000000000000000711635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b573cb604e7bf97e2023-02-07 15:18:12.846root 11241100x8000000000000000711649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13a5f9981522ae2023-02-07 15:18:12.847root 11241100x8000000000000000711648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc34f6377409dbb22023-02-07 15:18:12.847root 11241100x8000000000000000711647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf90ec17366fb3f2023-02-07 15:18:12.847root 11241100x8000000000000000711646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec181a71ef04f0a2023-02-07 15:18:12.847root 11241100x8000000000000000711645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f8ea644dc369122023-02-07 15:18:12.847root 11241100x8000000000000000711644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f955a0b4c31989e22023-02-07 15:18:12.847root 11241100x8000000000000000711650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a9082f70b0c6d12023-02-07 15:18:13.345root 11241100x8000000000000000711663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b5ec00ae0a69602023-02-07 15:18:13.346root 11241100x8000000000000000711662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e81de69ad5cc39d2023-02-07 15:18:13.346root 11241100x8000000000000000711661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f33d3b93ac580862023-02-07 15:18:13.346root 11241100x8000000000000000711660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7432a2ad2e56592e2023-02-07 15:18:13.346root 11241100x8000000000000000711659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9586002f3c0cce2023-02-07 15:18:13.346root 11241100x8000000000000000711658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0288519043b639ff2023-02-07 15:18:13.346root 11241100x8000000000000000711657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99be09f20e27d912023-02-07 15:18:13.346root 11241100x8000000000000000711656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d09fa1166f86f2023-02-07 15:18:13.346root 11241100x8000000000000000711655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5903be0ffdf386862023-02-07 15:18:13.346root 11241100x8000000000000000711654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bcdd8c5566ad472023-02-07 15:18:13.346root 11241100x8000000000000000711653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70eb42918f3273752023-02-07 15:18:13.346root 11241100x8000000000000000711652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf197e0f5a51012f2023-02-07 15:18:13.346root 11241100x8000000000000000711651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9dadefaebc743c2023-02-07 15:18:13.346root 11241100x8000000000000000711665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766d899ce67f88672023-02-07 15:18:13.347root 11241100x8000000000000000711664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a03529d2dbc42b62023-02-07 15:18:13.347root 11241100x8000000000000000711666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b3eab131f891222023-02-07 15:18:13.845root 11241100x8000000000000000711674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5f3cdfac88a0b72023-02-07 15:18:13.846root 11241100x8000000000000000711673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef65ca7469aa7c2b2023-02-07 15:18:13.846root 11241100x8000000000000000711672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bca686d71ea6bf2023-02-07 15:18:13.846root 11241100x8000000000000000711671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe066c7bc461962023-02-07 15:18:13.846root 11241100x8000000000000000711670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0e59f5336516282023-02-07 15:18:13.846root 11241100x8000000000000000711669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dcf60a79e8eb072023-02-07 15:18:13.846root 11241100x8000000000000000711668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830d3064739cea502023-02-07 15:18:13.846root 11241100x8000000000000000711667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc9274a1f0313ac2023-02-07 15:18:13.846root 11241100x8000000000000000711681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8019623a4ac7992023-02-07 15:18:13.847root 11241100x8000000000000000711680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6229b85afaba5f2023-02-07 15:18:13.847root 11241100x8000000000000000711679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f166b26a81e65aa2023-02-07 15:18:13.847root 11241100x8000000000000000711678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738174e8a2fce36b2023-02-07 15:18:13.847root 11241100x8000000000000000711677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2e2c0a34ac04ae2023-02-07 15:18:13.847root 11241100x8000000000000000711676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724f9917d14008b52023-02-07 15:18:13.847root 11241100x8000000000000000711675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad5a2860ffad2992023-02-07 15:18:13.847root 11241100x8000000000000000711682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0b3f2161cbc79e2023-02-07 15:18:14.345root 11241100x8000000000000000711696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296361b1485ffb102023-02-07 15:18:14.346root 11241100x8000000000000000711695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a283b97eb8704032023-02-07 15:18:14.346root 11241100x8000000000000000711694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4970cc56164ec2562023-02-07 15:18:14.346root 11241100x8000000000000000711693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8310f9e9dd20f7e2023-02-07 15:18:14.346root 11241100x8000000000000000711692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a7be1015b21e12023-02-07 15:18:14.346root 11241100x8000000000000000711691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d17c3816a82739b2023-02-07 15:18:14.346root 11241100x8000000000000000711690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e84a4c6ea601ef92023-02-07 15:18:14.346root 11241100x8000000000000000711689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63290757df2955842023-02-07 15:18:14.346root 11241100x8000000000000000711688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb19b9d8bed4c602023-02-07 15:18:14.346root 11241100x8000000000000000711687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f57ffe702572852023-02-07 15:18:14.346root 11241100x8000000000000000711686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8631f5972d1d866f2023-02-07 15:18:14.346root 11241100x8000000000000000711685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ca9722bc6e3a042023-02-07 15:18:14.346root 11241100x8000000000000000711684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8a56d4a40e4692023-02-07 15:18:14.346root 11241100x8000000000000000711683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a926cbf28413e962023-02-07 15:18:14.346root 11241100x8000000000000000711697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f2af180ce4110d2023-02-07 15:18:14.347root 354300x8000000000000000711698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.574{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-33822-false10.0.1.12-8089- 11241100x8000000000000000711699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab424feb9c605e52023-02-07 15:18:14.845root 11241100x8000000000000000711709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42d2473231d2b052023-02-07 15:18:14.846root 11241100x8000000000000000711708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b20737cf97374a2023-02-07 15:18:14.846root 11241100x8000000000000000711707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c7f2e163674c5e2023-02-07 15:18:14.846root 11241100x8000000000000000711706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c4a6d163f909ae2023-02-07 15:18:14.846root 11241100x8000000000000000711705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed80666d8b43b1812023-02-07 15:18:14.846root 11241100x8000000000000000711704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5880a3291cdce872023-02-07 15:18:14.846root 11241100x8000000000000000711703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8adbbfee56a82492023-02-07 15:18:14.846root 11241100x8000000000000000711702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9fdefef2ad05db2023-02-07 15:18:14.846root 11241100x8000000000000000711701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357e55ab341e59f02023-02-07 15:18:14.846root 11241100x8000000000000000711700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3735a581ad78152023-02-07 15:18:14.846root 11241100x8000000000000000711715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7622bf56ab9d468b2023-02-07 15:18:14.847root 11241100x8000000000000000711714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6da23f79bab1e4a2023-02-07 15:18:14.847root 11241100x8000000000000000711713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b778a4dc5cff14382023-02-07 15:18:14.847root 11241100x8000000000000000711712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0d4c93488a0fba2023-02-07 15:18:14.847root 11241100x8000000000000000711711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29078408eb093b02023-02-07 15:18:14.847root 11241100x8000000000000000711710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43b2448278327d2023-02-07 15:18:14.847root 11241100x8000000000000000711716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b69e0d93e4b77f62023-02-07 15:18:15.345root 11241100x8000000000000000711729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519dc6b3fbdd13a42023-02-07 15:18:15.346root 11241100x8000000000000000711728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a224d9bb5620b51d2023-02-07 15:18:15.346root 11241100x8000000000000000711727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8b3f946d4593ef2023-02-07 15:18:15.346root 11241100x8000000000000000711726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4231d0b6903bcf5f2023-02-07 15:18:15.346root 11241100x8000000000000000711725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d41c2627e598b22023-02-07 15:18:15.346root 11241100x8000000000000000711724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94babb48cf74158e2023-02-07 15:18:15.346root 11241100x8000000000000000711723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6a7127f0627b642023-02-07 15:18:15.346root 11241100x8000000000000000711722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7245cd217e2464562023-02-07 15:18:15.346root 11241100x8000000000000000711721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54713037d66538ae2023-02-07 15:18:15.346root 11241100x8000000000000000711720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c946b77c7b82672023-02-07 15:18:15.346root 11241100x8000000000000000711719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1995d10aec4018632023-02-07 15:18:15.346root 11241100x8000000000000000711718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98df33c44bdbed3b2023-02-07 15:18:15.346root 11241100x8000000000000000711717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61dcf98e6c3a53b2023-02-07 15:18:15.346root 11241100x8000000000000000711732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad834fb8a7bd5ede2023-02-07 15:18:15.347root 11241100x8000000000000000711731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf759c2618704192023-02-07 15:18:15.347root 11241100x8000000000000000711730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7364189024467ecc2023-02-07 15:18:15.347root 11241100x8000000000000000711733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91690fb0bca468c2023-02-07 15:18:15.845root 11241100x8000000000000000711746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820bc7b51fe6aa0b2023-02-07 15:18:15.846root 11241100x8000000000000000711745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b1ad9cf025be3a2023-02-07 15:18:15.846root 11241100x8000000000000000711744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae945955daaa7212023-02-07 15:18:15.846root 11241100x8000000000000000711743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f704e3bac4d01add2023-02-07 15:18:15.846root 11241100x8000000000000000711742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dc2f72de0ea46b2023-02-07 15:18:15.846root 11241100x8000000000000000711741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ba983e09e736412023-02-07 15:18:15.846root 11241100x8000000000000000711740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56af6c3e5dee47a2023-02-07 15:18:15.846root 11241100x8000000000000000711739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd08f7cd42f34ab2023-02-07 15:18:15.846root 11241100x8000000000000000711738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb8a4cfaf2a89ac2023-02-07 15:18:15.846root 11241100x8000000000000000711737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7836d4142753562e2023-02-07 15:18:15.846root 11241100x8000000000000000711736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1037c1f5e9f30d692023-02-07 15:18:15.846root 11241100x8000000000000000711735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d1192de8ac4ce42023-02-07 15:18:15.846root 11241100x8000000000000000711734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7f00f466645482023-02-07 15:18:15.846root 11241100x8000000000000000711749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd49ed3692c19892023-02-07 15:18:15.847root 11241100x8000000000000000711748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1e7e62c3deabc92023-02-07 15:18:15.847root 11241100x8000000000000000711747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8319ec1139c33e882023-02-07 15:18:15.847root 11241100x8000000000000000711763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839401149dc75aad2023-02-07 15:18:16.346root 11241100x8000000000000000711762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6582585f2b262d9a2023-02-07 15:18:16.346root 11241100x8000000000000000711761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57605d25f5366b0e2023-02-07 15:18:16.346root 11241100x8000000000000000711760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80d41ca3bd603962023-02-07 15:18:16.346root 11241100x8000000000000000711759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2973f60dd07083f52023-02-07 15:18:16.346root 11241100x8000000000000000711758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dff05c4db3003b2023-02-07 15:18:16.346root 11241100x8000000000000000711757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01371973526005872023-02-07 15:18:16.346root 11241100x8000000000000000711756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6e7fcf99bca4f52023-02-07 15:18:16.346root 11241100x8000000000000000711755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbef74d474fd90a2023-02-07 15:18:16.346root 11241100x8000000000000000711754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c276232b956787a02023-02-07 15:18:16.346root 11241100x8000000000000000711753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeb3fca27b51f082023-02-07 15:18:16.346root 11241100x8000000000000000711752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5fe397ed6c1e352023-02-07 15:18:16.346root 11241100x8000000000000000711751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35106a4d250533012023-02-07 15:18:16.346root 11241100x8000000000000000711750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf74a56380ea85212023-02-07 15:18:16.346root 11241100x8000000000000000711766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77310f97a8a36802023-02-07 15:18:16.347root 11241100x8000000000000000711765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7d29b41c0473b32023-02-07 15:18:16.347root 11241100x8000000000000000711764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0db475b23ce6182023-02-07 15:18:16.347root 11241100x8000000000000000711779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f004e301458dfa6e2023-02-07 15:18:16.846root 11241100x8000000000000000711778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f51e2b14da2a4122023-02-07 15:18:16.846root 11241100x8000000000000000711777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08a5aecb02889b2023-02-07 15:18:16.846root 11241100x8000000000000000711776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94ed30946d1452f2023-02-07 15:18:16.846root 11241100x8000000000000000711775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee472b9dece52932023-02-07 15:18:16.846root 11241100x8000000000000000711774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7ffe1054d1a55a2023-02-07 15:18:16.846root 11241100x8000000000000000711773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e453f36c5c6c75b62023-02-07 15:18:16.846root 11241100x8000000000000000711772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bf79901fa6d8f12023-02-07 15:18:16.846root 11241100x8000000000000000711771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35d4f0fc49bb8672023-02-07 15:18:16.846root 11241100x8000000000000000711770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6be6a5bbef87f5f2023-02-07 15:18:16.846root 11241100x8000000000000000711769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bb28655bf431e12023-02-07 15:18:16.846root 11241100x8000000000000000711768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8871d829f1a7cc972023-02-07 15:18:16.846root 11241100x8000000000000000711767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d0aa5327d0c2602023-02-07 15:18:16.846root 11241100x8000000000000000711783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f29725cb9e05f82023-02-07 15:18:16.847root 11241100x8000000000000000711782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a650c8a391289f72023-02-07 15:18:16.847root 11241100x8000000000000000711781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff070749b10b5922023-02-07 15:18:16.847root 11241100x8000000000000000711780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c291e83c1713f932023-02-07 15:18:16.847root 354300x8000000000000000711784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.244{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60116-false10.0.1.12-8000- 11241100x8000000000000000711793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24dfe89b7339ea2023-02-07 15:18:17.245root 11241100x8000000000000000711792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd3f87e5c16af8f2023-02-07 15:18:17.245root 11241100x8000000000000000711791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7901c4e32d91cc752023-02-07 15:18:17.245root 11241100x8000000000000000711790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21192ae12778fde12023-02-07 15:18:17.245root 11241100x8000000000000000711789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362fac01d9301b672023-02-07 15:18:17.245root 11241100x8000000000000000711788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23942fe1e44cea42023-02-07 15:18:17.245root 11241100x8000000000000000711787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a73fc6f9fe12a482023-02-07 15:18:17.245root 11241100x8000000000000000711786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a099fefe77641aa2023-02-07 15:18:17.245root 11241100x8000000000000000711785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204939bd28faa7e22023-02-07 15:18:17.245root 11241100x8000000000000000711799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.246{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7342332d7e90e6d22023-02-07 15:18:17.246root 11241100x8000000000000000711798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.246{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb34e6f9c777f622023-02-07 15:18:17.246root 11241100x8000000000000000711797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.246{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13690c464c8b5ed62023-02-07 15:18:17.246root 11241100x8000000000000000711796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.246{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf84c92d6504c4d62023-02-07 15:18:17.246root 11241100x8000000000000000711795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.246{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dcdd13097dbf9a2023-02-07 15:18:17.246root 11241100x8000000000000000711794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.246{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edff7bd40b1149a2023-02-07 15:18:17.246root 11241100x8000000000000000711805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621ce5b052573fae2023-02-07 15:18:17.247root 11241100x8000000000000000711804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce8574c614d0f0f2023-02-07 15:18:17.247root 11241100x8000000000000000711803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5091807e535dae2a2023-02-07 15:18:17.247root 11241100x8000000000000000711802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf2bd1efc4607e32023-02-07 15:18:17.247root 11241100x8000000000000000711801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb3091af7892d702023-02-07 15:18:17.247root 11241100x8000000000000000711800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.247{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55294f089e722c602023-02-07 15:18:17.247root 11241100x8000000000000000711811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcebb421f4ec311b2023-02-07 15:18:17.248root 11241100x8000000000000000711810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c5630a12b507022023-02-07 15:18:17.248root 11241100x8000000000000000711809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76977b6072043032023-02-07 15:18:17.248root 11241100x8000000000000000711808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d895360aa0d7ca52023-02-07 15:18:17.248root 11241100x8000000000000000711807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15bd4d2d2cd8db02023-02-07 15:18:17.248root 11241100x8000000000000000711806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a602b79efb30b85c2023-02-07 15:18:17.248root 11241100x8000000000000000711813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edf76dafa88dec42023-02-07 15:18:17.595root 11241100x8000000000000000711812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d8f9cb067612772023-02-07 15:18:17.595root 11241100x8000000000000000711817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8264463649f363e2023-02-07 15:18:17.596root 11241100x8000000000000000711816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9589d28c03951e302023-02-07 15:18:17.596root 11241100x8000000000000000711815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02456f0eba7f0e622023-02-07 15:18:17.596root 11241100x8000000000000000711814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a5692aefc6f4c42023-02-07 15:18:17.596root 11241100x8000000000000000711819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaf18e030d239062023-02-07 15:18:17.597root 11241100x8000000000000000711818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f097e23c317582023-02-07 15:18:17.597root 11241100x8000000000000000711823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb52daedd01c2bd2023-02-07 15:18:17.598root 11241100x8000000000000000711822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ff22d1a2ae77122023-02-07 15:18:17.598root 11241100x8000000000000000711821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa395f82fb8326082023-02-07 15:18:17.598root 11241100x8000000000000000711820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a7ae2e8422977c2023-02-07 15:18:17.598root 11241100x8000000000000000711829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6489c850fbb5f3982023-02-07 15:18:17.599root 11241100x8000000000000000711828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae6b89e23dea0ea2023-02-07 15:18:17.599root 11241100x8000000000000000711827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da7b0a62f449202023-02-07 15:18:17.599root 11241100x8000000000000000711826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d7422e2d6e8d202023-02-07 15:18:17.599root 11241100x8000000000000000711825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e722e75389df616c2023-02-07 15:18:17.599root 11241100x8000000000000000711824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:17.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f48e8a414116cb2023-02-07 15:18:17.599root 11241100x8000000000000000711833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cbbd70991adc172023-02-07 15:18:18.095root 11241100x8000000000000000711832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c4dbede3a03ab82023-02-07 15:18:18.095root 11241100x8000000000000000711831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427a5ae631eaeec32023-02-07 15:18:18.095root 11241100x8000000000000000711830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c92f12f7d1eedd2023-02-07 15:18:18.095root 11241100x8000000000000000711837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b8f995ab6f7e9d2023-02-07 15:18:18.096root 11241100x8000000000000000711836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1622110b4fb116e2023-02-07 15:18:18.096root 11241100x8000000000000000711835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4132ffb62bb8b42023-02-07 15:18:18.096root 11241100x8000000000000000711834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f04f282d604f162023-02-07 15:18:18.096root 11241100x8000000000000000711841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245f59b59fbec75c2023-02-07 15:18:18.097root 11241100x8000000000000000711840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3110b4d4634e0ac12023-02-07 15:18:18.097root 11241100x8000000000000000711839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344ddf8aad34da8f2023-02-07 15:18:18.097root 11241100x8000000000000000711838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa176cffabab7d0c2023-02-07 15:18:18.097root 11241100x8000000000000000711843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80361be59595250d2023-02-07 15:18:18.098root 11241100x8000000000000000711842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2096b82286bef20b2023-02-07 15:18:18.098root 11241100x8000000000000000711847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f45a9e67d10bdf2023-02-07 15:18:18.099root 11241100x8000000000000000711846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821ab89600a7f20f2023-02-07 15:18:18.099root 11241100x8000000000000000711845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a72d8d591340702023-02-07 15:18:18.099root 11241100x8000000000000000711844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebc47afab160dca2023-02-07 15:18:18.099root 11241100x8000000000000000711849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f1e0a75dd17cf32023-02-07 15:18:18.595root 11241100x8000000000000000711848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bcde76fe52514d2023-02-07 15:18:18.595root 11241100x8000000000000000711854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2011d2bd8d95b8d92023-02-07 15:18:18.596root 11241100x8000000000000000711853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c7dc3d5b7d4122023-02-07 15:18:18.596root 11241100x8000000000000000711852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897c52c215d8ae252023-02-07 15:18:18.596root 11241100x8000000000000000711851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9e291534b949222023-02-07 15:18:18.596root 11241100x8000000000000000711850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60aa41120a0fa5772023-02-07 15:18:18.596root 11241100x8000000000000000711858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f76bd03b9ce2392023-02-07 15:18:18.597root 11241100x8000000000000000711857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd60ab377c7d5602023-02-07 15:18:18.597root 11241100x8000000000000000711856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bbdb0c9aa1f4792023-02-07 15:18:18.597root 11241100x8000000000000000711855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96c5bb1cd1f0d222023-02-07 15:18:18.597root 11241100x8000000000000000711862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577563d36426515a2023-02-07 15:18:18.598root 11241100x8000000000000000711861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22086227c242c8cf2023-02-07 15:18:18.598root 11241100x8000000000000000711860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81001298282724d02023-02-07 15:18:18.598root 11241100x8000000000000000711859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9253f886f5f09912023-02-07 15:18:18.598root 11241100x8000000000000000711865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbc5d63fe16b51d2023-02-07 15:18:18.599root 11241100x8000000000000000711864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b836d1c99c195ad2023-02-07 15:18:18.599root 11241100x8000000000000000711863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:18.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2780b3f0f0d9f7a02023-02-07 15:18:18.599root 11241100x8000000000000000711867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc32942d4d64f8af2023-02-07 15:18:19.095root 11241100x8000000000000000711866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2669348098f6f4842023-02-07 15:18:19.095root 11241100x8000000000000000711872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22bb14b555488e2023-02-07 15:18:19.096root 11241100x8000000000000000711871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b4ef923d66d2de2023-02-07 15:18:19.096root 11241100x8000000000000000711870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881a604fe0abcea52023-02-07 15:18:19.096root 11241100x8000000000000000711869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3745b7aeee42daf62023-02-07 15:18:19.096root 11241100x8000000000000000711868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761942867fe706be2023-02-07 15:18:19.096root 11241100x8000000000000000711875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc86ede1a18ed4a42023-02-07 15:18:19.097root 11241100x8000000000000000711874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b17b3cd485237d2023-02-07 15:18:19.097root 11241100x8000000000000000711873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040ae94c3a1d950c2023-02-07 15:18:19.097root 11241100x8000000000000000711880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8537f18732f89a2023-02-07 15:18:19.098root 11241100x8000000000000000711879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f46082ddd45c4592023-02-07 15:18:19.098root 11241100x8000000000000000711878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e461b94b473188de2023-02-07 15:18:19.098root 11241100x8000000000000000711877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed9a6d96430f4c82023-02-07 15:18:19.098root 11241100x8000000000000000711876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189f4838088f5f6f2023-02-07 15:18:19.098root 11241100x8000000000000000711884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474e8631e60b46372023-02-07 15:18:19.099root 11241100x8000000000000000711883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e35e378c982212023-02-07 15:18:19.099root 11241100x8000000000000000711882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fe383b710c97f02023-02-07 15:18:19.099root 11241100x8000000000000000711881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db942acfc9ddb3d2023-02-07 15:18:19.099root 11241100x8000000000000000711887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887c3fe2387e8dc2023-02-07 15:18:19.595root 11241100x8000000000000000711886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1936bdf34b97f3db2023-02-07 15:18:19.595root 11241100x8000000000000000711885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7de4dbef19f65a42023-02-07 15:18:19.595root 11241100x8000000000000000711892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f004df5ebb10ae2023-02-07 15:18:19.596root 11241100x8000000000000000711891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb31feb82172ae22023-02-07 15:18:19.596root 11241100x8000000000000000711890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd59aaae2fd8a4a52023-02-07 15:18:19.596root 11241100x8000000000000000711889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a268239b2b22be2023-02-07 15:18:19.596root 11241100x8000000000000000711888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc71fc926d6527e02023-02-07 15:18:19.596root 11241100x8000000000000000711899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb41a68a60df67742023-02-07 15:18:19.597root 11241100x8000000000000000711898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98ccc6f9b5128d22023-02-07 15:18:19.597root 11241100x8000000000000000711897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5e2e4ef4ea0c582023-02-07 15:18:19.597root 11241100x8000000000000000711896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf567a87799b8442023-02-07 15:18:19.597root 11241100x8000000000000000711895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d559f30b72cf4c2023-02-07 15:18:19.597root 11241100x8000000000000000711894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120bbdcd5c0c94ee2023-02-07 15:18:19.597root 11241100x8000000000000000711893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6620ec4d76d5d1f02023-02-07 15:18:19.597root 11241100x8000000000000000711903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb57fe06ce5b01d2023-02-07 15:18:19.598root 11241100x8000000000000000711902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0deb97cefb4fc22023-02-07 15:18:19.598root 11241100x8000000000000000711901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680c4a2f35fab70e2023-02-07 15:18:19.598root 11241100x8000000000000000711900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622a640b766f37932023-02-07 15:18:19.598root 11241100x8000000000000000711905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155e735265fa09c72023-02-07 15:18:20.095root 11241100x8000000000000000711904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dee446e34d5ef92023-02-07 15:18:20.095root 11241100x8000000000000000711911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e89f83d29cb95842023-02-07 15:18:20.096root 11241100x8000000000000000711910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e1535e5a7ad2eb2023-02-07 15:18:20.096root 11241100x8000000000000000711909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4a7794fee4e0632023-02-07 15:18:20.096root 11241100x8000000000000000711908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcea0a990da2a8372023-02-07 15:18:20.096root 11241100x8000000000000000711907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d5680872cbf6da2023-02-07 15:18:20.096root 11241100x8000000000000000711906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec342ee8d6b1a6122023-02-07 15:18:20.096root 11241100x8000000000000000711912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b03b1f051152a42023-02-07 15:18:20.097root 11241100x8000000000000000711918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3b2a36f44928ba2023-02-07 15:18:20.098root 11241100x8000000000000000711917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611a860e59fd45882023-02-07 15:18:20.098root 11241100x8000000000000000711916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6618e27a9fc8d2532023-02-07 15:18:20.098root 11241100x8000000000000000711915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e179a9d52c36802023-02-07 15:18:20.098root 11241100x8000000000000000711914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e95a3e98cfe44c2023-02-07 15:18:20.098root 11241100x8000000000000000711913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07899d45ac486b742023-02-07 15:18:20.098root 11241100x8000000000000000711921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d74e32e8955bcd2023-02-07 15:18:20.099root 11241100x8000000000000000711920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48951ae4b3b2a312023-02-07 15:18:20.099root 11241100x8000000000000000711919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7ea8be976d1c3e2023-02-07 15:18:20.099root 11241100x8000000000000000711926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb87e83a1235b212023-02-07 15:18:20.595root 11241100x8000000000000000711925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b054f30dfcc1bbec2023-02-07 15:18:20.595root 11241100x8000000000000000711924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f233b0402ff6b92023-02-07 15:18:20.595root 11241100x8000000000000000711923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa08ace267b2bdd12023-02-07 15:18:20.595root 11241100x8000000000000000711922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ff4b9ca2dbae222023-02-07 15:18:20.595root 11241100x8000000000000000711933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d6586dd3d51e92023-02-07 15:18:20.596root 11241100x8000000000000000711932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdab04e1dbf2d4ac2023-02-07 15:18:20.596root 11241100x8000000000000000711931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bff8b8b6b2e2b42023-02-07 15:18:20.596root 11241100x8000000000000000711930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b53679efecf70cc2023-02-07 15:18:20.596root 11241100x8000000000000000711929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67948d650e7a8882023-02-07 15:18:20.596root 11241100x8000000000000000711928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9430e7e119df6152023-02-07 15:18:20.596root 11241100x8000000000000000711927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5549d53ee55071b62023-02-07 15:18:20.596root 11241100x8000000000000000711937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b9fb2d15018bcd2023-02-07 15:18:20.597root 11241100x8000000000000000711936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58180199d56d32d52023-02-07 15:18:20.597root 11241100x8000000000000000711935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c36742002aa13ca2023-02-07 15:18:20.597root 11241100x8000000000000000711934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de04013338887dbe2023-02-07 15:18:20.597root 11241100x8000000000000000711938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a6a7009e9e8e812023-02-07 15:18:20.599root 11241100x8000000000000000711939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:20.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d4b63b235b27372023-02-07 15:18:20.600root 11241100x8000000000000000711943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48010547a46950c52023-02-07 15:18:21.095root 11241100x8000000000000000711942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb4027e7a34a7082023-02-07 15:18:21.095root 11241100x8000000000000000711941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0d5d9caff742372023-02-07 15:18:21.095root 11241100x8000000000000000711940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6255b095d4e5a5c2023-02-07 15:18:21.095root 11241100x8000000000000000711949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655d0fd57265bd2b2023-02-07 15:18:21.096root 11241100x8000000000000000711948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f207256fbfe99e2023-02-07 15:18:21.096root 11241100x8000000000000000711947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886e0036223632b22023-02-07 15:18:21.096root 11241100x8000000000000000711946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26faf2a9c88c57a32023-02-07 15:18:21.096root 11241100x8000000000000000711945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51f2c17e77ad5b42023-02-07 15:18:21.096root 11241100x8000000000000000711944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eaf51e415810f32023-02-07 15:18:21.096root 11241100x8000000000000000711955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0ea66b8bb8817a2023-02-07 15:18:21.097root 11241100x8000000000000000711954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15788e1c5d7ee6ff2023-02-07 15:18:21.097root 11241100x8000000000000000711953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d04f588e8e7031f2023-02-07 15:18:21.097root 11241100x8000000000000000711952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17e83383a8f7cc2023-02-07 15:18:21.097root 11241100x8000000000000000711951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c0b4a00d366f262023-02-07 15:18:21.097root 11241100x8000000000000000711950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223dd7adf66a5c032023-02-07 15:18:21.097root 11241100x8000000000000000711957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c4d50f8f4e50a42023-02-07 15:18:21.098root 11241100x8000000000000000711956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513b7c2e0f77ede02023-02-07 15:18:21.098root 11241100x8000000000000000711958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e4ea90fff477e72023-02-07 15:18:21.595root 11241100x8000000000000000711963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddcf79698be67d82023-02-07 15:18:21.596root 11241100x8000000000000000711962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eea65bd6e9f6412023-02-07 15:18:21.596root 11241100x8000000000000000711961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a6035015c8068f2023-02-07 15:18:21.596root 11241100x8000000000000000711960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40422f67bec0cd62023-02-07 15:18:21.596root 11241100x8000000000000000711959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d72bb00fb34e5d2023-02-07 15:18:21.596root 11241100x8000000000000000711967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d563aad7990de9cc2023-02-07 15:18:21.597root 11241100x8000000000000000711966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0423016b6909192023-02-07 15:18:21.597root 11241100x8000000000000000711965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a54110150c9df772023-02-07 15:18:21.597root 11241100x8000000000000000711964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3387844e8ccee292023-02-07 15:18:21.597root 11241100x8000000000000000711972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5153d3c279c85a202023-02-07 15:18:21.598root 11241100x8000000000000000711971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9bdfd62a54f0d62023-02-07 15:18:21.598root 11241100x8000000000000000711970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88bc904cedd70d2023-02-07 15:18:21.598root 11241100x8000000000000000711969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f511e310e6c922bd2023-02-07 15:18:21.598root 11241100x8000000000000000711968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb99a87bbf2107e2023-02-07 15:18:21.598root 11241100x8000000000000000711975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4017b4a5b6f3d62023-02-07 15:18:21.599root 11241100x8000000000000000711974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a11c7ca1947c93b2023-02-07 15:18:21.599root 11241100x8000000000000000711973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:21.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccebe5c45966d032023-02-07 15:18:21.599root 11241100x8000000000000000711980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcd499fe43736812023-02-07 15:18:22.095root 11241100x8000000000000000711979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3188ebae352feb02023-02-07 15:18:22.095root 11241100x8000000000000000711978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4920cb6c322178292023-02-07 15:18:22.095root 11241100x8000000000000000711977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93525e22d3ed4a0e2023-02-07 15:18:22.095root 11241100x8000000000000000711976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb2a0e4437afab02023-02-07 15:18:22.095root 11241100x8000000000000000711985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2fcc0e34cb8f4f2023-02-07 15:18:22.096root 11241100x8000000000000000711984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e21f116a8bfd52023-02-07 15:18:22.096root 11241100x8000000000000000711983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ed511b96fc4e302023-02-07 15:18:22.096root 11241100x8000000000000000711982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c15748b25a30122023-02-07 15:18:22.096root 11241100x8000000000000000711981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b715dd8951e3a972023-02-07 15:18:22.096root 11241100x8000000000000000711992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83392cafd090578d2023-02-07 15:18:22.097root 11241100x8000000000000000711991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649668538b97dfc02023-02-07 15:18:22.097root 11241100x8000000000000000711990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebcd6c236e175262023-02-07 15:18:22.097root 11241100x8000000000000000711989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a3fbc7d629b1df2023-02-07 15:18:22.097root 11241100x8000000000000000711988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3848ea21fad9122023-02-07 15:18:22.097root 11241100x8000000000000000711987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd11a6199726a22023-02-07 15:18:22.097root 11241100x8000000000000000711986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b40920e7bde1252023-02-07 15:18:22.097root 11241100x8000000000000000711993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005566019e5ed7462023-02-07 15:18:22.098root 11241100x8000000000000000711996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549b8a6006ec5d02023-02-07 15:18:22.595root 11241100x8000000000000000711995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baebc579be379ff82023-02-07 15:18:22.595root 11241100x8000000000000000711994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dcd2d0dc9803242023-02-07 15:18:22.595root 11241100x8000000000000000712005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82574d198c9040052023-02-07 15:18:22.596root 11241100x8000000000000000712004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b9ca059e413cf92023-02-07 15:18:22.596root 11241100x8000000000000000712003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b1adfb43e8640d2023-02-07 15:18:22.596root 11241100x8000000000000000712002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef8b1f1d11b09db2023-02-07 15:18:22.596root 11241100x8000000000000000712001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe03fbcfd012d5e2023-02-07 15:18:22.596root 11241100x8000000000000000712000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a40dba1346d76bf2023-02-07 15:18:22.596root 11241100x8000000000000000711999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13566235c8f37adb2023-02-07 15:18:22.596root 11241100x8000000000000000711998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55063e47fcda862d2023-02-07 15:18:22.596root 11241100x8000000000000000711997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b895ad1e149063582023-02-07 15:18:22.596root 11241100x8000000000000000712012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc512c3db79d695d2023-02-07 15:18:22.597root 11241100x8000000000000000712011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101543a43faccc242023-02-07 15:18:22.597root 11241100x8000000000000000712010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7e946bc98095142023-02-07 15:18:22.597root 11241100x8000000000000000712009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e30707460b1f312023-02-07 15:18:22.597root 11241100x8000000000000000712008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a861cd33134d3d3b2023-02-07 15:18:22.597root 11241100x8000000000000000712007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9631d52a643c142023-02-07 15:18:22.597root 11241100x8000000000000000712006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a80579a2b66b7d2023-02-07 15:18:22.597root 11241100x8000000000000000712017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac65c13eaf53e872023-02-07 15:18:23.095root 11241100x8000000000000000712016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52035985dc4277b32023-02-07 15:18:23.095root 11241100x8000000000000000712015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f353c4fe4cfa9652023-02-07 15:18:23.095root 11241100x8000000000000000712014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345ee1e9bb8ae23a2023-02-07 15:18:23.095root 11241100x8000000000000000712013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38e0bc61f6d67a42023-02-07 15:18:23.095root 11241100x8000000000000000712025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8434b70074b151032023-02-07 15:18:23.096root 11241100x8000000000000000712024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66380d611339602e2023-02-07 15:18:23.096root 11241100x8000000000000000712023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e6044d562458fb2023-02-07 15:18:23.096root 11241100x8000000000000000712022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04087d9951b88532023-02-07 15:18:23.096root 11241100x8000000000000000712021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86b4c38bddf1b572023-02-07 15:18:23.096root 11241100x8000000000000000712020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae9010406c0cc12023-02-07 15:18:23.096root 11241100x8000000000000000712019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f8ab5bf46f993b2023-02-07 15:18:23.096root 11241100x8000000000000000712018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e8259ffbf604ac2023-02-07 15:18:23.096root 11241100x8000000000000000712030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137ffe00e20d28c2023-02-07 15:18:23.097root 11241100x8000000000000000712029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3902c0d99d6b5222023-02-07 15:18:23.097root 11241100x8000000000000000712028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f6f3fb8161f9262023-02-07 15:18:23.097root 11241100x8000000000000000712027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7748097e0085d5cc2023-02-07 15:18:23.097root 11241100x8000000000000000712026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ecb626d00772d2023-02-07 15:18:23.097root 354300x8000000000000000712031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.231{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60118-false10.0.1.12-8000- 11241100x8000000000000000712032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d693a42f93bc362023-02-07 15:18:23.595root 11241100x8000000000000000712035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652b58214fc2db22023-02-07 15:18:23.596root 11241100x8000000000000000712034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7473a2ecdb83041e2023-02-07 15:18:23.596root 11241100x8000000000000000712033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a564e8019d7a13c32023-02-07 15:18:23.596root 11241100x8000000000000000712043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f79ac047f809ba72023-02-07 15:18:23.597root 11241100x8000000000000000712042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb1b1ce55ebeae02023-02-07 15:18:23.597root 11241100x8000000000000000712041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddb59dde585cd5b2023-02-07 15:18:23.597root 11241100x8000000000000000712040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a76c84ba229eb042023-02-07 15:18:23.597root 11241100x8000000000000000712039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f843a0eb9dc9d712023-02-07 15:18:23.597root 11241100x8000000000000000712038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82123c834fd7d8732023-02-07 15:18:23.597root 11241100x8000000000000000712037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eec65870ff798262023-02-07 15:18:23.597root 11241100x8000000000000000712036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e932551cfeecb5d2023-02-07 15:18:23.597root 11241100x8000000000000000712048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebbc65e182785d42023-02-07 15:18:23.598root 11241100x8000000000000000712047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b93b75e0ea839c2023-02-07 15:18:23.598root 11241100x8000000000000000712046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e2edc65f918b622023-02-07 15:18:23.598root 11241100x8000000000000000712045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc820dda378332c2023-02-07 15:18:23.598root 11241100x8000000000000000712044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f92c43b23be562023-02-07 15:18:23.598root 11241100x8000000000000000712050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5505ac137bb4b9512023-02-07 15:18:23.599root 11241100x8000000000000000712049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:23.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996212e1fcce1a082023-02-07 15:18:23.599root 11241100x8000000000000000712052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc3d5543371d3cc2023-02-07 15:18:24.095root 11241100x8000000000000000712051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e721c186efdabb562023-02-07 15:18:24.095root 11241100x8000000000000000712058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e7779edbae3ab62023-02-07 15:18:24.096root 11241100x8000000000000000712057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82953ab99607bf5a2023-02-07 15:18:24.096root 11241100x8000000000000000712056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c054003dfa7131502023-02-07 15:18:24.096root 11241100x8000000000000000712055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0695aee56d299d112023-02-07 15:18:24.096root 11241100x8000000000000000712054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47806f8b2cc8e692023-02-07 15:18:24.096root 11241100x8000000000000000712053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38163999cccad82023-02-07 15:18:24.096root 11241100x8000000000000000712063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5d7f3af3aa75752023-02-07 15:18:24.097root 11241100x8000000000000000712062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290bbb5b27b7a1022023-02-07 15:18:24.097root 11241100x8000000000000000712061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0880678f2ded1fd72023-02-07 15:18:24.097root 11241100x8000000000000000712060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb1e942e553b3d62023-02-07 15:18:24.097root 11241100x8000000000000000712059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0fb400698328b02023-02-07 15:18:24.097root 11241100x8000000000000000712069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82d2ac3756f126b2023-02-07 15:18:24.098root 11241100x8000000000000000712068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db20439a3a6334a12023-02-07 15:18:24.098root 11241100x8000000000000000712067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fe93f43566bfcd2023-02-07 15:18:24.098root 11241100x8000000000000000712066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aac3bfedad3b2e42023-02-07 15:18:24.098root 11241100x8000000000000000712065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501becdf72c1761e2023-02-07 15:18:24.098root 11241100x8000000000000000712064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714ebf09fe2c47cf2023-02-07 15:18:24.098root 11241100x8000000000000000712077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee57ce26f4f2f6f2023-02-07 15:18:24.595root 11241100x8000000000000000712076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a559ad8459eb20b92023-02-07 15:18:24.595root 11241100x8000000000000000712075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5464789b638d5a212023-02-07 15:18:24.595root 11241100x8000000000000000712074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89820516ba36be1a2023-02-07 15:18:24.595root 11241100x8000000000000000712073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d8400cd82122712023-02-07 15:18:24.595root 11241100x8000000000000000712072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7de111b35a0c1c2023-02-07 15:18:24.595root 11241100x8000000000000000712071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9328fee89553efb2023-02-07 15:18:24.595root 11241100x8000000000000000712070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c363480b3fbb68982023-02-07 15:18:24.595root 11241100x8000000000000000712084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617ab998e4bfc65b2023-02-07 15:18:24.596root 11241100x8000000000000000712083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faef4f0a7c58f5522023-02-07 15:18:24.596root 11241100x8000000000000000712082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58319b7d027ad6a2023-02-07 15:18:24.596root 11241100x8000000000000000712081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483ad3427aed28732023-02-07 15:18:24.596root 11241100x8000000000000000712080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613438e846c1948b2023-02-07 15:18:24.596root 11241100x8000000000000000712079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2b7c3a016652ea2023-02-07 15:18:24.596root 11241100x8000000000000000712078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e702a1d6e00b582023-02-07 15:18:24.596root 11241100x8000000000000000712088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904610d6133142122023-02-07 15:18:24.597root 11241100x8000000000000000712087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58084cb919fe78c02023-02-07 15:18:24.597root 11241100x8000000000000000712086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57924db56fc94c542023-02-07 15:18:24.597root 11241100x8000000000000000712085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab57899dc35532e02023-02-07 15:18:24.597root 11241100x8000000000000000712089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:24.728{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:18:24.728root 11241100x8000000000000000712093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257ba72a6c0022fa2023-02-07 15:18:25.095root 11241100x8000000000000000712092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffc80b151931ac42023-02-07 15:18:25.095root 11241100x8000000000000000712091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6597ad92a2b284cb2023-02-07 15:18:25.095root 11241100x8000000000000000712090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6405280e432592023-02-07 15:18:25.095root 11241100x8000000000000000712098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6473de2d04e4fc2023-02-07 15:18:25.096root 11241100x8000000000000000712097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d79ebb7b7b0e84f2023-02-07 15:18:25.096root 11241100x8000000000000000712096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209a65e4d4aa8c6f2023-02-07 15:18:25.096root 11241100x8000000000000000712095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eda577ca6f1cb52023-02-07 15:18:25.096root 11241100x8000000000000000712094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5533901ff4a9a4f42023-02-07 15:18:25.096root 11241100x8000000000000000712106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c440b92acf39a722023-02-07 15:18:25.097root 11241100x8000000000000000712105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91068c12a460652f2023-02-07 15:18:25.097root 11241100x8000000000000000712104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170906bc3a922542023-02-07 15:18:25.097root 11241100x8000000000000000712103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74650edbe4f5f422023-02-07 15:18:25.097root 11241100x8000000000000000712102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f6d3ed221617002023-02-07 15:18:25.097root 11241100x8000000000000000712101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc73a79466d4eb0a2023-02-07 15:18:25.097root 11241100x8000000000000000712100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87584ab296375af02023-02-07 15:18:25.097root 11241100x8000000000000000712099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93050ee13dbbd6d12023-02-07 15:18:25.097root 11241100x8000000000000000712110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0de7fd858213792023-02-07 15:18:25.098root 11241100x8000000000000000712109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d047b8dc6954c4fb2023-02-07 15:18:25.098root 11241100x8000000000000000712108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f940f1ac4827e32023-02-07 15:18:25.098root 11241100x8000000000000000712107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4e3d63aa40641f2023-02-07 15:18:25.098root 11241100x8000000000000000712114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b347200d2184b792023-02-07 15:18:25.595root 11241100x8000000000000000712113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2129b7a85f3e480c2023-02-07 15:18:25.595root 11241100x8000000000000000712112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fda63f0a28686b2023-02-07 15:18:25.595root 11241100x8000000000000000712111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32c14b43e65dfdd2023-02-07 15:18:25.595root 11241100x8000000000000000712120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fc1852ec970ba32023-02-07 15:18:25.596root 11241100x8000000000000000712119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8290bd3e3b91ff2023-02-07 15:18:25.596root 11241100x8000000000000000712118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e2a7b5851be4ce2023-02-07 15:18:25.596root 11241100x8000000000000000712117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479a0583b193ba6f2023-02-07 15:18:25.596root 11241100x8000000000000000712116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f11257caef82632023-02-07 15:18:25.596root 11241100x8000000000000000712115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc54a6bd829e8102023-02-07 15:18:25.596root 11241100x8000000000000000712129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa36b821f464372023-02-07 15:18:25.597root 11241100x8000000000000000712128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e76f94b6b7918e2023-02-07 15:18:25.597root 11241100x8000000000000000712127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25a93d0cfd4b5422023-02-07 15:18:25.597root 11241100x8000000000000000712126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87253c533f2baaa72023-02-07 15:18:25.597root 11241100x8000000000000000712125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8d2dc4ff8422952023-02-07 15:18:25.597root 11241100x8000000000000000712124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890c68782c14687d2023-02-07 15:18:25.597root 11241100x8000000000000000712123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d8cfc248b5cdc92023-02-07 15:18:25.597root 11241100x8000000000000000712122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e92c9ed2f391d52023-02-07 15:18:25.597root 11241100x8000000000000000712121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdec7faab054d9642023-02-07 15:18:25.597root 11241100x8000000000000000712131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6728318dc1e6fdd2023-02-07 15:18:25.598root 11241100x8000000000000000712130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e791c95f1e989402023-02-07 15:18:25.598root 11241100x8000000000000000712133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccc2083189a74422023-02-07 15:18:26.095root 11241100x8000000000000000712132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feb77e120c3a2422023-02-07 15:18:26.095root 11241100x8000000000000000712137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcfa6b076b479cc2023-02-07 15:18:26.096root 11241100x8000000000000000712136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea75fc8adba2ff742023-02-07 15:18:26.096root 11241100x8000000000000000712135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e392862ba15f192023-02-07 15:18:26.096root 11241100x8000000000000000712134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d94129578c08d22023-02-07 15:18:26.096root 11241100x8000000000000000712146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bfd62d17d5cd272023-02-07 15:18:26.097root 11241100x8000000000000000712145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0531ad4a64c550b2023-02-07 15:18:26.097root 11241100x8000000000000000712144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664ff04a121e61432023-02-07 15:18:26.097root 11241100x8000000000000000712143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f7a774562b1a72023-02-07 15:18:26.097root 11241100x8000000000000000712142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec651c7666a3b282023-02-07 15:18:26.097root 11241100x8000000000000000712141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdfd2d8ee3e6efe2023-02-07 15:18:26.097root 11241100x8000000000000000712140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a5b4f8f75269772023-02-07 15:18:26.097root 11241100x8000000000000000712139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfb4450c6c449572023-02-07 15:18:26.097root 11241100x8000000000000000712138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4893315e9f7bfd8c2023-02-07 15:18:26.097root 11241100x8000000000000000712153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eff04b527cec052023-02-07 15:18:26.098root 11241100x8000000000000000712152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8751574a40c10c2023-02-07 15:18:26.098root 11241100x8000000000000000712151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118dfb078201f3002023-02-07 15:18:26.098root 11241100x8000000000000000712150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d2eae04b7efa0d2023-02-07 15:18:26.098root 11241100x8000000000000000712149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e08cce2764d3f12023-02-07 15:18:26.098root 11241100x8000000000000000712148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37265b59651e25402023-02-07 15:18:26.098root 11241100x8000000000000000712147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59492e4547089fb2023-02-07 15:18:26.098root 11241100x8000000000000000712163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1804608fa3805d22023-02-07 15:18:26.596root 11241100x8000000000000000712162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899b6d44e8d951c62023-02-07 15:18:26.596root 11241100x8000000000000000712161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d5ac661b9940332023-02-07 15:18:26.596root 11241100x8000000000000000712160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4594ab532a76052023-02-07 15:18:26.596root 11241100x8000000000000000712159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bad5e6b28c1a292023-02-07 15:18:26.596root 11241100x8000000000000000712158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818a8fd1f3aa690d2023-02-07 15:18:26.596root 11241100x8000000000000000712157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13110ece0608f59e2023-02-07 15:18:26.596root 11241100x8000000000000000712156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a471f51b583ad1a22023-02-07 15:18:26.596root 11241100x8000000000000000712155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d57ac3058e11c232023-02-07 15:18:26.596root 11241100x8000000000000000712154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ee907d236ce5e52023-02-07 15:18:26.596root 11241100x8000000000000000712173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef44ec650d1dd31d2023-02-07 15:18:26.597root 11241100x8000000000000000712172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d551d05919b7ba2023-02-07 15:18:26.597root 11241100x8000000000000000712171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38ac65a0d459842023-02-07 15:18:26.597root 11241100x8000000000000000712170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd135b9393981532023-02-07 15:18:26.597root 11241100x8000000000000000712169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7e96497f754ba2023-02-07 15:18:26.597root 11241100x8000000000000000712168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8529c6e90fbed02023-02-07 15:18:26.597root 11241100x8000000000000000712167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb411249664009c42023-02-07 15:18:26.597root 11241100x8000000000000000712166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fa746a8d5c6cfd2023-02-07 15:18:26.597root 11241100x8000000000000000712165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8f54c215c2c2e2023-02-07 15:18:26.597root 11241100x8000000000000000712164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc298b4930094f2023-02-07 15:18:26.597root 11241100x8000000000000000712178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c137bfccd7859d6d2023-02-07 15:18:27.095root 11241100x8000000000000000712177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b596b3eabccc0c2023-02-07 15:18:27.095root 11241100x8000000000000000712176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48cdeb74b2d507d2023-02-07 15:18:27.095root 11241100x8000000000000000712175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90838d4d747ae392023-02-07 15:18:27.095root 11241100x8000000000000000712174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c435b408f97553f62023-02-07 15:18:27.095root 11241100x8000000000000000712184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16efaa8e53efabe22023-02-07 15:18:27.096root 11241100x8000000000000000712183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8094e6062dd2a3b12023-02-07 15:18:27.096root 11241100x8000000000000000712182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72924b8fb0eda1bd2023-02-07 15:18:27.096root 11241100x8000000000000000712181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c336749bfe0a072023-02-07 15:18:27.096root 11241100x8000000000000000712180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45897908ffef2dfa2023-02-07 15:18:27.096root 11241100x8000000000000000712179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b6670f7444886b2023-02-07 15:18:27.096root 11241100x8000000000000000712188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fb296ec8634ef72023-02-07 15:18:27.097root 11241100x8000000000000000712187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c80b3eab7e12ea2023-02-07 15:18:27.097root 11241100x8000000000000000712186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561de92d96d624472023-02-07 15:18:27.097root 11241100x8000000000000000712185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277373c984f906d22023-02-07 15:18:27.097root 11241100x8000000000000000712193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf07ee9200445512023-02-07 15:18:27.098root 11241100x8000000000000000712192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530f60df3480a0fc2023-02-07 15:18:27.098root 11241100x8000000000000000712191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499d451bb4fdf8622023-02-07 15:18:27.098root 11241100x8000000000000000712190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61e640d74f0f18d2023-02-07 15:18:27.098root 11241100x8000000000000000712189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3a57fc1d7eccf62023-02-07 15:18:27.098root 11241100x8000000000000000712195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d34f03253deb1c22023-02-07 15:18:27.100root 11241100x8000000000000000712194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4b64616fca6ddc2023-02-07 15:18:27.100root 11241100x8000000000000000712199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fbba6b9d4399d42023-02-07 15:18:27.595root 11241100x8000000000000000712198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84819b03af92b582023-02-07 15:18:27.595root 11241100x8000000000000000712197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d0e4b1a4914ba02023-02-07 15:18:27.595root 11241100x8000000000000000712196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae31a8782501a4462023-02-07 15:18:27.595root 11241100x8000000000000000712205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d857822df39212023-02-07 15:18:27.596root 11241100x8000000000000000712204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc1f4978ec4ae592023-02-07 15:18:27.596root 11241100x8000000000000000712203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4055030d3f85c452023-02-07 15:18:27.596root 11241100x8000000000000000712202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be5a8556ee961ca2023-02-07 15:18:27.596root 11241100x8000000000000000712201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b7a75dde0e30242023-02-07 15:18:27.596root 11241100x8000000000000000712200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dbb209caae94b02023-02-07 15:18:27.596root 11241100x8000000000000000712212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9550ccebedb92da2023-02-07 15:18:27.597root 11241100x8000000000000000712211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6d9443edb733782023-02-07 15:18:27.597root 11241100x8000000000000000712210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9590c2e12e0ccca52023-02-07 15:18:27.597root 11241100x8000000000000000712209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c77147655da2e12023-02-07 15:18:27.597root 11241100x8000000000000000712208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e522b0945194b92023-02-07 15:18:27.597root 11241100x8000000000000000712207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e7e2931b5166692023-02-07 15:18:27.597root 11241100x8000000000000000712206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823b4538c33c6aff2023-02-07 15:18:27.597root 11241100x8000000000000000712217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f1abc022877e72023-02-07 15:18:27.598root 11241100x8000000000000000712216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b197465ddf6bbc9f2023-02-07 15:18:27.598root 11241100x8000000000000000712215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5c3ffb0db007572023-02-07 15:18:27.598root 11241100x8000000000000000712214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e4c22365a4a7ce2023-02-07 15:18:27.598root 11241100x8000000000000000712213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d7e353a8dab6be2023-02-07 15:18:27.598root 23542300x8000000000000000712218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:27.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000712228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3edbdbe1a185ee2023-02-07 15:18:28.096root 11241100x8000000000000000712227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9227c56adbf5542023-02-07 15:18:28.096root 11241100x8000000000000000712226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534120d85634497c2023-02-07 15:18:28.096root 11241100x8000000000000000712225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1b3768269664872023-02-07 15:18:28.096root 11241100x8000000000000000712224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaf60618579f9562023-02-07 15:18:28.096root 11241100x8000000000000000712223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3386fb4e441c6e12023-02-07 15:18:28.096root 11241100x8000000000000000712222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0a50d34d1cad302023-02-07 15:18:28.096root 11241100x8000000000000000712221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a866c8390e81ae2023-02-07 15:18:28.096root 11241100x8000000000000000712220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1706ce3241d0df372023-02-07 15:18:28.096root 11241100x8000000000000000712219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa814a5140db4c0a2023-02-07 15:18:28.096root 11241100x8000000000000000712235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6986bc620d750aae2023-02-07 15:18:28.097root 11241100x8000000000000000712234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07d75061fd60e9f2023-02-07 15:18:28.097root 11241100x8000000000000000712233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ca00d24baeb48f2023-02-07 15:18:28.097root 11241100x8000000000000000712232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a592c28018c7a2023-02-07 15:18:28.097root 11241100x8000000000000000712231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df92f555f82c3cc82023-02-07 15:18:28.097root 11241100x8000000000000000712230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea729047f589232023-02-07 15:18:28.097root 11241100x8000000000000000712229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9b694ba6f5bb992023-02-07 15:18:28.097root 11241100x8000000000000000712239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f3ea05beca3322023-02-07 15:18:28.098root 11241100x8000000000000000712238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec9fb658892e8e82023-02-07 15:18:28.098root 11241100x8000000000000000712237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e979be5255a586b32023-02-07 15:18:28.098root 11241100x8000000000000000712236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85250b46eaaeecb22023-02-07 15:18:28.098root 11241100x8000000000000000712242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4564339d39e4f2023-02-07 15:18:28.595root 11241100x8000000000000000712241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd98cfc6f57ba52023-02-07 15:18:28.595root 11241100x8000000000000000712240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa9945024065d6f2023-02-07 15:18:28.595root 11241100x8000000000000000712244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa91cdbb576428a2023-02-07 15:18:28.596root 11241100x8000000000000000712243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf665021362a9d52023-02-07 15:18:28.596root 11241100x8000000000000000712249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587628763e1bc2f82023-02-07 15:18:28.597root 11241100x8000000000000000712248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc0ce5a5c38da0c2023-02-07 15:18:28.597root 11241100x8000000000000000712247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f38c4781cf290462023-02-07 15:18:28.597root 11241100x8000000000000000712246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd2aa420e46f6262023-02-07 15:18:28.597root 11241100x8000000000000000712245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dfe5bcc8d1944f2023-02-07 15:18:28.597root 11241100x8000000000000000712256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fff8a6d17980c12023-02-07 15:18:28.598root 11241100x8000000000000000712255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73a4e8e5b983deb2023-02-07 15:18:28.598root 11241100x8000000000000000712254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38943c571776c7002023-02-07 15:18:28.598root 11241100x8000000000000000712253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca887ea175513e8d2023-02-07 15:18:28.598root 11241100x8000000000000000712252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d772aa56f4db26d2023-02-07 15:18:28.598root 11241100x8000000000000000712251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5078ca85bb548caa2023-02-07 15:18:28.598root 11241100x8000000000000000712250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68f68d3edca640f2023-02-07 15:18:28.598root 11241100x8000000000000000712262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa4096b77f98b732023-02-07 15:18:28.599root 11241100x8000000000000000712261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73a0a77a9e533dc2023-02-07 15:18:28.599root 11241100x8000000000000000712260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ee897b056b8d382023-02-07 15:18:28.599root 11241100x8000000000000000712259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d7efa7a9b1aa442023-02-07 15:18:28.599root 11241100x8000000000000000712258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcd9437b869c4992023-02-07 15:18:28.599root 11241100x8000000000000000712257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e556166cb13897152023-02-07 15:18:28.599root 354300x8000000000000000712263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.075{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49738-false10.0.1.12-8000- 11241100x8000000000000000712270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.077{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3825155e73dd15822023-02-07 15:18:29.077root 11241100x8000000000000000712269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.077{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa231bf0326b6982023-02-07 15:18:29.077root 11241100x8000000000000000712268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.077{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faccb4a0e7c6e742023-02-07 15:18:29.077root 11241100x8000000000000000712267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.077{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863063a0c22a4e662023-02-07 15:18:29.077root 11241100x8000000000000000712266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.077{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fe9fcaa43b2b842023-02-07 15:18:29.077root 11241100x8000000000000000712265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.077{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b704fb4bef32e0462023-02-07 15:18:29.077root 11241100x8000000000000000712264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.077{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a858ec2721bbaa2023-02-07 15:18:29.077root 11241100x8000000000000000712285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1c9ce61d7798a52023-02-07 15:18:29.078root 11241100x8000000000000000712284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b44ac11ee4d5252023-02-07 15:18:29.078root 11241100x8000000000000000712283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656786992eee0d062023-02-07 15:18:29.078root 11241100x8000000000000000712282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d616122b0fbf8c82023-02-07 15:18:29.078root 11241100x8000000000000000712281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a15a8c7aceac22023-02-07 15:18:29.078root 11241100x8000000000000000712280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ae18613c1ea3542023-02-07 15:18:29.078root 11241100x8000000000000000712279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384b5625ea44d65b2023-02-07 15:18:29.078root 11241100x8000000000000000712278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e36ba2412063a132023-02-07 15:18:29.078root 11241100x8000000000000000712277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9a8a2fbcd461fc2023-02-07 15:18:29.078root 11241100x8000000000000000712276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4e32680aa602f72023-02-07 15:18:29.078root 11241100x8000000000000000712275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39234e8bb1e0e3362023-02-07 15:18:29.078root 11241100x8000000000000000712274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00df14e4d15c01102023-02-07 15:18:29.078root 11241100x8000000000000000712273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef080ec37b9580d82023-02-07 15:18:29.078root 11241100x8000000000000000712272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e87cd83a6ae6dc02023-02-07 15:18:29.078root 11241100x8000000000000000712271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.078{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec073a2cc1f48f72023-02-07 15:18:29.078root 11241100x8000000000000000712294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdea67673abb4d82023-02-07 15:18:29.346root 11241100x8000000000000000712293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06ace68324addb82023-02-07 15:18:29.346root 11241100x8000000000000000712292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd20c136dcf34e882023-02-07 15:18:29.346root 11241100x8000000000000000712291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b341884691ed62023-02-07 15:18:29.346root 11241100x8000000000000000712290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08206608a155987e2023-02-07 15:18:29.346root 11241100x8000000000000000712289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1305722012c147fc2023-02-07 15:18:29.346root 11241100x8000000000000000712288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e50ed9e6f1290372023-02-07 15:18:29.346root 11241100x8000000000000000712287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c28ca570f41af7a2023-02-07 15:18:29.346root 11241100x8000000000000000712286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e704cf4e36ad96c2023-02-07 15:18:29.346root 11241100x8000000000000000712302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad6cdaa8bcdcefa2023-02-07 15:18:29.347root 11241100x8000000000000000712301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f9b555d08d6e652023-02-07 15:18:29.347root 11241100x8000000000000000712300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf04ab4212bacf82023-02-07 15:18:29.347root 11241100x8000000000000000712299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc56c1959cdcac82023-02-07 15:18:29.347root 11241100x8000000000000000712298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83942cfe86c2d1592023-02-07 15:18:29.347root 11241100x8000000000000000712297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e1fccfef29ea2e2023-02-07 15:18:29.347root 11241100x8000000000000000712296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91d2017044a81022023-02-07 15:18:29.347root 11241100x8000000000000000712295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b0913bdf900be32023-02-07 15:18:29.347root 11241100x8000000000000000712307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3030e1210c19c912023-02-07 15:18:29.348root 11241100x8000000000000000712306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637a1a451bf767182023-02-07 15:18:29.348root 11241100x8000000000000000712305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a2fdfcc51138c52023-02-07 15:18:29.348root 11241100x8000000000000000712304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90175f9457f5777b2023-02-07 15:18:29.348root 11241100x8000000000000000712303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43684f222cddbc012023-02-07 15:18:29.348root 11241100x8000000000000000712311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8809104c46b950a72023-02-07 15:18:29.845root 11241100x8000000000000000712310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93052a94ff9492a02023-02-07 15:18:29.845root 11241100x8000000000000000712309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aea62772dd15982023-02-07 15:18:29.845root 11241100x8000000000000000712308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a21666198e2bef2023-02-07 15:18:29.845root 11241100x8000000000000000712318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e17bd8b3b5d702023-02-07 15:18:29.846root 11241100x8000000000000000712317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4547f66c0ced7602023-02-07 15:18:29.846root 11241100x8000000000000000712316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8492201c205fbd9b2023-02-07 15:18:29.846root 11241100x8000000000000000712315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846161c469379fae2023-02-07 15:18:29.846root 11241100x8000000000000000712314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab9714296b45fef2023-02-07 15:18:29.846root 11241100x8000000000000000712313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f52ac8c083e6892023-02-07 15:18:29.846root 11241100x8000000000000000712312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b8b965d718725a2023-02-07 15:18:29.846root 11241100x8000000000000000712329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d2aefe96c26e62023-02-07 15:18:29.847root 11241100x8000000000000000712328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf16ded2d1d19ed52023-02-07 15:18:29.847root 11241100x8000000000000000712327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabc90f52f421ed32023-02-07 15:18:29.847root 11241100x8000000000000000712326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1cf7f51a1f0ec32023-02-07 15:18:29.847root 11241100x8000000000000000712325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f5aea90fbbbd512023-02-07 15:18:29.847root 11241100x8000000000000000712324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8449fe80fc920c2023-02-07 15:18:29.847root 11241100x8000000000000000712323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0df0b5f2164a6b02023-02-07 15:18:29.847root 11241100x8000000000000000712322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f657f0fca4ec8c132023-02-07 15:18:29.847root 11241100x8000000000000000712321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0618fbab29e288be2023-02-07 15:18:29.847root 11241100x8000000000000000712320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efbbeba2b46a8d62023-02-07 15:18:29.847root 11241100x8000000000000000712319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:29.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a105542aa195caa2023-02-07 15:18:29.847root 11241100x8000000000000000712333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715f85cd0459ce1a2023-02-07 15:18:30.345root 11241100x8000000000000000712332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15059e6290e6d9cc2023-02-07 15:18:30.345root 11241100x8000000000000000712331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513fe52e4ec5c00c2023-02-07 15:18:30.345root 11241100x8000000000000000712330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bf5e5b6da3b8392023-02-07 15:18:30.345root 11241100x8000000000000000712341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72672098ff0f21e2023-02-07 15:18:30.346root 11241100x8000000000000000712340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5856bc0f218b45d32023-02-07 15:18:30.346root 11241100x8000000000000000712339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3982fbc858a65a72023-02-07 15:18:30.346root 11241100x8000000000000000712338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dae2f5f0510d69f2023-02-07 15:18:30.346root 11241100x8000000000000000712337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fd39741cea556a2023-02-07 15:18:30.346root 11241100x8000000000000000712336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62b535924b80fa2023-02-07 15:18:30.346root 11241100x8000000000000000712335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbdbe74819342002023-02-07 15:18:30.346root 11241100x8000000000000000712334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62e80bc10c5efd2023-02-07 15:18:30.346root 11241100x8000000000000000712351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4816f8f0e1f306f32023-02-07 15:18:30.347root 11241100x8000000000000000712350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e33ffbc998d85d32023-02-07 15:18:30.347root 11241100x8000000000000000712349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4adecddcdf88b4a2023-02-07 15:18:30.347root 11241100x8000000000000000712348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea785219bbc50802023-02-07 15:18:30.347root 11241100x8000000000000000712347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b39db0e22d41cf2023-02-07 15:18:30.347root 11241100x8000000000000000712346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a76d5bea6d0386e2023-02-07 15:18:30.347root 11241100x8000000000000000712345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d183b088d5614122023-02-07 15:18:30.347root 11241100x8000000000000000712344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb0e394e2ec7f032023-02-07 15:18:30.347root 11241100x8000000000000000712343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d57bccbd83ab73d2023-02-07 15:18:30.347root 11241100x8000000000000000712342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df2faaea53e3fae2023-02-07 15:18:30.347root 11241100x8000000000000000712356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669364299b7ac44a2023-02-07 15:18:30.845root 11241100x8000000000000000712355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c6ec8d1278c5522023-02-07 15:18:30.845root 11241100x8000000000000000712354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1658ff849b756b262023-02-07 15:18:30.845root 11241100x8000000000000000712353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf9878e26d1b0eb2023-02-07 15:18:30.845root 11241100x8000000000000000712352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bbd28b770375772023-02-07 15:18:30.845root 11241100x8000000000000000712367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820925b4ea0127412023-02-07 15:18:30.846root 11241100x8000000000000000712366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73f07ed7ffaca32023-02-07 15:18:30.846root 11241100x8000000000000000712365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b219db1c6e6a7fc42023-02-07 15:18:30.846root 11241100x8000000000000000712364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2335a341610081d2023-02-07 15:18:30.846root 11241100x8000000000000000712363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3f217ebf185d832023-02-07 15:18:30.846root 11241100x8000000000000000712362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02da6906658cacd52023-02-07 15:18:30.846root 11241100x8000000000000000712361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb42dfcfeed2fb2023-02-07 15:18:30.846root 11241100x8000000000000000712360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a977daab9a9787f52023-02-07 15:18:30.846root 11241100x8000000000000000712359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ac90a95aa8513e2023-02-07 15:18:30.846root 11241100x8000000000000000712358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06a7732dc6063a62023-02-07 15:18:30.846root 11241100x8000000000000000712357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e90532e0cf3736a2023-02-07 15:18:30.846root 11241100x8000000000000000712375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d584a21d69d1c7c22023-02-07 15:18:30.847root 11241100x8000000000000000712374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18eadfb2d090ba052023-02-07 15:18:30.847root 11241100x8000000000000000712373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4185211d4ea8323d2023-02-07 15:18:30.847root 11241100x8000000000000000712372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0e9e524fa7dc0d2023-02-07 15:18:30.847root 11241100x8000000000000000712371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80bdf808e057c262023-02-07 15:18:30.847root 11241100x8000000000000000712370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900d9889cdb130692023-02-07 15:18:30.847root 11241100x8000000000000000712369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcf0ee4a96de8412023-02-07 15:18:30.847root 11241100x8000000000000000712368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1bf3b4053f26592023-02-07 15:18:30.847root 11241100x8000000000000000712383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2c29b4ab0871c62023-02-07 15:18:31.346root 11241100x8000000000000000712382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fb44febbd3217d2023-02-07 15:18:31.346root 11241100x8000000000000000712381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aff9444998b85a2023-02-07 15:18:31.346root 11241100x8000000000000000712380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2cae255407a0072023-02-07 15:18:31.346root 11241100x8000000000000000712379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827bf8eb6b5ada4c2023-02-07 15:18:31.346root 11241100x8000000000000000712378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478562c730240a022023-02-07 15:18:31.346root 11241100x8000000000000000712377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267bdd2e18bee6dc2023-02-07 15:18:31.346root 11241100x8000000000000000712376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9121a5e0329ace9a2023-02-07 15:18:31.346root 11241100x8000000000000000712393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39475ccd1552433c2023-02-07 15:18:31.347root 11241100x8000000000000000712392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916bd53da82e30392023-02-07 15:18:31.347root 11241100x8000000000000000712391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a121bb2d006aeb82023-02-07 15:18:31.347root 11241100x8000000000000000712390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a4208c1ab184942023-02-07 15:18:31.347root 11241100x8000000000000000712389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e4c8f422c3ad7f2023-02-07 15:18:31.347root 11241100x8000000000000000712388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ad5d526614df6a2023-02-07 15:18:31.347root 11241100x8000000000000000712387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92460c7d7bf80a52023-02-07 15:18:31.347root 11241100x8000000000000000712386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfba4bb0e75cd2a92023-02-07 15:18:31.347root 11241100x8000000000000000712385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb047c934e6b079d2023-02-07 15:18:31.347root 11241100x8000000000000000712384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ec2f42aa994c622023-02-07 15:18:31.347root 11241100x8000000000000000712398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43af0f4083fc6c5f2023-02-07 15:18:31.348root 11241100x8000000000000000712397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6cf7035bfc6f42023-02-07 15:18:31.348root 11241100x8000000000000000712396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828c540626c8aa622023-02-07 15:18:31.348root 11241100x8000000000000000712395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b046e270b7a8978f2023-02-07 15:18:31.348root 11241100x8000000000000000712394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d715272381d961732023-02-07 15:18:31.348root 11241100x8000000000000000712399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5a19cd5b3d705d2023-02-07 15:18:31.845root 11241100x8000000000000000712408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca549ea1e7e12ba2023-02-07 15:18:31.846root 11241100x8000000000000000712407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e9dad37d6b42ec2023-02-07 15:18:31.846root 11241100x8000000000000000712406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d81e21fc00635b2023-02-07 15:18:31.846root 11241100x8000000000000000712405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c4aa569573231c2023-02-07 15:18:31.846root 11241100x8000000000000000712404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298abb38b24a44a12023-02-07 15:18:31.846root 11241100x8000000000000000712403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78549bab214706ac2023-02-07 15:18:31.846root 11241100x8000000000000000712402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b40718f63b05d02023-02-07 15:18:31.846root 11241100x8000000000000000712401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0147608fe850c42023-02-07 15:18:31.846root 11241100x8000000000000000712400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5663614e54610e9c2023-02-07 15:18:31.846root 11241100x8000000000000000712417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837090edd4e952032023-02-07 15:18:31.847root 11241100x8000000000000000712416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91facd27a0076a02023-02-07 15:18:31.847root 11241100x8000000000000000712415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32543547d9d3b232023-02-07 15:18:31.847root 11241100x8000000000000000712414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09c8aab93354a002023-02-07 15:18:31.847root 11241100x8000000000000000712413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3843fbda3e920d2023-02-07 15:18:31.847root 11241100x8000000000000000712412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6390362e36c8e0422023-02-07 15:18:31.847root 11241100x8000000000000000712411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71a145f521b7ebd2023-02-07 15:18:31.847root 11241100x8000000000000000712410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be24d23f50aa1372023-02-07 15:18:31.847root 11241100x8000000000000000712409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e600fad926398c2023-02-07 15:18:31.847root 11241100x8000000000000000712420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9df296b234c74d2023-02-07 15:18:31.848root 11241100x8000000000000000712419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7bc5ba366784f72023-02-07 15:18:31.848root 11241100x8000000000000000712418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:31.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58c36da6b5c8dad2023-02-07 15:18:31.848root 11241100x8000000000000000712422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1592db2b8b9d51912023-02-07 15:18:32.345root 11241100x8000000000000000712421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77f56b2920427ba2023-02-07 15:18:32.345root 11241100x8000000000000000712433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcedd26b6bb647fe2023-02-07 15:18:32.346root 11241100x8000000000000000712432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48371c4046f6bf762023-02-07 15:18:32.346root 11241100x8000000000000000712431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a1a84cc04914d32023-02-07 15:18:32.346root 11241100x8000000000000000712430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28987c4cf0350cf82023-02-07 15:18:32.346root 11241100x8000000000000000712429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402c55d593c08e2a2023-02-07 15:18:32.346root 11241100x8000000000000000712428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7ad2ee986c8afa2023-02-07 15:18:32.346root 11241100x8000000000000000712427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d158ed027ff066512023-02-07 15:18:32.346root 11241100x8000000000000000712426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d97671a12234b02023-02-07 15:18:32.346root 11241100x8000000000000000712425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3b35604cd8eb832023-02-07 15:18:32.346root 11241100x8000000000000000712424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3a3d428da715e82023-02-07 15:18:32.346root 11241100x8000000000000000712423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbd890cf99365162023-02-07 15:18:32.346root 11241100x8000000000000000712443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ccd99a49da39672023-02-07 15:18:32.347root 11241100x8000000000000000712442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5de1af303929442023-02-07 15:18:32.347root 11241100x8000000000000000712441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a6242e6dbb1a282023-02-07 15:18:32.347root 11241100x8000000000000000712440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983dad43a7e2c8cd2023-02-07 15:18:32.347root 11241100x8000000000000000712439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645b3206be8644ae2023-02-07 15:18:32.347root 11241100x8000000000000000712438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a915d948d8ef038d2023-02-07 15:18:32.347root 11241100x8000000000000000712437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07de0bfbc521d7882023-02-07 15:18:32.347root 11241100x8000000000000000712436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eafbb4b8d40475e2023-02-07 15:18:32.347root 11241100x8000000000000000712435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7760bb817742642023-02-07 15:18:32.347root 11241100x8000000000000000712434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff8d5b85ef4841d2023-02-07 15:18:32.347root 11241100x8000000000000000712455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a052ca4925fc5502023-02-07 15:18:32.846root 11241100x8000000000000000712454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a7c06522fb3fb02023-02-07 15:18:32.846root 11241100x8000000000000000712453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a498af10e6044e2023-02-07 15:18:32.846root 11241100x8000000000000000712452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06e07a74ba6db542023-02-07 15:18:32.846root 11241100x8000000000000000712451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32d716755de7d312023-02-07 15:18:32.846root 11241100x8000000000000000712450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be675d695fb235d32023-02-07 15:18:32.846root 11241100x8000000000000000712449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea684be9ac0162742023-02-07 15:18:32.846root 11241100x8000000000000000712448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8267c628cae73392023-02-07 15:18:32.846root 11241100x8000000000000000712447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd01ad02f706f4c2023-02-07 15:18:32.846root 11241100x8000000000000000712446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d63aa6f80d348ca2023-02-07 15:18:32.846root 11241100x8000000000000000712445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5e552a8e1a02eb2023-02-07 15:18:32.846root 11241100x8000000000000000712444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b835ecdbcaa6472023-02-07 15:18:32.846root 11241100x8000000000000000712465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587160086a6748602023-02-07 15:18:32.847root 11241100x8000000000000000712464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28326bf5c7af14ea2023-02-07 15:18:32.847root 11241100x8000000000000000712463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0dc6720e34c3a52023-02-07 15:18:32.847root 11241100x8000000000000000712462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9397b9ee9c6beceb2023-02-07 15:18:32.847root 11241100x8000000000000000712461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6329af92fe55edd22023-02-07 15:18:32.847root 11241100x8000000000000000712460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b015a92ce27805c2023-02-07 15:18:32.847root 11241100x8000000000000000712459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24028c9472752ae22023-02-07 15:18:32.847root 11241100x8000000000000000712458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161d288c95180a0b2023-02-07 15:18:32.847root 11241100x8000000000000000712457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e81ad1eaabd22012023-02-07 15:18:32.847root 11241100x8000000000000000712456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534c90c6b412d1e52023-02-07 15:18:32.847root 11241100x8000000000000000712468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a4d0282b79e5962023-02-07 15:18:33.345root 11241100x8000000000000000712467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d80f546e5727b12023-02-07 15:18:33.345root 11241100x8000000000000000712466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88d91c15291f1792023-02-07 15:18:33.345root 11241100x8000000000000000712479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddc21be372773272023-02-07 15:18:33.346root 11241100x8000000000000000712478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5862cc8c5d7502023-02-07 15:18:33.346root 11241100x8000000000000000712477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8a52e66d78a0332023-02-07 15:18:33.346root 11241100x8000000000000000712476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0145e0d69e7527722023-02-07 15:18:33.346root 11241100x8000000000000000712475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1718dbd0f6c889f2023-02-07 15:18:33.346root 11241100x8000000000000000712474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2853cddda8f64792023-02-07 15:18:33.346root 11241100x8000000000000000712473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6a65ee7c4ec9ff2023-02-07 15:18:33.346root 11241100x8000000000000000712472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d33c5e4988dbbf62023-02-07 15:18:33.346root 11241100x8000000000000000712471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5d4128dd6f29662023-02-07 15:18:33.346root 11241100x8000000000000000712470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b672963be4d33e522023-02-07 15:18:33.346root 11241100x8000000000000000712469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2949cc968a97cd112023-02-07 15:18:33.346root 11241100x8000000000000000712488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1576a042e8b3802023-02-07 15:18:33.347root 11241100x8000000000000000712487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a7b46ee33812652023-02-07 15:18:33.347root 11241100x8000000000000000712486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c962418eded72882023-02-07 15:18:33.347root 11241100x8000000000000000712485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40503bf2004708b02023-02-07 15:18:33.347root 11241100x8000000000000000712484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0831f3db12b2a5e2023-02-07 15:18:33.347root 11241100x8000000000000000712483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b16ac7f68e28172023-02-07 15:18:33.347root 11241100x8000000000000000712482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4fea22fbaf880e2023-02-07 15:18:33.347root 11241100x8000000000000000712481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66df684e6e4042462023-02-07 15:18:33.347root 11241100x8000000000000000712480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadf3a955cb1f7102023-02-07 15:18:33.347root 11241100x8000000000000000712489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad8a2dbb8f155c02023-02-07 15:18:33.845root 11241100x8000000000000000712500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008eb35b0a95a5912023-02-07 15:18:33.846root 11241100x8000000000000000712499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198c9e794483dfd02023-02-07 15:18:33.846root 11241100x8000000000000000712498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dc9e25e47d72342023-02-07 15:18:33.846root 11241100x8000000000000000712497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb8651b209335222023-02-07 15:18:33.846root 11241100x8000000000000000712496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0a4a18c23b23e32023-02-07 15:18:33.846root 11241100x8000000000000000712495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e1b1922ebcaaee2023-02-07 15:18:33.846root 11241100x8000000000000000712494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90f71f3a3a9ae9a2023-02-07 15:18:33.846root 11241100x8000000000000000712493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc008e7eb52f6a2023-02-07 15:18:33.846root 11241100x8000000000000000712492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617c0447b8b47eb72023-02-07 15:18:33.846root 11241100x8000000000000000712491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1ca48761da34cf2023-02-07 15:18:33.846root 11241100x8000000000000000712490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec52073f892f7052023-02-07 15:18:33.846root 11241100x8000000000000000712510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d467fa5f35d5ceb82023-02-07 15:18:33.847root 11241100x8000000000000000712509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd9eca1318754e32023-02-07 15:18:33.847root 11241100x8000000000000000712508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bb687c2c76c5e72023-02-07 15:18:33.847root 11241100x8000000000000000712507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065fbefc57d0a002023-02-07 15:18:33.847root 11241100x8000000000000000712506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701846ef724cb2c12023-02-07 15:18:33.847root 11241100x8000000000000000712505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734719301305347b2023-02-07 15:18:33.847root 11241100x8000000000000000712504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffecc5e0a5d59da82023-02-07 15:18:33.847root 11241100x8000000000000000712503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8d047aab72aa8f2023-02-07 15:18:33.847root 11241100x8000000000000000712502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa58a25de05e8c9c2023-02-07 15:18:33.847root 11241100x8000000000000000712501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab20710a4fd65672023-02-07 15:18:33.847root 11241100x8000000000000000712512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1dd13d206ca85d2023-02-07 15:18:34.116root 354300x8000000000000000712511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.116{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49746-false10.0.1.12-8000- 11241100x8000000000000000712517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.117{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad5396de7adaed72023-02-07 15:18:34.117root 11241100x8000000000000000712516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.117{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8ade3ab91feefc2023-02-07 15:18:34.117root 11241100x8000000000000000712515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.117{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46d69323b7e6bc92023-02-07 15:18:34.117root 11241100x8000000000000000712514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.117{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94d68f18bf796e22023-02-07 15:18:34.117root 11241100x8000000000000000712513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.117{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93555e49c3d021b62023-02-07 15:18:34.117root 11241100x8000000000000000712523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0951f321018d852023-02-07 15:18:34.118root 11241100x8000000000000000712522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b8d00977fd8fd12023-02-07 15:18:34.118root 11241100x8000000000000000712521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d5083d53a188d92023-02-07 15:18:34.118root 11241100x8000000000000000712520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d342e18c04a763202023-02-07 15:18:34.118root 11241100x8000000000000000712519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5e394718d488902023-02-07 15:18:34.118root 11241100x8000000000000000712518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42418320dc1621a32023-02-07 15:18:34.118root 11241100x8000000000000000712528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5ca6171f15da02023-02-07 15:18:34.119root 11241100x8000000000000000712527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc48e8bf9a7b3e072023-02-07 15:18:34.119root 11241100x8000000000000000712526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3ec4b9a5b476562023-02-07 15:18:34.119root 11241100x8000000000000000712525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc622f094be305d2023-02-07 15:18:34.119root 11241100x8000000000000000712524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b73eededf3823a2023-02-07 15:18:34.119root 11241100x8000000000000000712534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4fa8806c6942152023-02-07 15:18:34.120root 11241100x8000000000000000712533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7fed4f37826fd82023-02-07 15:18:34.120root 11241100x8000000000000000712532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebcca150cb1f6532023-02-07 15:18:34.120root 11241100x8000000000000000712531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d1a46c86c72ce82023-02-07 15:18:34.120root 11241100x8000000000000000712530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31f68264e508abf2023-02-07 15:18:34.120root 11241100x8000000000000000712529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e7bcbccc4db2e2023-02-07 15:18:34.120root 11241100x8000000000000000712538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.121{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f292fed26a44488d2023-02-07 15:18:34.121root 11241100x8000000000000000712537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.121{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15de8b3c4631efc2023-02-07 15:18:34.121root 11241100x8000000000000000712536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.121{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3993ddf76efc0f0d2023-02-07 15:18:34.121root 11241100x8000000000000000712535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.121{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ca8354cfc6935d2023-02-07 15:18:34.121root 11241100x8000000000000000712543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.122{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa633eef2f491672023-02-07 15:18:34.122root 11241100x8000000000000000712542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.122{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7299b23cb4cfac842023-02-07 15:18:34.122root 11241100x8000000000000000712541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.122{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b65ed9026cf42292023-02-07 15:18:34.122root 11241100x8000000000000000712540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.122{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cffc476ecb2e2582023-02-07 15:18:34.122root 11241100x8000000000000000712539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.122{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b4ab955786cfca2023-02-07 15:18:34.122root 11241100x8000000000000000712549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e54380e1de1c6452023-02-07 15:18:34.595root 11241100x8000000000000000712548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628578f22709e9072023-02-07 15:18:34.595root 11241100x8000000000000000712547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2075f934aad9a7892023-02-07 15:18:34.595root 11241100x8000000000000000712546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1841f440f2c8e9742023-02-07 15:18:34.595root 11241100x8000000000000000712545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3288a0a31dc563df2023-02-07 15:18:34.595root 11241100x8000000000000000712544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef07d21e9eb33b2023-02-07 15:18:34.595root 11241100x8000000000000000712559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c77681dffb87bc2023-02-07 15:18:34.596root 11241100x8000000000000000712558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c095f23291988222023-02-07 15:18:34.596root 11241100x8000000000000000712557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf1a8117171086d2023-02-07 15:18:34.596root 11241100x8000000000000000712556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d83b90f353249c82023-02-07 15:18:34.596root 11241100x8000000000000000712555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250d2fb4d1f94aeb2023-02-07 15:18:34.596root 11241100x8000000000000000712554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ef51cb753626762023-02-07 15:18:34.596root 11241100x8000000000000000712553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9db55bd710bab862023-02-07 15:18:34.596root 11241100x8000000000000000712552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e32d6bcf2ccce802023-02-07 15:18:34.596root 11241100x8000000000000000712551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66b3e2215c6c3d72023-02-07 15:18:34.596root 11241100x8000000000000000712550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846d41c525bb93872023-02-07 15:18:34.596root 11241100x8000000000000000712566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5771ca450ebdb1e52023-02-07 15:18:34.597root 11241100x8000000000000000712565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7009f1eb3a86bc6e2023-02-07 15:18:34.597root 11241100x8000000000000000712564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73113ea9b537b1342023-02-07 15:18:34.597root 11241100x8000000000000000712563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d32b699f3945f62023-02-07 15:18:34.597root 11241100x8000000000000000712562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0586281156d031862023-02-07 15:18:34.597root 11241100x8000000000000000712561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc8a7b9a7814e0b2023-02-07 15:18:34.597root 11241100x8000000000000000712560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4353b832cd6fe6542023-02-07 15:18:34.597root 11241100x8000000000000000712570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0238526d07d76d2023-02-07 15:18:35.095root 11241100x8000000000000000712569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebe37d10d0426822023-02-07 15:18:35.095root 11241100x8000000000000000712568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eef9852bef0a2e2023-02-07 15:18:35.095root 11241100x8000000000000000712567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8aff19bc932e582023-02-07 15:18:35.095root 11241100x8000000000000000712577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb62a7973ceced42023-02-07 15:18:35.096root 11241100x8000000000000000712576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d460263860a10f902023-02-07 15:18:35.096root 11241100x8000000000000000712575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109853d0a292a9942023-02-07 15:18:35.096root 11241100x8000000000000000712574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7461199b4ab7bfe22023-02-07 15:18:35.096root 11241100x8000000000000000712573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc9a595c145085e2023-02-07 15:18:35.096root 11241100x8000000000000000712572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f73daf4c61a072023-02-07 15:18:35.096root 11241100x8000000000000000712571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486f7c866e6860352023-02-07 15:18:35.096root 11241100x8000000000000000712585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4b0d35fa6ef0822023-02-07 15:18:35.097root 11241100x8000000000000000712584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804392eec5ad66842023-02-07 15:18:35.097root 11241100x8000000000000000712583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddade1a3aa88c2e2023-02-07 15:18:35.097root 11241100x8000000000000000712582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37c493aaa180bb52023-02-07 15:18:35.097root 11241100x8000000000000000712581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1301c7431a94b4e72023-02-07 15:18:35.097root 11241100x8000000000000000712580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c466ba300b1e332023-02-07 15:18:35.097root 11241100x8000000000000000712579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9a6b22574282842023-02-07 15:18:35.097root 11241100x8000000000000000712578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2067a02bdcc73d002023-02-07 15:18:35.097root 11241100x8000000000000000712591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b322b1bfe30a572023-02-07 15:18:35.098root 11241100x8000000000000000712590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30749cc7a73faa292023-02-07 15:18:35.098root 11241100x8000000000000000712589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac61d545d1027ed2023-02-07 15:18:35.098root 11241100x8000000000000000712588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18f505826df41e82023-02-07 15:18:35.098root 11241100x8000000000000000712587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38004366d86abe292023-02-07 15:18:35.098root 11241100x8000000000000000712586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d085f9aaf7fecaaf2023-02-07 15:18:35.098root 11241100x8000000000000000712592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d9ab39e233e28a2023-02-07 15:18:35.099root 11241100x8000000000000000712594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370d288e5b6120152023-02-07 15:18:35.595root 11241100x8000000000000000712593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1185bf8a4283a44d2023-02-07 15:18:35.595root 11241100x8000000000000000712599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be67b34defe029f2023-02-07 15:18:35.596root 11241100x8000000000000000712598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc20e5631f5de412023-02-07 15:18:35.596root 11241100x8000000000000000712597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e7ac90cedef1882023-02-07 15:18:35.596root 11241100x8000000000000000712596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae9a9e739851d002023-02-07 15:18:35.596root 11241100x8000000000000000712595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4bf0b0c42d0ae62023-02-07 15:18:35.596root 11241100x8000000000000000712606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8beee32b2128d2023-02-07 15:18:35.597root 11241100x8000000000000000712605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d6d593d3f48ca22023-02-07 15:18:35.597root 11241100x8000000000000000712604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9be841ae7b40a2023-02-07 15:18:35.597root 11241100x8000000000000000712603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4ea9fbe33991ad2023-02-07 15:18:35.597root 11241100x8000000000000000712602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521a4306163c99002023-02-07 15:18:35.597root 11241100x8000000000000000712601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe055dc3970c1b042023-02-07 15:18:35.597root 11241100x8000000000000000712600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bb5b94e0def51a2023-02-07 15:18:35.597root 11241100x8000000000000000712615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fb49b12f34666f2023-02-07 15:18:35.598root 11241100x8000000000000000712614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace1d8201f96b1b52023-02-07 15:18:35.598root 11241100x8000000000000000712613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8316fe7dada0a422023-02-07 15:18:35.598root 11241100x8000000000000000712612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fd6aec56fbe5122023-02-07 15:18:35.598root 11241100x8000000000000000712611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5330ea3b8326d7762023-02-07 15:18:35.598root 11241100x8000000000000000712610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3763ed52d4dbac362023-02-07 15:18:35.598root 11241100x8000000000000000712609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e303390a588d88f2023-02-07 15:18:35.598root 11241100x8000000000000000712608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f0ea385b9d7fa2023-02-07 15:18:35.598root 11241100x8000000000000000712607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:35.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab974d13889a4202023-02-07 15:18:35.598root 11241100x8000000000000000712620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cbaba4c21859772023-02-07 15:18:36.095root 11241100x8000000000000000712619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8a7e7233ba59062023-02-07 15:18:36.095root 11241100x8000000000000000712618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b7a238f1524e082023-02-07 15:18:36.095root 11241100x8000000000000000712617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd846def2296b5f2023-02-07 15:18:36.095root 11241100x8000000000000000712616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4920b5357606b8df2023-02-07 15:18:36.095root 11241100x8000000000000000712628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1bdf2049ff372c2023-02-07 15:18:36.096root 11241100x8000000000000000712627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676109499614293b2023-02-07 15:18:36.096root 11241100x8000000000000000712626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df12285aa9be9cd2023-02-07 15:18:36.096root 11241100x8000000000000000712625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269fa5870a93bd062023-02-07 15:18:36.096root 11241100x8000000000000000712624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af53ecf8273cee332023-02-07 15:18:36.096root 11241100x8000000000000000712623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b05cc71fa40af62023-02-07 15:18:36.096root 11241100x8000000000000000712622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4fa6568de80eae2023-02-07 15:18:36.096root 11241100x8000000000000000712621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7a2d7733b6868d2023-02-07 15:18:36.096root 11241100x8000000000000000712634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd086b78f645ad02023-02-07 15:18:36.097root 11241100x8000000000000000712633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0872d371885117cd2023-02-07 15:18:36.097root 11241100x8000000000000000712632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d4cf65180e34922023-02-07 15:18:36.097root 11241100x8000000000000000712631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c9fa2e9f1a5dfe2023-02-07 15:18:36.097root 11241100x8000000000000000712630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9968a9d447562f2023-02-07 15:18:36.097root 11241100x8000000000000000712629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f71b4d4815040ff2023-02-07 15:18:36.097root 11241100x8000000000000000712638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fe66886004f1622023-02-07 15:18:36.098root 11241100x8000000000000000712637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdb23635711136c2023-02-07 15:18:36.098root 11241100x8000000000000000712636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678af7fc8413ac9e2023-02-07 15:18:36.098root 11241100x8000000000000000712635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504322f4640610d72023-02-07 15:18:36.098root 11241100x8000000000000000712642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6c496cdf6482bb2023-02-07 15:18:36.596root 11241100x8000000000000000712641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91814e449f1fbea2023-02-07 15:18:36.596root 11241100x8000000000000000712640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1e083bac9a7b6f2023-02-07 15:18:36.596root 11241100x8000000000000000712639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722eb2c41c0befbf2023-02-07 15:18:36.596root 11241100x8000000000000000712649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6f34a8c4613fad2023-02-07 15:18:36.597root 11241100x8000000000000000712648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54e64031b6a28ec2023-02-07 15:18:36.597root 11241100x8000000000000000712647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1fd775493f3e6e2023-02-07 15:18:36.597root 11241100x8000000000000000712646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bc74fcb37a29512023-02-07 15:18:36.597root 11241100x8000000000000000712645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091c356737e146ef2023-02-07 15:18:36.597root 11241100x8000000000000000712644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f7c39df6cd4742023-02-07 15:18:36.597root 11241100x8000000000000000712643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6bf70367a6d3ff2023-02-07 15:18:36.597root 11241100x8000000000000000712654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804ab078a014e2ce2023-02-07 15:18:36.598root 11241100x8000000000000000712653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbba6d4efaf3c252023-02-07 15:18:36.598root 11241100x8000000000000000712652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4245f00449cb91d52023-02-07 15:18:36.598root 11241100x8000000000000000712651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee72ed15428f6b12023-02-07 15:18:36.598root 11241100x8000000000000000712650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54ca142d26d70652023-02-07 15:18:36.598root 11241100x8000000000000000712658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309421e767d23feb2023-02-07 15:18:36.599root 11241100x8000000000000000712657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a9549ef6bc9b062023-02-07 15:18:36.599root 11241100x8000000000000000712656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ea879cf1c7db682023-02-07 15:18:36.599root 11241100x8000000000000000712655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82712da82751f1d2023-02-07 15:18:36.599root 11241100x8000000000000000712661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93426764df4f6bc22023-02-07 15:18:36.600root 11241100x8000000000000000712660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e4c094d683e0802023-02-07 15:18:36.600root 11241100x8000000000000000712659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:36.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9de23be11bbfb02023-02-07 15:18:36.600root 11241100x8000000000000000712667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c305683ca5d13d332023-02-07 15:18:37.095root 11241100x8000000000000000712666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da073a1d85fb2d4e2023-02-07 15:18:37.095root 11241100x8000000000000000712665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f1d879f7cbb66c2023-02-07 15:18:37.095root 11241100x8000000000000000712664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c74589775a1ecef2023-02-07 15:18:37.095root 11241100x8000000000000000712663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06610e3432aacec2023-02-07 15:18:37.095root 11241100x8000000000000000712662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be1f5bb1653cb312023-02-07 15:18:37.095root 11241100x8000000000000000712676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bba7dc84bc37382023-02-07 15:18:37.096root 11241100x8000000000000000712675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f00fb64a2c3e0552023-02-07 15:18:37.096root 11241100x8000000000000000712674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4180c9501a0359e32023-02-07 15:18:37.096root 11241100x8000000000000000712673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a8cb28e1f262632023-02-07 15:18:37.096root 11241100x8000000000000000712672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31915134066f33c32023-02-07 15:18:37.096root 11241100x8000000000000000712671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc63add5169d13a2023-02-07 15:18:37.096root 11241100x8000000000000000712670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35457fcd44b24d02023-02-07 15:18:37.096root 11241100x8000000000000000712669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c3bdb67b9b1c912023-02-07 15:18:37.096root 11241100x8000000000000000712668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f8a6a2800a7b372023-02-07 15:18:37.096root 11241100x8000000000000000712686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049327169c04bc1f2023-02-07 15:18:37.097root 11241100x8000000000000000712685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de24299cb85ae8342023-02-07 15:18:37.097root 11241100x8000000000000000712684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5126e61bad96a12023-02-07 15:18:37.097root 11241100x8000000000000000712683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d405f8a22a907f602023-02-07 15:18:37.097root 11241100x8000000000000000712682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae869ea711517c4c2023-02-07 15:18:37.097root 11241100x8000000000000000712681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b7b8e3d54646db2023-02-07 15:18:37.097root 11241100x8000000000000000712680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a45bad575837a32023-02-07 15:18:37.097root 11241100x8000000000000000712679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eef5c5bbbbaa4f2023-02-07 15:18:37.097root 11241100x8000000000000000712678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849ad01da8c645042023-02-07 15:18:37.097root 11241100x8000000000000000712677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3108e77266db98502023-02-07 15:18:37.097root 11241100x8000000000000000712690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9621dff41ba1a07f2023-02-07 15:18:37.098root 11241100x8000000000000000712689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb609eb9636550d52023-02-07 15:18:37.098root 11241100x8000000000000000712688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf5d4b8d4086f4a2023-02-07 15:18:37.098root 11241100x8000000000000000712687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa574c77874fb40f2023-02-07 15:18:37.098root 11241100x8000000000000000712694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106ebffd761e75652023-02-07 15:18:37.595root 11241100x8000000000000000712693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75060e5b3cf2c5c02023-02-07 15:18:37.595root 11241100x8000000000000000712692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3024dc140fbcbe2023-02-07 15:18:37.595root 11241100x8000000000000000712691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cea8426e33e8452023-02-07 15:18:37.595root 11241100x8000000000000000712701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c552809037fde302023-02-07 15:18:37.596root 11241100x8000000000000000712700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb21e4675c17be5a2023-02-07 15:18:37.596root 11241100x8000000000000000712699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e54768bc6080ad2023-02-07 15:18:37.596root 11241100x8000000000000000712698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78e5d597f746e942023-02-07 15:18:37.596root 11241100x8000000000000000712697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4594feb33bce832023-02-07 15:18:37.596root 11241100x8000000000000000712696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f00e11abcc514e2023-02-07 15:18:37.596root 11241100x8000000000000000712695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218c1f9ececfdb7a2023-02-07 15:18:37.596root 11241100x8000000000000000712709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacfaea5202055242023-02-07 15:18:37.597root 11241100x8000000000000000712708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65671d1c468a365b2023-02-07 15:18:37.597root 11241100x8000000000000000712707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b1f022a531cc892023-02-07 15:18:37.597root 11241100x8000000000000000712706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46255179176a10e92023-02-07 15:18:37.597root 11241100x8000000000000000712705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eae895a44422a42023-02-07 15:18:37.597root 11241100x8000000000000000712704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3de1252458096542023-02-07 15:18:37.597root 11241100x8000000000000000712703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf388d4ad8731b462023-02-07 15:18:37.597root 11241100x8000000000000000712702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bc2ab7e021297f2023-02-07 15:18:37.597root 11241100x8000000000000000712716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371826d4b0ddef062023-02-07 15:18:37.598root 11241100x8000000000000000712715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e805993cdf89fc72023-02-07 15:18:37.598root 11241100x8000000000000000712714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e01e4ae830ff1c2023-02-07 15:18:37.598root 11241100x8000000000000000712713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f894af2605caa6492023-02-07 15:18:37.598root 11241100x8000000000000000712712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e97eeb2779d0972023-02-07 15:18:37.598root 11241100x8000000000000000712711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd6c3421fd745872023-02-07 15:18:37.598root 11241100x8000000000000000712710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d84cb2acd370d5a2023-02-07 15:18:37.598root 11241100x8000000000000000712723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055723daddd30dc32023-02-07 15:18:37.599root 11241100x8000000000000000712722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7444e9f053f62b4d2023-02-07 15:18:37.599root 11241100x8000000000000000712721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0c481b9ddde3122023-02-07 15:18:37.599root 11241100x8000000000000000712720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1741f7e00f2c7c2023-02-07 15:18:37.599root 11241100x8000000000000000712719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc8a8cf64e4d7c2023-02-07 15:18:37.599root 11241100x8000000000000000712718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c9916a9cf219612023-02-07 15:18:37.599root 11241100x8000000000000000712717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acb2f0917ef987c2023-02-07 15:18:37.599root 11241100x8000000000000000712724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c58c3fc428dbb3b2023-02-07 15:18:38.095root 11241100x8000000000000000712737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716ac4f710ac67532023-02-07 15:18:38.096root 11241100x8000000000000000712736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dd507c59417a2b2023-02-07 15:18:38.096root 11241100x8000000000000000712735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b7bf0d90f072f2023-02-07 15:18:38.096root 11241100x8000000000000000712734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3936693b77a208622023-02-07 15:18:38.096root 11241100x8000000000000000712733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295afa6046c5f1912023-02-07 15:18:38.096root 11241100x8000000000000000712732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20d22b55f7f381f2023-02-07 15:18:38.096root 11241100x8000000000000000712731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7c5a52cc2b0fe92023-02-07 15:18:38.096root 11241100x8000000000000000712730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09b9ba76e45f8b42023-02-07 15:18:38.096root 11241100x8000000000000000712729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf937aae574b0922023-02-07 15:18:38.096root 11241100x8000000000000000712728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c264fd387ca3802023-02-07 15:18:38.096root 11241100x8000000000000000712727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1789ac598bcb54d82023-02-07 15:18:38.096root 11241100x8000000000000000712726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c65e9d97587948e2023-02-07 15:18:38.096root 11241100x8000000000000000712725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27477c325d439d02023-02-07 15:18:38.096root 11241100x8000000000000000712746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3890106bb8e2082023-02-07 15:18:38.097root 11241100x8000000000000000712745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634a55dff6a937532023-02-07 15:18:38.097root 11241100x8000000000000000712744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc61a0e38296eb52023-02-07 15:18:38.097root 11241100x8000000000000000712743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6bc5375115bf912023-02-07 15:18:38.097root 11241100x8000000000000000712742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d8dd2ed157fdc12023-02-07 15:18:38.097root 11241100x8000000000000000712741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbba89dd64150462023-02-07 15:18:38.097root 11241100x8000000000000000712740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75927f21355a1232023-02-07 15:18:38.097root 11241100x8000000000000000712739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b3cb8e37cfe66e2023-02-07 15:18:38.097root 11241100x8000000000000000712738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18a67ca90c1fe5a2023-02-07 15:18:38.097root 11241100x8000000000000000712753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc75f1cb6c1f0df2023-02-07 15:18:38.595root 11241100x8000000000000000712752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324c8049de2518232023-02-07 15:18:38.595root 11241100x8000000000000000712751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dcdfa8ce8b44992023-02-07 15:18:38.595root 11241100x8000000000000000712750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cfe1d7ceaca42a2023-02-07 15:18:38.595root 11241100x8000000000000000712749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2221dfd9ad09bb742023-02-07 15:18:38.595root 11241100x8000000000000000712748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f41dbe6d40277762023-02-07 15:18:38.595root 11241100x8000000000000000712747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0df95dd748ddbf2023-02-07 15:18:38.595root 11241100x8000000000000000712764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71f3be257bfca52023-02-07 15:18:38.596root 11241100x8000000000000000712763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c668d0b04f48292023-02-07 15:18:38.596root 11241100x8000000000000000712762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b1a11c0e9646fe2023-02-07 15:18:38.596root 11241100x8000000000000000712761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c10712baf0d0cfb2023-02-07 15:18:38.596root 11241100x8000000000000000712760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e95e32635b163d12023-02-07 15:18:38.596root 11241100x8000000000000000712759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5eae72b80a0c38b2023-02-07 15:18:38.596root 11241100x8000000000000000712758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8241e7b0d433a72023-02-07 15:18:38.596root 11241100x8000000000000000712757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1891485a238a012023-02-07 15:18:38.596root 11241100x8000000000000000712756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c2e5111ce9abb2023-02-07 15:18:38.596root 11241100x8000000000000000712755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a18f236737c541c2023-02-07 15:18:38.596root 11241100x8000000000000000712754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8439edc926f1021b2023-02-07 15:18:38.596root 11241100x8000000000000000712773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e585e16abcfab92023-02-07 15:18:38.597root 11241100x8000000000000000712772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cc30db58f4c35d2023-02-07 15:18:38.597root 11241100x8000000000000000712771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18129202e7a8bf702023-02-07 15:18:38.597root 11241100x8000000000000000712770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87867d817a11f222023-02-07 15:18:38.597root 11241100x8000000000000000712769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aca68507bfac1e92023-02-07 15:18:38.597root 11241100x8000000000000000712768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ba8bae980695fa2023-02-07 15:18:38.597root 11241100x8000000000000000712767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aaca38f8edf24d2023-02-07 15:18:38.597root 11241100x8000000000000000712766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83b3ef972d664682023-02-07 15:18:38.597root 11241100x8000000000000000712765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6470691ffb32e3b32023-02-07 15:18:38.597root 11241100x8000000000000000712776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ea4d3103103d392023-02-07 15:18:39.095root 11241100x8000000000000000712775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894fd58e2d1973952023-02-07 15:18:39.095root 11241100x8000000000000000712774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8bf53835ea48ac2023-02-07 15:18:39.095root 11241100x8000000000000000712779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f6390f0c23e7692023-02-07 15:18:39.096root 11241100x8000000000000000712778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a7782092f5aff92023-02-07 15:18:39.096root 11241100x8000000000000000712777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f5f5e64df5910a2023-02-07 15:18:39.096root 11241100x8000000000000000712783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6d0add7e33c31d2023-02-07 15:18:39.097root 11241100x8000000000000000712782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75491b58ad3994642023-02-07 15:18:39.097root 11241100x8000000000000000712781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f00bafb7c593bc72023-02-07 15:18:39.097root 11241100x8000000000000000712780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8aaad1d083b90f2023-02-07 15:18:39.097root 11241100x8000000000000000712788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f742a3bf15be30f62023-02-07 15:18:39.098root 11241100x8000000000000000712787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14aedc0e6f57400a2023-02-07 15:18:39.098root 11241100x8000000000000000712786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a9ade7b76aa6b22023-02-07 15:18:39.098root 11241100x8000000000000000712785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0052d3ce143bdad2023-02-07 15:18:39.098root 11241100x8000000000000000712784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d7c8a78c66c882023-02-07 15:18:39.098root 11241100x8000000000000000712792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f3f58fde17c0ac2023-02-07 15:18:39.099root 11241100x8000000000000000712791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be582ceb3e05c0be2023-02-07 15:18:39.099root 11241100x8000000000000000712790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d005210c61dfec72023-02-07 15:18:39.099root 11241100x8000000000000000712789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52101a6b746529d72023-02-07 15:18:39.099root 11241100x8000000000000000712795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb8f5d7c7bded5b2023-02-07 15:18:39.100root 11241100x8000000000000000712794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915436f2e2b0e2022023-02-07 15:18:39.100root 11241100x8000000000000000712793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e28220767fdc762023-02-07 15:18:39.100root 11241100x8000000000000000712799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b505183c1ce6f8b2023-02-07 15:18:39.101root 11241100x8000000000000000712798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb22a7d1f3c3a2e02023-02-07 15:18:39.101root 11241100x8000000000000000712797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f76e2cce4d0abc92023-02-07 15:18:39.101root 11241100x8000000000000000712796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4736e20430d51c872023-02-07 15:18:39.101root 11241100x8000000000000000712802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bf9a4f9a64c4ab2023-02-07 15:18:39.102root 11241100x8000000000000000712801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddd249ae87fd2322023-02-07 15:18:39.102root 11241100x8000000000000000712800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56673d754234d5de2023-02-07 15:18:39.102root 354300x8000000000000000712803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.254{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51720-false10.0.1.12-8000- 11241100x8000000000000000712806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294fd321407c55eb2023-02-07 15:18:39.595root 11241100x8000000000000000712805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c29f1d0f604d5b2023-02-07 15:18:39.595root 11241100x8000000000000000712804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2239d9322122972023-02-07 15:18:39.595root 11241100x8000000000000000712809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a484587fb465732023-02-07 15:18:39.596root 11241100x8000000000000000712808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e8aad5bb9b0032023-02-07 15:18:39.596root 11241100x8000000000000000712807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c9aca266979ebe2023-02-07 15:18:39.596root 11241100x8000000000000000712813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46608232c7fc0af22023-02-07 15:18:39.597root 11241100x8000000000000000712812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ebf2d2766aca622023-02-07 15:18:39.597root 11241100x8000000000000000712811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fda7897af98ff5d2023-02-07 15:18:39.597root 11241100x8000000000000000712810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f865292039a87892023-02-07 15:18:39.597root 11241100x8000000000000000712815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2aa9e46d63bb492023-02-07 15:18:39.598root 11241100x8000000000000000712814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4585684ccb8184a02023-02-07 15:18:39.598root 11241100x8000000000000000712818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd1bcbb5afd7d6c2023-02-07 15:18:39.599root 11241100x8000000000000000712817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b1f054784ad5e12023-02-07 15:18:39.599root 11241100x8000000000000000712816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afd497d16926ae22023-02-07 15:18:39.599root 11241100x8000000000000000712822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fe252080bcb5182023-02-07 15:18:39.600root 11241100x8000000000000000712821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2035704fd715512023-02-07 15:18:39.600root 11241100x8000000000000000712820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c585db06d87ec13f2023-02-07 15:18:39.600root 11241100x8000000000000000712819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240d095095b7b6072023-02-07 15:18:39.600root 11241100x8000000000000000712824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92efa05ffaad491d2023-02-07 15:18:39.601root 11241100x8000000000000000712823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0132167c2af062492023-02-07 15:18:39.601root 11241100x8000000000000000712827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4b3373a84cf74a2023-02-07 15:18:39.602root 11241100x8000000000000000712826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0ef48cd58cce962023-02-07 15:18:39.602root 11241100x8000000000000000712825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed18c8a2086a302023-02-07 15:18:39.602root 11241100x8000000000000000712828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:39.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dc87b8ec77543c2023-02-07 15:18:39.603root 11241100x8000000000000000712830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728a2da8d79b113e2023-02-07 15:18:40.095root 11241100x8000000000000000712829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4acdf03d3ce2ad2023-02-07 15:18:40.095root 11241100x8000000000000000712832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9196789297352392023-02-07 15:18:40.096root 11241100x8000000000000000712831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544a50b3f79dbb592023-02-07 15:18:40.096root 11241100x8000000000000000712836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4730b6feb9fc2f892023-02-07 15:18:40.097root 11241100x8000000000000000712835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfb0b433c6ab4232023-02-07 15:18:40.097root 11241100x8000000000000000712834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513940d3496f6d882023-02-07 15:18:40.097root 11241100x8000000000000000712833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da76e406157cf762023-02-07 15:18:40.097root 11241100x8000000000000000712840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a9140a853c67de2023-02-07 15:18:40.098root 11241100x8000000000000000712839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce4829460f42b802023-02-07 15:18:40.098root 11241100x8000000000000000712838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305f7495b080df1b2023-02-07 15:18:40.098root 11241100x8000000000000000712837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668b2af6ba41d422023-02-07 15:18:40.098root 11241100x8000000000000000712841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1b0606ec06ff952023-02-07 15:18:40.099root 11241100x8000000000000000712845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33cc116fe21c05e2023-02-07 15:18:40.101root 11241100x8000000000000000712844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fc933e927f13ca2023-02-07 15:18:40.101root 11241100x8000000000000000712843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7fda247df6cd6a2023-02-07 15:18:40.101root 11241100x8000000000000000712842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d113845309cd6dc2023-02-07 15:18:40.101root 11241100x8000000000000000712848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a990a816ec072642023-02-07 15:18:40.103root 11241100x8000000000000000712847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e2b3570ee393b72023-02-07 15:18:40.103root 11241100x8000000000000000712846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc823fc209487e852023-02-07 15:18:40.103root 11241100x8000000000000000712850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5a7617b24f9632023-02-07 15:18:40.104root 11241100x8000000000000000712849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62c8f0242c288502023-02-07 15:18:40.104root 11241100x8000000000000000712853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a64d5c7a10bec472023-02-07 15:18:40.105root 11241100x8000000000000000712852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff52c02ad1f2ec62023-02-07 15:18:40.105root 11241100x8000000000000000712851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e63f244c92e9a1b2023-02-07 15:18:40.105root 11241100x8000000000000000712855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5037a6ebcfc5a42023-02-07 15:18:40.595root 11241100x8000000000000000712854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bedc2b0977ca9482023-02-07 15:18:40.595root 11241100x8000000000000000712858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7550386e845762023-02-07 15:18:40.596root 11241100x8000000000000000712857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed13f567dc01fc432023-02-07 15:18:40.596root 11241100x8000000000000000712856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e1ecfb5f16980e2023-02-07 15:18:40.596root 11241100x8000000000000000712863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1951062633d6100a2023-02-07 15:18:40.597root 11241100x8000000000000000712862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a9dee2bbe918942023-02-07 15:18:40.597root 11241100x8000000000000000712861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52005f352612e352023-02-07 15:18:40.597root 11241100x8000000000000000712860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28879c2e11475acf2023-02-07 15:18:40.597root 11241100x8000000000000000712859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83c593b92c9517b2023-02-07 15:18:40.597root 11241100x8000000000000000712867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35294df4603c93b62023-02-07 15:18:40.598root 11241100x8000000000000000712866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13eca5f27b6eb67f2023-02-07 15:18:40.598root 11241100x8000000000000000712865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb7e01c15fa1f1a2023-02-07 15:18:40.598root 11241100x8000000000000000712864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afbb28fd880df032023-02-07 15:18:40.598root 11241100x8000000000000000712870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f765a8ef8304db2023-02-07 15:18:40.599root 11241100x8000000000000000712869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8305d16ed150402023-02-07 15:18:40.599root 11241100x8000000000000000712868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0d657d8c748a522023-02-07 15:18:40.599root 11241100x8000000000000000712877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1224fc31db13f1092023-02-07 15:18:40.600root 11241100x8000000000000000712876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041bc43a2e33d2792023-02-07 15:18:40.600root 11241100x8000000000000000712875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6459c7f620e7d32023-02-07 15:18:40.600root 11241100x8000000000000000712874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aff0b95293beba2023-02-07 15:18:40.600root 11241100x8000000000000000712873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18df96ec9e043072023-02-07 15:18:40.600root 11241100x8000000000000000712872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c50b2888d0dabb2023-02-07 15:18:40.600root 11241100x8000000000000000712871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9c78ac3e1b63fc2023-02-07 15:18:40.600root 11241100x8000000000000000712879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d7ac0b77050ccf2023-02-07 15:18:40.601root 11241100x8000000000000000712878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:40.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94699f0e1fb2a9fb2023-02-07 15:18:40.601root 11241100x8000000000000000712882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87710b0b3589b6a2023-02-07 15:18:41.095root 11241100x8000000000000000712881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d59fe0acd67d232023-02-07 15:18:41.095root 11241100x8000000000000000712880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e95dd70139a6122023-02-07 15:18:41.095root 11241100x8000000000000000712884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0011d2e2b05d0c2023-02-07 15:18:41.096root 11241100x8000000000000000712883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a080327f33298de2023-02-07 15:18:41.096root 11241100x8000000000000000712889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b33f5648ad8a9b2023-02-07 15:18:41.097root 11241100x8000000000000000712888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba8b52dd63030c12023-02-07 15:18:41.097root 11241100x8000000000000000712887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68171cd1041ca7632023-02-07 15:18:41.097root 11241100x8000000000000000712886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23985a87a8aa6c1f2023-02-07 15:18:41.097root 11241100x8000000000000000712885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b1bf86fad938af2023-02-07 15:18:41.097root 11241100x8000000000000000712895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87e566dd76e73fd2023-02-07 15:18:41.098root 11241100x8000000000000000712894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfb0e7478c956172023-02-07 15:18:41.098root 11241100x8000000000000000712893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fb5d87216e304e2023-02-07 15:18:41.098root 11241100x8000000000000000712892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716a39dfc1cd1c592023-02-07 15:18:41.098root 11241100x8000000000000000712891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10309e9b8a47eff52023-02-07 15:18:41.098root 11241100x8000000000000000712890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a1c283f62a43c2023-02-07 15:18:41.098root 11241100x8000000000000000712901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09ef89e2d14fa8f2023-02-07 15:18:41.099root 11241100x8000000000000000712900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0716202d42788b2023-02-07 15:18:41.099root 11241100x8000000000000000712899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b024ee3a520f6f2d2023-02-07 15:18:41.099root 11241100x8000000000000000712898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a10f1493d3534f2023-02-07 15:18:41.099root 11241100x8000000000000000712897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a7a926f2105bf2023-02-07 15:18:41.099root 11241100x8000000000000000712896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914c585a8911fae22023-02-07 15:18:41.099root 11241100x8000000000000000712904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3322bce86e3e542f2023-02-07 15:18:41.100root 11241100x8000000000000000712903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2daea5481c8c462023-02-07 15:18:41.100root 11241100x8000000000000000712902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ee9b092bdb5a92023-02-07 15:18:41.100root 11241100x8000000000000000712906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bc360744dbc5cf2023-02-07 15:18:41.595root 11241100x8000000000000000712905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8c2f5404b776422023-02-07 15:18:41.595root 11241100x8000000000000000712908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fe97d08c21a38b2023-02-07 15:18:41.596root 11241100x8000000000000000712907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00ad5891d0800f62023-02-07 15:18:41.596root 11241100x8000000000000000712913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3964888ee4b613b32023-02-07 15:18:41.597root 11241100x8000000000000000712912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb382bced9e9192023-02-07 15:18:41.597root 11241100x8000000000000000712911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a626fb9a8d636c2023-02-07 15:18:41.597root 11241100x8000000000000000712910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7e10909639d53f2023-02-07 15:18:41.597root 11241100x8000000000000000712909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcbb4d041258a7e2023-02-07 15:18:41.597root 11241100x8000000000000000712919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374071a60b766aa52023-02-07 15:18:41.598root 11241100x8000000000000000712918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26abf3c94c05c98a2023-02-07 15:18:41.598root 11241100x8000000000000000712917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c8a26e986cac522023-02-07 15:18:41.598root 11241100x8000000000000000712916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd916f535c3268c2023-02-07 15:18:41.598root 11241100x8000000000000000712915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b3e933a0c3e2a2023-02-07 15:18:41.598root 11241100x8000000000000000712914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c56ea752949dc32023-02-07 15:18:41.598root 11241100x8000000000000000712925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c0acf78189fb722023-02-07 15:18:41.599root 11241100x8000000000000000712924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d89f67ce58d1a842023-02-07 15:18:41.599root 11241100x8000000000000000712923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d047ec85c2f958512023-02-07 15:18:41.599root 11241100x8000000000000000712922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498fb9e22c0e619d2023-02-07 15:18:41.599root 11241100x8000000000000000712921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba13fc14c785bc592023-02-07 15:18:41.599root 11241100x8000000000000000712920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9389905ed7717c872023-02-07 15:18:41.599root 11241100x8000000000000000712930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbeec05bb17136a2023-02-07 15:18:41.600root 11241100x8000000000000000712929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83497d56a378007d2023-02-07 15:18:41.600root 11241100x8000000000000000712928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c011fe647ac81a872023-02-07 15:18:41.600root 11241100x8000000000000000712927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11be18d23bf3b0642023-02-07 15:18:41.600root 11241100x8000000000000000712926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:41.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1d64ed88d948bc2023-02-07 15:18:41.600root 11241100x8000000000000000712932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0adf67af929db42023-02-07 15:18:42.095root 11241100x8000000000000000712931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115053b3c6ad51562023-02-07 15:18:42.095root 11241100x8000000000000000712935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a90892c4d51a9d2023-02-07 15:18:42.096root 11241100x8000000000000000712934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d38ee4e62295fd2023-02-07 15:18:42.096root 11241100x8000000000000000712933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1bbf57975a041c2023-02-07 15:18:42.096root 11241100x8000000000000000712948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220e267081ec60292023-02-07 15:18:42.097root 11241100x8000000000000000712947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3300b6a90976ec2023-02-07 15:18:42.097root 11241100x8000000000000000712946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcda0f70aba0165d2023-02-07 15:18:42.097root 11241100x8000000000000000712945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114fef8154f519542023-02-07 15:18:42.097root 11241100x8000000000000000712944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cd6406ca67de302023-02-07 15:18:42.097root 11241100x8000000000000000712943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096bd4ab823543bd2023-02-07 15:18:42.097root 11241100x8000000000000000712942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffa55ffe38df0cc2023-02-07 15:18:42.097root 11241100x8000000000000000712941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ed7d7d0711dda72023-02-07 15:18:42.097root 11241100x8000000000000000712940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9433412000ad6ea92023-02-07 15:18:42.097root 11241100x8000000000000000712939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d6c4f11554bfef2023-02-07 15:18:42.097root 11241100x8000000000000000712938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a2d528f8f264b92023-02-07 15:18:42.097root 11241100x8000000000000000712937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863921da9fa8f6132023-02-07 15:18:42.097root 11241100x8000000000000000712936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb028561f88e0d9e2023-02-07 15:18:42.097root 11241100x8000000000000000712956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e19473786089fdb2023-02-07 15:18:42.098root 11241100x8000000000000000712955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beac3654c0d32d8a2023-02-07 15:18:42.098root 11241100x8000000000000000712954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8413e021732e966d2023-02-07 15:18:42.098root 11241100x8000000000000000712953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2c49e006cb30722023-02-07 15:18:42.098root 11241100x8000000000000000712952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a304f1745de374c2023-02-07 15:18:42.098root 11241100x8000000000000000712951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9b33fd2fcc38072023-02-07 15:18:42.098root 11241100x8000000000000000712950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef9741cefe2d7232023-02-07 15:18:42.098root 11241100x8000000000000000712949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0bf9669a8f6a6f2023-02-07 15:18:42.098root 11241100x8000000000000000712961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7552bc029b0e8d2023-02-07 15:18:42.595root 11241100x8000000000000000712960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5592b134a0d589d2023-02-07 15:18:42.595root 11241100x8000000000000000712959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee634c4cd0c74ddc2023-02-07 15:18:42.595root 11241100x8000000000000000712958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf05e54276586832023-02-07 15:18:42.595root 11241100x8000000000000000712957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328fa0e73a7753e72023-02-07 15:18:42.595root 11241100x8000000000000000712965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d56793578dd60252023-02-07 15:18:42.596root 11241100x8000000000000000712964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334f20bbf9b4d8672023-02-07 15:18:42.596root 11241100x8000000000000000712963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b7d7bf7e062bdf2023-02-07 15:18:42.596root 11241100x8000000000000000712962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6753918a92fb6ec42023-02-07 15:18:42.596root 11241100x8000000000000000712969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e74964aadef01212023-02-07 15:18:42.597root 11241100x8000000000000000712968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ba0fd5866c02922023-02-07 15:18:42.597root 11241100x8000000000000000712967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838ab505b07883c52023-02-07 15:18:42.597root 11241100x8000000000000000712966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb99fe01b50a71e2023-02-07 15:18:42.597root 11241100x8000000000000000712980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632c587ac4b507c22023-02-07 15:18:42.598root 11241100x8000000000000000712979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ff83a34df1118c2023-02-07 15:18:42.598root 11241100x8000000000000000712978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92f9605c16210432023-02-07 15:18:42.598root 11241100x8000000000000000712977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0787c372018c3f2023-02-07 15:18:42.598root 11241100x8000000000000000712976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dcc1d4d34765f42023-02-07 15:18:42.598root 11241100x8000000000000000712975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadd9514a26f83bd2023-02-07 15:18:42.598root 11241100x8000000000000000712974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a433677c11b87ad22023-02-07 15:18:42.598root 11241100x8000000000000000712973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554a86602fe0e5f2023-02-07 15:18:42.598root 11241100x8000000000000000712972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54bfe5c43c9e022023-02-07 15:18:42.598root 11241100x8000000000000000712971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcdea2fe64bf30f2023-02-07 15:18:42.598root 11241100x8000000000000000712970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d239587c566f8d0a2023-02-07 15:18:42.598root 11241100x8000000000000000712983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660ca046a170280f2023-02-07 15:18:42.599root 11241100x8000000000000000712982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85b1bebc5be9e982023-02-07 15:18:42.599root 11241100x8000000000000000712981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:42.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc42b1f9cf5b0182023-02-07 15:18:42.599root 11241100x8000000000000000712989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d914f8f1891b422023-02-07 15:18:43.095root 11241100x8000000000000000712988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59455df30be504a2023-02-07 15:18:43.095root 11241100x8000000000000000712987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2983a3f272d09bf2023-02-07 15:18:43.095root 11241100x8000000000000000712986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37082b730bf877ba2023-02-07 15:18:43.095root 11241100x8000000000000000712985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c741da47483ed12023-02-07 15:18:43.095root 11241100x8000000000000000712984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523e501a76e1a6572023-02-07 15:18:43.095root 11241100x8000000000000000712997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4a4fb28a0965b62023-02-07 15:18:43.096root 11241100x8000000000000000712996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c15078aa995f8f2023-02-07 15:18:43.096root 11241100x8000000000000000712995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba344b9548de44922023-02-07 15:18:43.096root 11241100x8000000000000000712994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcaed29e36393a72023-02-07 15:18:43.096root 11241100x8000000000000000712993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd0df1bd96d1aa62023-02-07 15:18:43.096root 11241100x8000000000000000712992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466cc6d55324c67f2023-02-07 15:18:43.096root 11241100x8000000000000000712991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38b25413737f882023-02-07 15:18:43.096root 11241100x8000000000000000712990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640dcf70864711b72023-02-07 15:18:43.096root 11241100x8000000000000000713004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eb086ecbaa51aa2023-02-07 15:18:43.097root 11241100x8000000000000000713003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a18525dfbe1c5e2023-02-07 15:18:43.097root 11241100x8000000000000000713002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69a447f947ab20f2023-02-07 15:18:43.097root 11241100x8000000000000000713001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28b083a7c8c28652023-02-07 15:18:43.097root 11241100x8000000000000000713000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f336b815ab41682023-02-07 15:18:43.097root 11241100x8000000000000000712999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83834340c72662fd2023-02-07 15:18:43.097root 11241100x8000000000000000712998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d95c31e02a500d82023-02-07 15:18:43.097root 11241100x8000000000000000713008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245750e7699a010b2023-02-07 15:18:43.098root 11241100x8000000000000000713007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efe3cf6a508ebaf2023-02-07 15:18:43.098root 11241100x8000000000000000713006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74c4206ae276b962023-02-07 15:18:43.098root 11241100x8000000000000000713005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db013271f4c76592023-02-07 15:18:43.098root 11241100x8000000000000000713009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90db0f8522a83e42023-02-07 15:18:43.099root 11241100x8000000000000000713013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e587633ec789f702023-02-07 15:18:43.595root 11241100x8000000000000000713012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84d046dc4db6e782023-02-07 15:18:43.595root 11241100x8000000000000000713011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c446ea64a3aedd12023-02-07 15:18:43.595root 11241100x8000000000000000713010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bd295c913231ea2023-02-07 15:18:43.595root 11241100x8000000000000000713019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238e3e6ab4fbe7bd2023-02-07 15:18:43.596root 11241100x8000000000000000713018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39b48edc7b78ce2023-02-07 15:18:43.596root 11241100x8000000000000000713017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65320e34423214302023-02-07 15:18:43.596root 11241100x8000000000000000713016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c4faa74733ba6c2023-02-07 15:18:43.596root 11241100x8000000000000000713015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0169a65d2547328c2023-02-07 15:18:43.596root 11241100x8000000000000000713014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5ad4a135bc78ea2023-02-07 15:18:43.596root 11241100x8000000000000000713026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379703590e4431132023-02-07 15:18:43.597root 11241100x8000000000000000713025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7035ba50dbac2a2023-02-07 15:18:43.597root 11241100x8000000000000000713024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6514f83302c13342023-02-07 15:18:43.597root 11241100x8000000000000000713023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2297589c21ecd85a2023-02-07 15:18:43.597root 11241100x8000000000000000713022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9d5e2180e5e10a2023-02-07 15:18:43.597root 11241100x8000000000000000713021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c162e9864d065112023-02-07 15:18:43.597root 11241100x8000000000000000713020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dabe1b5d218b5382023-02-07 15:18:43.597root 11241100x8000000000000000713033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6826305f1798e22023-02-07 15:18:43.598root 11241100x8000000000000000713032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1304e80994143f2023-02-07 15:18:43.598root 11241100x8000000000000000713031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dae8057128b6892023-02-07 15:18:43.598root 11241100x8000000000000000713030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7580dacd40b178702023-02-07 15:18:43.598root 11241100x8000000000000000713029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebdf2f17c1e71eb2023-02-07 15:18:43.598root 11241100x8000000000000000713028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cded64eb6b1f2faa2023-02-07 15:18:43.598root 11241100x8000000000000000713027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8663b5dde0708aef2023-02-07 15:18:43.598root 11241100x8000000000000000713034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:43.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d24b1c4bac76c3c2023-02-07 15:18:43.602root 11241100x8000000000000000713038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f25a7e03260cc9b2023-02-07 15:18:44.095root 11241100x8000000000000000713037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589fe33b78ef979f2023-02-07 15:18:44.095root 11241100x8000000000000000713036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9325b0bbc0d081732023-02-07 15:18:44.095root 11241100x8000000000000000713035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f2c6dd02ff6cfd2023-02-07 15:18:44.095root 11241100x8000000000000000713044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b7f4465d5511eb2023-02-07 15:18:44.096root 11241100x8000000000000000713043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15eb5581dc52c08a2023-02-07 15:18:44.096root 11241100x8000000000000000713042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867da99be8fff2212023-02-07 15:18:44.096root 11241100x8000000000000000713041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb693b3d240d2a792023-02-07 15:18:44.096root 11241100x8000000000000000713040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f28d4145eae5342023-02-07 15:18:44.096root 11241100x8000000000000000713039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1da3c767bbe029c2023-02-07 15:18:44.096root 11241100x8000000000000000713051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821d41d21bfffb432023-02-07 15:18:44.097root 11241100x8000000000000000713050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aadbf4c0e1af7d2023-02-07 15:18:44.097root 11241100x8000000000000000713049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aed76a044358c02023-02-07 15:18:44.097root 11241100x8000000000000000713048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dc59fc614261322023-02-07 15:18:44.097root 11241100x8000000000000000713047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2937e01c4e7c2be22023-02-07 15:18:44.097root 11241100x8000000000000000713046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe3f85f6f5432212023-02-07 15:18:44.097root 11241100x8000000000000000713045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33af46cb8d4285dd2023-02-07 15:18:44.097root 11241100x8000000000000000713056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215291057778cc492023-02-07 15:18:44.098root 11241100x8000000000000000713055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13181830e6d874682023-02-07 15:18:44.098root 11241100x8000000000000000713054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3ba53fe51a27f92023-02-07 15:18:44.098root 11241100x8000000000000000713053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1767b8e7a3159c2023-02-07 15:18:44.098root 11241100x8000000000000000713052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832085d2ff0d7b222023-02-07 15:18:44.098root 11241100x8000000000000000713060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc39014d1ac6fb0d2023-02-07 15:18:44.099root 11241100x8000000000000000713059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22cc0fd6cbca9ce2023-02-07 15:18:44.099root 11241100x8000000000000000713058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa901375b173e6c2023-02-07 15:18:44.099root 11241100x8000000000000000713057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dff1888fd26a4692023-02-07 15:18:44.099root 11241100x8000000000000000713062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425b9d83e38e9d172023-02-07 15:18:44.595root 11241100x8000000000000000713061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8344f44ccc7782572023-02-07 15:18:44.595root 11241100x8000000000000000713066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d42a28a6816ac7a2023-02-07 15:18:44.596root 11241100x8000000000000000713065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e175d39a06ef7742023-02-07 15:18:44.596root 11241100x8000000000000000713064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07019ca50dd3ae792023-02-07 15:18:44.596root 11241100x8000000000000000713063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb1bc9fd6c1f6e02023-02-07 15:18:44.596root 11241100x8000000000000000713072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0524fa246d2f3c422023-02-07 15:18:44.597root 11241100x8000000000000000713071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2813321aab41b3cb2023-02-07 15:18:44.597root 11241100x8000000000000000713070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c58ce464a0e8d832023-02-07 15:18:44.597root 11241100x8000000000000000713069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f06871e00829152023-02-07 15:18:44.597root 11241100x8000000000000000713068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5615027256f450772023-02-07 15:18:44.597root 11241100x8000000000000000713067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f373a57d71d6012023-02-07 15:18:44.597root 11241100x8000000000000000713076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaa21f59c2e4f802023-02-07 15:18:44.598root 11241100x8000000000000000713075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc5d4164139d0162023-02-07 15:18:44.598root 11241100x8000000000000000713074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107a9b22299228e12023-02-07 15:18:44.598root 11241100x8000000000000000713073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142662a9212338622023-02-07 15:18:44.598root 11241100x8000000000000000713081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaf3f21e433e7ec2023-02-07 15:18:44.599root 11241100x8000000000000000713080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1858333c94ca522023-02-07 15:18:44.599root 11241100x8000000000000000713079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dae0cc30ad6fc3f2023-02-07 15:18:44.599root 11241100x8000000000000000713078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e351b2c39a41c7922023-02-07 15:18:44.599root 11241100x8000000000000000713077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1ce1995e8e3b782023-02-07 15:18:44.599root 11241100x8000000000000000713086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fc5caade5bb2582023-02-07 15:18:44.600root 11241100x8000000000000000713085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6658d621f5fbb9db2023-02-07 15:18:44.600root 11241100x8000000000000000713084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b901c7a34569b4922023-02-07 15:18:44.600root 11241100x8000000000000000713083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53864fcc7ea01852023-02-07 15:18:44.600root 11241100x8000000000000000713082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:44.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639b1c6807230bf82023-02-07 15:18:44.600root 11241100x8000000000000000713088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f29b2c8958646a02023-02-07 15:18:45.095root 11241100x8000000000000000713087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d286174f0edb529e2023-02-07 15:18:45.095root 11241100x8000000000000000713098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbf1952530ba9c62023-02-07 15:18:45.096root 11241100x8000000000000000713097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e60dc8e18f41ec2023-02-07 15:18:45.096root 11241100x8000000000000000713096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60075c65a3723cfc2023-02-07 15:18:45.096root 11241100x8000000000000000713095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78832626a672b5092023-02-07 15:18:45.096root 11241100x8000000000000000713094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63bc5f52572b3d22023-02-07 15:18:45.096root 11241100x8000000000000000713093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff3e3d332faec9a2023-02-07 15:18:45.096root 11241100x8000000000000000713092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d1ad52776335882023-02-07 15:18:45.096root 11241100x8000000000000000713091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a440cfbfab23022023-02-07 15:18:45.096root 11241100x8000000000000000713090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f993fc23bd38ac2023-02-07 15:18:45.096root 11241100x8000000000000000713089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc8d9c8dbccf8342023-02-07 15:18:45.096root 11241100x8000000000000000713112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823dfae0b58c94432023-02-07 15:18:45.097root 11241100x8000000000000000713111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b31a249cda090582023-02-07 15:18:45.097root 11241100x8000000000000000713110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e4d40afa376aa32023-02-07 15:18:45.097root 11241100x8000000000000000713109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8c72006c77f46f2023-02-07 15:18:45.097root 11241100x8000000000000000713108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdbc1e1de101b702023-02-07 15:18:45.097root 11241100x8000000000000000713107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f64f6110d1b44a52023-02-07 15:18:45.097root 11241100x8000000000000000713106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db28075e180782b22023-02-07 15:18:45.097root 11241100x8000000000000000713105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31344ce4ba117be62023-02-07 15:18:45.097root 11241100x8000000000000000713104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586965cde7451b3e2023-02-07 15:18:45.097root 11241100x8000000000000000713103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53b25dbdb6613e12023-02-07 15:18:45.097root 11241100x8000000000000000713102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c3c61db0f6c5732023-02-07 15:18:45.097root 11241100x8000000000000000713101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843385d0687670ba2023-02-07 15:18:45.097root 11241100x8000000000000000713100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bbef292f6f1aa82023-02-07 15:18:45.097root 11241100x8000000000000000713099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b93c5d5a2ecced2023-02-07 15:18:45.097root 354300x8000000000000000713113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.225{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54042-false10.0.1.12-8000- 11241100x8000000000000000713116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f9da8c45bfbd42023-02-07 15:18:45.595root 11241100x8000000000000000713115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90ce0162994d3a72023-02-07 15:18:45.595root 11241100x8000000000000000713114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc309239682d72fc2023-02-07 15:18:45.595root 11241100x8000000000000000713122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5aa581907a62a42023-02-07 15:18:45.596root 11241100x8000000000000000713121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdb9d78d8540b7d2023-02-07 15:18:45.596root 11241100x8000000000000000713120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f475d13669624c12023-02-07 15:18:45.596root 11241100x8000000000000000713119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5e5fee70bdbc982023-02-07 15:18:45.596root 11241100x8000000000000000713118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8154f95827856e2023-02-07 15:18:45.596root 11241100x8000000000000000713117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f11277221a69e212023-02-07 15:18:45.596root 11241100x8000000000000000713124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a69e0e59e62cfe2023-02-07 15:18:45.597root 11241100x8000000000000000713123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b0e78e81b3e1cb2023-02-07 15:18:45.597root 11241100x8000000000000000713127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293db415378613c72023-02-07 15:18:45.598root 11241100x8000000000000000713126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5900394dac0802e92023-02-07 15:18:45.598root 11241100x8000000000000000713125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da3bd31302b0742023-02-07 15:18:45.598root 11241100x8000000000000000713130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7efba764d5c38b2023-02-07 15:18:45.599root 11241100x8000000000000000713129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1b990217611e642023-02-07 15:18:45.599root 11241100x8000000000000000713128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219f0618052ae83a2023-02-07 15:18:45.599root 11241100x8000000000000000713134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a32aa8aa745e062023-02-07 15:18:45.600root 11241100x8000000000000000713133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad5d35427026c452023-02-07 15:18:45.600root 11241100x8000000000000000713132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5ed5d94e05e6472023-02-07 15:18:45.600root 11241100x8000000000000000713131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5d01d93cd52fc72023-02-07 15:18:45.600root 11241100x8000000000000000713138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a908cb7571446fb2023-02-07 15:18:45.601root 11241100x8000000000000000713137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301d004f0d815ceb2023-02-07 15:18:45.601root 11241100x8000000000000000713136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7641a5c678c6f7092023-02-07 15:18:45.601root 11241100x8000000000000000713135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:45.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4943bf3b650e76af2023-02-07 15:18:45.601root 11241100x8000000000000000713140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80b418b2a37b5242023-02-07 15:18:46.095root 11241100x8000000000000000713139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a86a2d7735f4322023-02-07 15:18:46.095root 11241100x8000000000000000713145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f253c0e5033b884d2023-02-07 15:18:46.096root 11241100x8000000000000000713144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f583b5e78fe8def2023-02-07 15:18:46.096root 11241100x8000000000000000713143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bb7ddfa8c464db2023-02-07 15:18:46.096root 11241100x8000000000000000713142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d999312e0e89ac0b2023-02-07 15:18:46.096root 11241100x8000000000000000713141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77c6a233488577d2023-02-07 15:18:46.096root 11241100x8000000000000000713152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399c404556d2e5172023-02-07 15:18:46.097root 11241100x8000000000000000713151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1b17e64b7f4a3c2023-02-07 15:18:46.097root 11241100x8000000000000000713150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d52dec3654ec6192023-02-07 15:18:46.097root 11241100x8000000000000000713149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f5fa34cc2ff5fa2023-02-07 15:18:46.097root 11241100x8000000000000000713148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2337e6ec8d4533c2023-02-07 15:18:46.097root 11241100x8000000000000000713147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bea2ab601656ef2023-02-07 15:18:46.097root 11241100x8000000000000000713146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937fbcc4d593b7852023-02-07 15:18:46.097root 11241100x8000000000000000713159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d61b895a63128222023-02-07 15:18:46.098root 11241100x8000000000000000713158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d635893cc1b38bc32023-02-07 15:18:46.098root 11241100x8000000000000000713157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00f9e6d74ab3c952023-02-07 15:18:46.098root 11241100x8000000000000000713156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd83244c9dda802b2023-02-07 15:18:46.098root 11241100x8000000000000000713155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b397178c228d1062023-02-07 15:18:46.098root 11241100x8000000000000000713154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dffc86fe974a7b2023-02-07 15:18:46.098root 11241100x8000000000000000713153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d414183fced7222023-02-07 15:18:46.098root 11241100x8000000000000000713160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ae3077c2f5c55f2023-02-07 15:18:46.099root 11241100x8000000000000000713165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcad2ca4604391312023-02-07 15:18:46.100root 11241100x8000000000000000713164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aad54897370b8202023-02-07 15:18:46.100root 11241100x8000000000000000713163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ef589665bf3baf2023-02-07 15:18:46.100root 11241100x8000000000000000713162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010b58fa5bb50b932023-02-07 15:18:46.100root 11241100x8000000000000000713161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6457e9795b780e2023-02-07 15:18:46.100root 11241100x8000000000000000713172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb8d3ccf4b6f3df2023-02-07 15:18:46.595root 11241100x8000000000000000713171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923e2cbf1184821d2023-02-07 15:18:46.595root 11241100x8000000000000000713170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2645c7380447092023-02-07 15:18:46.595root 11241100x8000000000000000713169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299d8f56dd25a6922023-02-07 15:18:46.595root 11241100x8000000000000000713168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8061ef39c6e7d862023-02-07 15:18:46.595root 11241100x8000000000000000713167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42743404dbb963782023-02-07 15:18:46.595root 11241100x8000000000000000713166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6b0862fa7ff3b72023-02-07 15:18:46.595root 11241100x8000000000000000713182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e33c9101ee70a62023-02-07 15:18:46.596root 11241100x8000000000000000713181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f3a723c1395f72023-02-07 15:18:46.596root 11241100x8000000000000000713180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60c7c48edf2b14e2023-02-07 15:18:46.596root 11241100x8000000000000000713179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aff09d70b32d1f2023-02-07 15:18:46.596root 11241100x8000000000000000713178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f84f0a849f163b2023-02-07 15:18:46.596root 11241100x8000000000000000713177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa81d3cb9d18ca02023-02-07 15:18:46.596root 11241100x8000000000000000713176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1d17e8cf76ccc02023-02-07 15:18:46.596root 11241100x8000000000000000713175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b006d85c7104d7cd2023-02-07 15:18:46.596root 11241100x8000000000000000713174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018a72ad8e5aa3e02023-02-07 15:18:46.596root 11241100x8000000000000000713173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac20490e4d12532023-02-07 15:18:46.596root 11241100x8000000000000000713190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e54241cb777e5342023-02-07 15:18:46.597root 11241100x8000000000000000713189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f23d01a9127da62023-02-07 15:18:46.597root 11241100x8000000000000000713188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6129fbfe41388f2023-02-07 15:18:46.597root 11241100x8000000000000000713187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e1cf83d904d43d2023-02-07 15:18:46.597root 11241100x8000000000000000713186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c0d946986d63eb2023-02-07 15:18:46.597root 11241100x8000000000000000713185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc2eb84d8cf618f2023-02-07 15:18:46.597root 11241100x8000000000000000713184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0026d3ed01693c752023-02-07 15:18:46.597root 11241100x8000000000000000713183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab25bb0af0877aca2023-02-07 15:18:46.597root 11241100x8000000000000000713194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9c1feb364ef47f2023-02-07 15:18:46.598root 11241100x8000000000000000713193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02536394815bd3e72023-02-07 15:18:46.598root 11241100x8000000000000000713192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c783db5b08975d2023-02-07 15:18:46.598root 11241100x8000000000000000713191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:46.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e6ca4aca67c1ce2023-02-07 15:18:46.598root 11241100x8000000000000000713196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c54a5ef391d58642023-02-07 15:18:47.095root 11241100x8000000000000000713195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d095b71a7ea04322023-02-07 15:18:47.095root 11241100x8000000000000000713203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9156941616bcaba12023-02-07 15:18:47.096root 11241100x8000000000000000713202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363c5b783e9de9aa2023-02-07 15:18:47.096root 11241100x8000000000000000713201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23647f0599a18aa2023-02-07 15:18:47.096root 11241100x8000000000000000713200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63f1910b37f5a992023-02-07 15:18:47.096root 11241100x8000000000000000713199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7329a811e9996042023-02-07 15:18:47.096root 11241100x8000000000000000713198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ab04863485287e2023-02-07 15:18:47.096root 11241100x8000000000000000713197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e4edeca9917462023-02-07 15:18:47.096root 11241100x8000000000000000713210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb341ae3d615b7cd2023-02-07 15:18:47.097root 11241100x8000000000000000713209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017ca333343272402023-02-07 15:18:47.097root 11241100x8000000000000000713208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1258931e283de42023-02-07 15:18:47.097root 11241100x8000000000000000713207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e7e2e75070a472023-02-07 15:18:47.097root 11241100x8000000000000000713206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4c4412d6c5ac322023-02-07 15:18:47.097root 11241100x8000000000000000713205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db103b51273d8412023-02-07 15:18:47.097root 11241100x8000000000000000713204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34e54390e4fbbdf2023-02-07 15:18:47.097root 11241100x8000000000000000713217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29f323ed7fc6d972023-02-07 15:18:47.098root 11241100x8000000000000000713216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9050d29b071eb9242023-02-07 15:18:47.098root 11241100x8000000000000000713215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eacae3dcb2a1fd92023-02-07 15:18:47.098root 11241100x8000000000000000713214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9d63be13e93d522023-02-07 15:18:47.098root 11241100x8000000000000000713213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a8c825387b0d42023-02-07 15:18:47.098root 11241100x8000000000000000713212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7838a7d1601873f2023-02-07 15:18:47.098root 11241100x8000000000000000713211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317880d6d9fd3d072023-02-07 15:18:47.098root 11241100x8000000000000000713222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fcec15bd1178b22023-02-07 15:18:47.099root 11241100x8000000000000000713221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca27872e014f9072023-02-07 15:18:47.099root 11241100x8000000000000000713220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec3b8098f929f0e2023-02-07 15:18:47.099root 11241100x8000000000000000713219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d49d473de42022023-02-07 15:18:47.099root 11241100x8000000000000000713218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6061acc0de76c432023-02-07 15:18:47.099root 11241100x8000000000000000713230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25ee481a34976212023-02-07 15:18:47.596root 11241100x8000000000000000713229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c487659aed12e8ca2023-02-07 15:18:47.596root 11241100x8000000000000000713228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735997f5f60cd3992023-02-07 15:18:47.596root 11241100x8000000000000000713227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5183dad7341c894d2023-02-07 15:18:47.596root 11241100x8000000000000000713226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8699856f4ec15902023-02-07 15:18:47.596root 11241100x8000000000000000713225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b07fd183fa61d012023-02-07 15:18:47.596root 11241100x8000000000000000713224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a021cfdf7d1fe9332023-02-07 15:18:47.596root 11241100x8000000000000000713223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d42c6dce0211eb2023-02-07 15:18:47.596root 11241100x8000000000000000713246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4417f29cb86cf4ba2023-02-07 15:18:47.597root 11241100x8000000000000000713245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a44d93b683ccce2023-02-07 15:18:47.597root 11241100x8000000000000000713244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e137b8a3abcec5932023-02-07 15:18:47.597root 11241100x8000000000000000713243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be31d8cdf4a8c112023-02-07 15:18:47.597root 11241100x8000000000000000713242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6f6cb4666cc48e2023-02-07 15:18:47.597root 11241100x8000000000000000713241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2cedb450fa9c932023-02-07 15:18:47.597root 11241100x8000000000000000713240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8755fb43f07a5962023-02-07 15:18:47.597root 11241100x8000000000000000713239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b357beffc2b9aa542023-02-07 15:18:47.597root 11241100x8000000000000000713238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991a5dc58fc8e2eb2023-02-07 15:18:47.597root 11241100x8000000000000000713237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccda9bae5f789f62023-02-07 15:18:47.597root 11241100x8000000000000000713236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdede4e142f60a92023-02-07 15:18:47.597root 11241100x8000000000000000713235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9de7b117ce79622023-02-07 15:18:47.597root 11241100x8000000000000000713234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a441211012ebfc2023-02-07 15:18:47.597root 11241100x8000000000000000713233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccde0508615584f72023-02-07 15:18:47.597root 11241100x8000000000000000713232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69afcfab4ff1bca2023-02-07 15:18:47.597root 11241100x8000000000000000713231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b01520035b4342023-02-07 15:18:47.597root 11241100x8000000000000000713247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e5b3eef76aae042023-02-07 15:18:47.598root 354300x8000000000000000713248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.079{ec244aba-307c-63e2-e047-d2be3e560000}1722/usr/sbin/sshdroottcpfalsefalse3.130.182.57-63725-false10.0.1.20-22- 154100x8000000000000000713250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.080{ec244aba-6bd8-63e2-e047-8c08a8550000}6115/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1722--- 11241100x8000000000000000713249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.080{ec244aba-6bd8-63e2-0000-000000000000}6115/usr/sbin/sshd/proc/6115/oom_score_adj2023-02-07 15:18:48.080root 11241100x8000000000000000713255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30383a6f9720b4442023-02-07 15:18:48.081root 11241100x8000000000000000713254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dedcb8fe99b7c202023-02-07 15:18:48.081root 11241100x8000000000000000713253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11b5d86cb1d750b2023-02-07 15:18:48.081root 11241100x8000000000000000713252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c865471d675c2dba2023-02-07 15:18:48.081root 11241100x8000000000000000713251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.081{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897e6df577489aec2023-02-07 15:18:48.081root 11241100x8000000000000000713264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468680dbefc55a52023-02-07 15:18:48.082root 11241100x8000000000000000713263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e27531894f68f42023-02-07 15:18:48.082root 11241100x8000000000000000713262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689bfc91f7e048de2023-02-07 15:18:48.082root 11241100x8000000000000000713261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d308f837c9b7bc012023-02-07 15:18:48.082root 11241100x8000000000000000713260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f43604ce72d55ed2023-02-07 15:18:48.082root 11241100x8000000000000000713259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db90bc9e2c9dd1ea2023-02-07 15:18:48.082root 11241100x8000000000000000713258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c39871dadc137f82023-02-07 15:18:48.082root 11241100x8000000000000000713257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaebade13a51dcc2023-02-07 15:18:48.082root 11241100x8000000000000000713256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.082{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b733990dd0eec0122023-02-07 15:18:48.082root 11241100x8000000000000000713272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171cb20cecfd6bf12023-02-07 15:18:48.083root 11241100x8000000000000000713271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107d0964f23411512023-02-07 15:18:48.083root 11241100x8000000000000000713270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23f9e3bf74f2aec2023-02-07 15:18:48.083root 11241100x8000000000000000713269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f656f2c497ec222023-02-07 15:18:48.083root 11241100x8000000000000000713268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee317c408d5c91752023-02-07 15:18:48.083root 11241100x8000000000000000713267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339a2584db98db182023-02-07 15:18:48.083root 11241100x8000000000000000713266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd40215db897d0922023-02-07 15:18:48.083root 11241100x8000000000000000713265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.083{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849ee3838184e6702023-02-07 15:18:48.083root 11241100x8000000000000000713279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4271285329b973b2023-02-07 15:18:48.084root 11241100x8000000000000000713278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da588db0d69ee5a2023-02-07 15:18:48.084root 11241100x8000000000000000713277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0a7ff6afa1bc92023-02-07 15:18:48.084root 11241100x8000000000000000713276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e62b001985fcf2023-02-07 15:18:48.084root 11241100x8000000000000000713275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6157b0b1e62cbd9f2023-02-07 15:18:48.084root 11241100x8000000000000000713274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239bbd727343e0b92023-02-07 15:18:48.084root 11241100x8000000000000000713273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.084{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6a43f4b0264b452023-02-07 15:18:48.084root 11241100x8000000000000000713281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.085{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfab5607b23c0c32023-02-07 15:18:48.085root 11241100x8000000000000000713280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.085{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec47f92a09980e2023-02-07 15:18:48.085root 11241100x8000000000000000713283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.086{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a9e5a34d644f5c2023-02-07 15:18:48.086root 11241100x8000000000000000713282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.086{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cb4c0fe413bf212023-02-07 15:18:48.086root 11241100x8000000000000000713285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0926521cd992d5e52023-02-07 15:18:48.088root 11241100x8000000000000000713284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.088{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f4b950efef00082023-02-07 15:18:48.088root 11241100x8000000000000000713287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c6c637cabcb392023-02-07 15:18:48.089root 11241100x8000000000000000713286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.089{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2cd6567180b0382023-02-07 15:18:48.089root 11241100x8000000000000000713289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d95da27f7798d442023-02-07 15:18:48.346root 11241100x8000000000000000713288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa67dfda5bada07f2023-02-07 15:18:48.346root 11241100x8000000000000000713300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6083dd129f75f902023-02-07 15:18:48.347root 11241100x8000000000000000713299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b022e88bc14cc82023-02-07 15:18:48.347root 11241100x8000000000000000713298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12838f6ad84cb5802023-02-07 15:18:48.347root 11241100x8000000000000000713297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f52357f376230c2023-02-07 15:18:48.347root 11241100x8000000000000000713296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dd69844ec1532a2023-02-07 15:18:48.347root 11241100x8000000000000000713295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0333ebda9cea1bdc2023-02-07 15:18:48.347root 11241100x8000000000000000713294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b626dcd4b78ac3712023-02-07 15:18:48.347root 11241100x8000000000000000713293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e16a018f459d33f2023-02-07 15:18:48.347root 11241100x8000000000000000713292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c374982835357b92023-02-07 15:18:48.347root 11241100x8000000000000000713291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd79858923e0e73b2023-02-07 15:18:48.347root 11241100x8000000000000000713290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea1eb1a0048ef382023-02-07 15:18:48.347root 11241100x8000000000000000713313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10367370edcd9c622023-02-07 15:18:48.348root 11241100x8000000000000000713312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f853f41420ec6d702023-02-07 15:18:48.348root 11241100x8000000000000000713311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc025f289858452023-02-07 15:18:48.348root 11241100x8000000000000000713310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d182d8c8180a562023-02-07 15:18:48.348root 11241100x8000000000000000713309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff27007d4dc7aa022023-02-07 15:18:48.348root 11241100x8000000000000000713308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649b2af3ce82fd42023-02-07 15:18:48.348root 11241100x8000000000000000713307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a891a64cb737d652023-02-07 15:18:48.348root 11241100x8000000000000000713306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895dae8b85a08a782023-02-07 15:18:48.348root 11241100x8000000000000000713305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb96e77a6ec2662023-02-07 15:18:48.348root 11241100x8000000000000000713304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2cceaa1eccf4a52023-02-07 15:18:48.348root 11241100x8000000000000000713303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966df8afe53ada32023-02-07 15:18:48.348root 11241100x8000000000000000713302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e7ca24670c94ed2023-02-07 15:18:48.348root 11241100x8000000000000000713301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540b2e696df1cf22023-02-07 15:18:48.348root 11241100x8000000000000000713315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6674eb68ccfea9622023-02-07 15:18:48.349root 11241100x8000000000000000713314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7781742de1c274642023-02-07 15:18:48.349root 11241100x8000000000000000713316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb25eabc18371a12023-02-07 15:18:48.845root 11241100x8000000000000000713321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b6ce0ebc6583932023-02-07 15:18:48.846root 11241100x8000000000000000713320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cbb17cdcee561f2023-02-07 15:18:48.846root 11241100x8000000000000000713319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad25c72eafbfe732023-02-07 15:18:48.846root 11241100x8000000000000000713318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76364aa26fef3a4c2023-02-07 15:18:48.846root 11241100x8000000000000000713317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a27cb30d58c3d52023-02-07 15:18:48.846root 11241100x8000000000000000713331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c6440adb59a07f2023-02-07 15:18:48.847root 11241100x8000000000000000713330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff676f9f02fcc752023-02-07 15:18:48.847root 11241100x8000000000000000713329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc25dad0728c002023-02-07 15:18:48.847root 11241100x8000000000000000713328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6293647c6fc44ce2023-02-07 15:18:48.847root 11241100x8000000000000000713327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b5f3bbb510bda02023-02-07 15:18:48.847root 11241100x8000000000000000713326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53be03203f342b3e2023-02-07 15:18:48.847root 11241100x8000000000000000713325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1774d74beabf65c02023-02-07 15:18:48.847root 11241100x8000000000000000713324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5df074be7a3c312023-02-07 15:18:48.847root 11241100x8000000000000000713323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5870bf36f382d532023-02-07 15:18:48.847root 11241100x8000000000000000713322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629bbcef9a8236912023-02-07 15:18:48.847root 11241100x8000000000000000713343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a932f559a6d9fede2023-02-07 15:18:48.848root 11241100x8000000000000000713342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac299c7287fd16b2023-02-07 15:18:48.848root 11241100x8000000000000000713341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129793605703fbf92023-02-07 15:18:48.848root 11241100x8000000000000000713340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b3b23af2c774e2023-02-07 15:18:48.848root 11241100x8000000000000000713339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2384b35ca3d8b3792023-02-07 15:18:48.848root 11241100x8000000000000000713338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e36e2d3866a6192023-02-07 15:18:48.848root 11241100x8000000000000000713337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac2bb3e392cb1f32023-02-07 15:18:48.848root 11241100x8000000000000000713336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6419880e3440152023-02-07 15:18:48.848root 11241100x8000000000000000713335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfa5b67791ffe722023-02-07 15:18:48.848root 11241100x8000000000000000713334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395fcd338d3c27ac2023-02-07 15:18:48.848root 11241100x8000000000000000713333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c371366705a8a75e2023-02-07 15:18:48.848root 11241100x8000000000000000713332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:48.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8720aacfd59505272023-02-07 15:18:48.848root 11241100x8000000000000000713350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a476b9d87ac84a2023-02-07 15:18:49.346root 11241100x8000000000000000713349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b74f6c04bece892023-02-07 15:18:49.346root 11241100x8000000000000000713348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87da2737b55d13df2023-02-07 15:18:49.346root 11241100x8000000000000000713347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dcb6be7e293c552023-02-07 15:18:49.346root 11241100x8000000000000000713346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af93c6848ee9c5892023-02-07 15:18:49.346root 11241100x8000000000000000713345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d332710e586bbb2023-02-07 15:18:49.346root 11241100x8000000000000000713344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c97ceb34c0496c2023-02-07 15:18:49.346root 11241100x8000000000000000713365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fc9662a4c28f062023-02-07 15:18:49.347root 11241100x8000000000000000713364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3377949941477e562023-02-07 15:18:49.347root 11241100x8000000000000000713363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137fd5543833c6582023-02-07 15:18:49.347root 11241100x8000000000000000713362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d16c1ceb4caa79f2023-02-07 15:18:49.347root 11241100x8000000000000000713361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c65126644b6b0d2023-02-07 15:18:49.347root 11241100x8000000000000000713360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d26b116451d26e2023-02-07 15:18:49.347root 11241100x8000000000000000713359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a815508ed299ebe2023-02-07 15:18:49.347root 11241100x8000000000000000713358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfc6715086041482023-02-07 15:18:49.347root 11241100x8000000000000000713357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942b35243aae192c2023-02-07 15:18:49.347root 11241100x8000000000000000713356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00966701d74d2882023-02-07 15:18:49.347root 11241100x8000000000000000713355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28428ed160c602a2023-02-07 15:18:49.347root 11241100x8000000000000000713354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a3f738149dd7552023-02-07 15:18:49.347root 11241100x8000000000000000713353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801f67aa09ea103f2023-02-07 15:18:49.347root 11241100x8000000000000000713352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29b5784ffe95f712023-02-07 15:18:49.347root 11241100x8000000000000000713351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6369f2a3ea306c942023-02-07 15:18:49.347root 11241100x8000000000000000713371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256974595536692e2023-02-07 15:18:49.348root 11241100x8000000000000000713370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daad43df45644fcb2023-02-07 15:18:49.348root 11241100x8000000000000000713369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce18929a21367b292023-02-07 15:18:49.348root 11241100x8000000000000000713368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b64540fc6fb35c2023-02-07 15:18:49.348root 11241100x8000000000000000713367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc92ceab9926b112023-02-07 15:18:49.348root 11241100x8000000000000000713366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1be3dab44526372023-02-07 15:18:49.348root 11241100x8000000000000000713372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269f4efc400324012023-02-07 15:18:49.845root 11241100x8000000000000000713381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712f660e6e6afcd2023-02-07 15:18:49.846root 11241100x8000000000000000713380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8348c2ca328058362023-02-07 15:18:49.846root 11241100x8000000000000000713379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ac9fdd5cff97912023-02-07 15:18:49.846root 11241100x8000000000000000713378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3460fea587c35ae2023-02-07 15:18:49.846root 11241100x8000000000000000713377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf5e1cb8f579cac2023-02-07 15:18:49.846root 11241100x8000000000000000713376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c781e40275559f52023-02-07 15:18:49.846root 11241100x8000000000000000713375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823d071a1a5bcfbc2023-02-07 15:18:49.846root 11241100x8000000000000000713374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f3683a830a62a52023-02-07 15:18:49.846root 11241100x8000000000000000713373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba0d358b3716d4a2023-02-07 15:18:49.846root 11241100x8000000000000000713387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cae5fbe4d3542e2023-02-07 15:18:49.847root 11241100x8000000000000000713386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a523ac0b3ed5d862023-02-07 15:18:49.847root 11241100x8000000000000000713385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8502f31ce93d8e2023-02-07 15:18:49.847root 11241100x8000000000000000713384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd5738b6dddcfd12023-02-07 15:18:49.847root 11241100x8000000000000000713383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3028ffd55a34a8d02023-02-07 15:18:49.847root 11241100x8000000000000000713382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660c2fbeb68f84652023-02-07 15:18:49.847root 11241100x8000000000000000713393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba48d9a4565bd1d32023-02-07 15:18:49.848root 11241100x8000000000000000713392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22439b6aa39c20a92023-02-07 15:18:49.848root 11241100x8000000000000000713391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5de5c161aab70f32023-02-07 15:18:49.848root 11241100x8000000000000000713390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2617ccdf39921da2023-02-07 15:18:49.848root 11241100x8000000000000000713389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a468bc5ca8bf7b2023-02-07 15:18:49.848root 11241100x8000000000000000713388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78389b97e0f6e3982023-02-07 15:18:49.848root 11241100x8000000000000000713399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8109e44c0991742023-02-07 15:18:49.849root 11241100x8000000000000000713398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6544a365bd436b932023-02-07 15:18:49.849root 11241100x8000000000000000713397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69b3c2285eb214a2023-02-07 15:18:49.849root 11241100x8000000000000000713396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56deab421191dc9a2023-02-07 15:18:49.849root 11241100x8000000000000000713395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc7980be4bdb4942023-02-07 15:18:49.849root 11241100x8000000000000000713394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:49.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315d1de289c240dc2023-02-07 15:18:49.849root 11241100x8000000000000000713407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142b6581703a42ff2023-02-07 15:18:50.346root 11241100x8000000000000000713406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c22c2021e8433b62023-02-07 15:18:50.346root 11241100x8000000000000000713405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fda48280af10562023-02-07 15:18:50.346root 11241100x8000000000000000713404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c59e924cc4ac902023-02-07 15:18:50.346root 11241100x8000000000000000713403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db58dab9065815a2023-02-07 15:18:50.346root 11241100x8000000000000000713402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2b8d915d1f6a6e2023-02-07 15:18:50.346root 11241100x8000000000000000713401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08714ff55674bb922023-02-07 15:18:50.346root 11241100x8000000000000000713400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb01e504444d6082023-02-07 15:18:50.346root 11241100x8000000000000000713422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a0d358a23254a2023-02-07 15:18:50.347root 11241100x8000000000000000713421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8312eff2331593bf2023-02-07 15:18:50.347root 11241100x8000000000000000713420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edbad318ff5eec12023-02-07 15:18:50.347root 11241100x8000000000000000713419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba0f585f887285e2023-02-07 15:18:50.347root 11241100x8000000000000000713418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b748d1c7933fcd382023-02-07 15:18:50.347root 11241100x8000000000000000713417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed1a57ac0bd2ed72023-02-07 15:18:50.347root 11241100x8000000000000000713416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382ffd2bfc281ef92023-02-07 15:18:50.347root 11241100x8000000000000000713415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3624736f5616342023-02-07 15:18:50.347root 11241100x8000000000000000713414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51279aa0abca8b82023-02-07 15:18:50.347root 11241100x8000000000000000713413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc1ca8b37ac8ca42023-02-07 15:18:50.347root 11241100x8000000000000000713412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e5f512de45a8562023-02-07 15:18:50.347root 11241100x8000000000000000713411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2d3bde4654fb972023-02-07 15:18:50.347root 11241100x8000000000000000713410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486943c5a14715af2023-02-07 15:18:50.347root 11241100x8000000000000000713409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f41c704b9fc29a2023-02-07 15:18:50.347root 11241100x8000000000000000713408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b83c0b2bdbd6fa2023-02-07 15:18:50.347root 11241100x8000000000000000713427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a943dd09018223e22023-02-07 15:18:50.348root 11241100x8000000000000000713426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ca8714e8e8741a2023-02-07 15:18:50.348root 11241100x8000000000000000713425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b655e991cc6387752023-02-07 15:18:50.348root 11241100x8000000000000000713424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ac8689f87484da2023-02-07 15:18:50.348root 11241100x8000000000000000713423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ae6ec85cea7fea2023-02-07 15:18:50.348root 11241100x8000000000000000713436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42870b4bccb1df252023-02-07 15:18:50.846root 11241100x8000000000000000713435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1ccc4919af72bb2023-02-07 15:18:50.846root 11241100x8000000000000000713434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677e6761649823b72023-02-07 15:18:50.846root 11241100x8000000000000000713433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9696f2fe45309632023-02-07 15:18:50.846root 11241100x8000000000000000713432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ea2799e8d6ad9e2023-02-07 15:18:50.846root 11241100x8000000000000000713431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822dac78691857532023-02-07 15:18:50.846root 11241100x8000000000000000713430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4bfde2c92ab90d2023-02-07 15:18:50.846root 11241100x8000000000000000713429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b675ae5e06ce5c072023-02-07 15:18:50.846root 11241100x8000000000000000713428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4878656538043e2023-02-07 15:18:50.846root 11241100x8000000000000000713446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0338d9512732142023-02-07 15:18:50.847root 11241100x8000000000000000713445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c19a6a0ce6cb5ea2023-02-07 15:18:50.847root 11241100x8000000000000000713444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cc85d3117a1e542023-02-07 15:18:50.847root 11241100x8000000000000000713443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b8cdbc7acdb4f02023-02-07 15:18:50.847root 11241100x8000000000000000713442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0dbf665c17685d2023-02-07 15:18:50.847root 11241100x8000000000000000713441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c3b6a6016080132023-02-07 15:18:50.847root 11241100x8000000000000000713440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaec485bfc2cda82023-02-07 15:18:50.847root 11241100x8000000000000000713439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4da98066ecf6f22023-02-07 15:18:50.847root 11241100x8000000000000000713438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc65b7e6490c11d82023-02-07 15:18:50.847root 11241100x8000000000000000713437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceed34db01cd64fc2023-02-07 15:18:50.847root 11241100x8000000000000000713452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86740897af1d4e272023-02-07 15:18:50.848root 11241100x8000000000000000713451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a87eac31c35e8d92023-02-07 15:18:50.848root 11241100x8000000000000000713450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda54a4f5db3983f2023-02-07 15:18:50.848root 11241100x8000000000000000713449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aa0bc6fc72c2392023-02-07 15:18:50.848root 11241100x8000000000000000713448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d5c5316281242a2023-02-07 15:18:50.848root 11241100x8000000000000000713447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d444a3a8318feee02023-02-07 15:18:50.848root 11241100x8000000000000000713455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e95649c4bbc1212023-02-07 15:18:50.849root 11241100x8000000000000000713454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e386a538ceb82c3c2023-02-07 15:18:50.849root 11241100x8000000000000000713453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:50.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e327990f4b7ae5cd2023-02-07 15:18:50.849root 354300x8000000000000000713456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.046{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54056-false10.0.1.12-8000- 11241100x8000000000000000713461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d20e83a850e87352023-02-07 15:18:51.345root 11241100x8000000000000000713460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a76fc83e9a975ea2023-02-07 15:18:51.345root 11241100x8000000000000000713459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771c879fb7e93c9e2023-02-07 15:18:51.345root 11241100x8000000000000000713458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda1fa0c12c7f3d92023-02-07 15:18:51.345root 11241100x8000000000000000713457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d777f133d16a90182023-02-07 15:18:51.345root 11241100x8000000000000000713462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab33a5ccc3a715c2023-02-07 15:18:51.346root 11241100x8000000000000000713466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210daef5d41c6a862023-02-07 15:18:51.347root 11241100x8000000000000000713465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4f55b79332a8ac2023-02-07 15:18:51.347root 11241100x8000000000000000713464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2866f790c5fff4422023-02-07 15:18:51.347root 11241100x8000000000000000713463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ca1ef802343ce62023-02-07 15:18:51.347root 11241100x8000000000000000713472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5a71f5ab1d6d5c2023-02-07 15:18:51.348root 11241100x8000000000000000713471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0337cf156260b72b2023-02-07 15:18:51.348root 11241100x8000000000000000713470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4017fdfd67a134b62023-02-07 15:18:51.348root 11241100x8000000000000000713469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef989729edfbaa72023-02-07 15:18:51.348root 11241100x8000000000000000713468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b53f03d333054002023-02-07 15:18:51.348root 11241100x8000000000000000713467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8189176bcc42dd2d2023-02-07 15:18:51.348root 11241100x8000000000000000713479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aa36009aaf172b2023-02-07 15:18:51.349root 11241100x8000000000000000713478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8126e40917164f2023-02-07 15:18:51.349root 11241100x8000000000000000713477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1786e7904c31902023-02-07 15:18:51.349root 11241100x8000000000000000713476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b554fe0e8c5ee612023-02-07 15:18:51.349root 11241100x8000000000000000713475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aea89fe5f9b0722023-02-07 15:18:51.349root 11241100x8000000000000000713474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6b96eed7c25cf2023-02-07 15:18:51.349root 11241100x8000000000000000713473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb93020815f698762023-02-07 15:18:51.349root 11241100x8000000000000000713485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a406a4f557f3f2212023-02-07 15:18:51.350root 11241100x8000000000000000713484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139d01d523881a1f2023-02-07 15:18:51.350root 11241100x8000000000000000713483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508125cccd8f9fcd2023-02-07 15:18:51.350root 11241100x8000000000000000713482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db5865232ede7f32023-02-07 15:18:51.350root 11241100x8000000000000000713481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bc2225b122b4032023-02-07 15:18:51.350root 11241100x8000000000000000713480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8897f5ed65508c202023-02-07 15:18:51.350root 11241100x8000000000000000713489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9090fe98a1c20652023-02-07 15:18:51.351root 11241100x8000000000000000713488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2924ee5b1bd6dcfd2023-02-07 15:18:51.351root 11241100x8000000000000000713487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ca90fab0a84ec2023-02-07 15:18:51.351root 11241100x8000000000000000713486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafd80b63d25cbd22023-02-07 15:18:51.351root 11241100x8000000000000000713492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263fe009cb3bdd1a2023-02-07 15:18:51.352root 11241100x8000000000000000713491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52327c6b20ec6cc2023-02-07 15:18:51.352root 11241100x8000000000000000713490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99161b226f713272023-02-07 15:18:51.352root 11241100x8000000000000000713494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e06d032d8db9bb42023-02-07 15:18:51.845root 11241100x8000000000000000713493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cf6b6d1fdf013d2023-02-07 15:18:51.845root 11241100x8000000000000000713509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5ee3c756a9ca9f2023-02-07 15:18:51.846root 11241100x8000000000000000713508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8678b619a013160d2023-02-07 15:18:51.846root 11241100x8000000000000000713507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0083a135f2fb58f2023-02-07 15:18:51.846root 11241100x8000000000000000713506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74776d660e4d27742023-02-07 15:18:51.846root 11241100x8000000000000000713505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c8f8c1509dcdaf2023-02-07 15:18:51.846root 11241100x8000000000000000713504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cb23a7e228f8312023-02-07 15:18:51.846root 11241100x8000000000000000713503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4c260f40a79a6e2023-02-07 15:18:51.846root 11241100x8000000000000000713502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbca39aad03e222023-02-07 15:18:51.846root 11241100x8000000000000000713501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083e3469de9c79332023-02-07 15:18:51.846root 11241100x8000000000000000713500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06c8cf1611120be2023-02-07 15:18:51.846root 11241100x8000000000000000713499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561f4967dae10992023-02-07 15:18:51.846root 11241100x8000000000000000713498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8c94ab5bf1ef1a2023-02-07 15:18:51.846root 11241100x8000000000000000713497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61137af8bbbbbc3a2023-02-07 15:18:51.846root 11241100x8000000000000000713496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c76f6d2e366ba932023-02-07 15:18:51.846root 11241100x8000000000000000713495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67baaf0fa51fa6b22023-02-07 15:18:51.846root 11241100x8000000000000000713519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63adcc4c1330acc2023-02-07 15:18:51.847root 11241100x8000000000000000713518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f05ddfe32f5025f2023-02-07 15:18:51.847root 11241100x8000000000000000713517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c714a95eae302ab92023-02-07 15:18:51.847root 11241100x8000000000000000713516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429c8345ca6dbac2023-02-07 15:18:51.847root 11241100x8000000000000000713515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5989b78638da65f12023-02-07 15:18:51.847root 11241100x8000000000000000713514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9798a39528659a7d2023-02-07 15:18:51.847root 11241100x8000000000000000713513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f96a9f0ca440262023-02-07 15:18:51.847root 11241100x8000000000000000713512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514be4c294da75e12023-02-07 15:18:51.847root 11241100x8000000000000000713511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1e5db09f5611d72023-02-07 15:18:51.847root 11241100x8000000000000000713510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a24df128ef19ff2023-02-07 15:18:51.847root 11241100x8000000000000000713528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dac8d25606977302023-02-07 15:18:51.848root 11241100x8000000000000000713527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cc42669aa58a8a2023-02-07 15:18:51.848root 11241100x8000000000000000713526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a34044517d66b22023-02-07 15:18:51.848root 11241100x8000000000000000713525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b593c1c5a9acb4d2023-02-07 15:18:51.848root 11241100x8000000000000000713524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe35ced37be2c732023-02-07 15:18:51.848root 11241100x8000000000000000713523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0118e4acd750cf012023-02-07 15:18:51.848root 11241100x8000000000000000713522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d612fe2bbd861a22023-02-07 15:18:51.848root 11241100x8000000000000000713521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cca63e739901cd32023-02-07 15:18:51.848root 11241100x8000000000000000713520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c86a6d972fba05f2023-02-07 15:18:51.848root 11241100x8000000000000000713530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fc894003ba9b132023-02-07 15:18:52.345root 11241100x8000000000000000713529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d8237fc8b3555a2023-02-07 15:18:52.345root 11241100x8000000000000000713544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b93a22255447d412023-02-07 15:18:52.346root 11241100x8000000000000000713543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a4997bef03fc672023-02-07 15:18:52.346root 11241100x8000000000000000713542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ae5a9705371d042023-02-07 15:18:52.346root 11241100x8000000000000000713541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db42b7dd8cb5a2462023-02-07 15:18:52.346root 11241100x8000000000000000713540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07c9fb7bb9314c32023-02-07 15:18:52.346root 11241100x8000000000000000713539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c804d73082c91a2023-02-07 15:18:52.346root 11241100x8000000000000000713538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5932b857050261a2023-02-07 15:18:52.346root 11241100x8000000000000000713537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59e6a0de0616b2a2023-02-07 15:18:52.346root 11241100x8000000000000000713536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7077d72aef73c23d2023-02-07 15:18:52.346root 11241100x8000000000000000713535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aea45855e27102b2023-02-07 15:18:52.346root 11241100x8000000000000000713534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c2ed8defa8aa5a2023-02-07 15:18:52.346root 11241100x8000000000000000713533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71cf2667c9146be2023-02-07 15:18:52.346root 11241100x8000000000000000713532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e5fd3d2786981f2023-02-07 15:18:52.346root 11241100x8000000000000000713531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f93ee1b18b9d892023-02-07 15:18:52.346root 11241100x8000000000000000713555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad345c0c4558d8012023-02-07 15:18:52.347root 11241100x8000000000000000713554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12843fbb537163b2023-02-07 15:18:52.347root 11241100x8000000000000000713553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e137ef7a1d56982023-02-07 15:18:52.347root 11241100x8000000000000000713552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e0c8a8b05073502023-02-07 15:18:52.347root 11241100x8000000000000000713551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6c9a78ffdf0f8d2023-02-07 15:18:52.347root 11241100x8000000000000000713550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823ed6321e8c6ef62023-02-07 15:18:52.347root 11241100x8000000000000000713549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ed58673edb13252023-02-07 15:18:52.347root 11241100x8000000000000000713548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149f836a5fb420232023-02-07 15:18:52.347root 11241100x8000000000000000713547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c74b58ad4b4b82f2023-02-07 15:18:52.347root 11241100x8000000000000000713546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65fd2f249744df92023-02-07 15:18:52.347root 11241100x8000000000000000713545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b271cd02dfe0f6472023-02-07 15:18:52.347root 11241100x8000000000000000713557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66736666dd2eb3db2023-02-07 15:18:52.348root 11241100x8000000000000000713556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4b9087c1d68ba22023-02-07 15:18:52.348root 11241100x8000000000000000713560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977f87405b40798c2023-02-07 15:18:52.845root 11241100x8000000000000000713559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe751f2678fe6a02023-02-07 15:18:52.845root 11241100x8000000000000000713558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364928e19049f2062023-02-07 15:18:52.845root 11241100x8000000000000000713574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522adbfc2440e9412023-02-07 15:18:52.846root 11241100x8000000000000000713573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c33a89ff315b6192023-02-07 15:18:52.846root 11241100x8000000000000000713572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b382a6b923cd93632023-02-07 15:18:52.846root 11241100x8000000000000000713571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730e65d0830c50772023-02-07 15:18:52.846root 11241100x8000000000000000713570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5e1b4b512b7d1f2023-02-07 15:18:52.846root 11241100x8000000000000000713569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d639d18e914f4852023-02-07 15:18:52.846root 11241100x8000000000000000713568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dae31c74fabcffe2023-02-07 15:18:52.846root 11241100x8000000000000000713567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8af6bdca0822cd2023-02-07 15:18:52.846root 11241100x8000000000000000713566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ebc2348bd271872023-02-07 15:18:52.846root 11241100x8000000000000000713565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbcfe6b4fd6b6882023-02-07 15:18:52.846root 11241100x8000000000000000713564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105a85bfaaed4bae2023-02-07 15:18:52.846root 11241100x8000000000000000713563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9882ddbe85b6411b2023-02-07 15:18:52.846root 11241100x8000000000000000713562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de047670659cf82023-02-07 15:18:52.846root 11241100x8000000000000000713561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb23797295fd95bf2023-02-07 15:18:52.846root 11241100x8000000000000000713587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c3b48f56ede5a02023-02-07 15:18:52.847root 11241100x8000000000000000713586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c80835a3abba6532023-02-07 15:18:52.847root 11241100x8000000000000000713585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaeeb542021bfac52023-02-07 15:18:52.847root 11241100x8000000000000000713584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b922715991a29f62023-02-07 15:18:52.847root 11241100x8000000000000000713583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1f6d0bebbffc052023-02-07 15:18:52.847root 11241100x8000000000000000713582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da219316b0f11ba62023-02-07 15:18:52.847root 11241100x8000000000000000713581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871c852642a83d332023-02-07 15:18:52.847root 11241100x8000000000000000713580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913abab4d2539c412023-02-07 15:18:52.847root 11241100x8000000000000000713579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254b11c3d3d6e9822023-02-07 15:18:52.847root 11241100x8000000000000000713578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b946521fead4425c2023-02-07 15:18:52.847root 11241100x8000000000000000713577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78d7c0159d675792023-02-07 15:18:52.847root 11241100x8000000000000000713576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be42fc3828e0532023-02-07 15:18:52.847root 11241100x8000000000000000713575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72115d20c5ee2f592023-02-07 15:18:52.847root 11241100x8000000000000000713601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a72bb82471b2b72023-02-07 15:18:53.346root 11241100x8000000000000000713600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12430a205dd69f8b2023-02-07 15:18:53.346root 11241100x8000000000000000713599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb22a6456911a222023-02-07 15:18:53.346root 11241100x8000000000000000713598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa674ce3950f2dce2023-02-07 15:18:53.346root 11241100x8000000000000000713597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25834a5872cdc812023-02-07 15:18:53.346root 11241100x8000000000000000713596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0100b0709ac23462023-02-07 15:18:53.346root 11241100x8000000000000000713595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50c2bf399e453012023-02-07 15:18:53.346root 11241100x8000000000000000713594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372bbe691bf23ad42023-02-07 15:18:53.346root 11241100x8000000000000000713593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf20c2c3f747826c2023-02-07 15:18:53.346root 11241100x8000000000000000713592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25a59cfb13f50ed2023-02-07 15:18:53.346root 11241100x8000000000000000713591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69f8a93faf312922023-02-07 15:18:53.346root 11241100x8000000000000000713590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d634369334fc8552023-02-07 15:18:53.346root 11241100x8000000000000000713589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82a17f9352402a22023-02-07 15:18:53.346root 11241100x8000000000000000713588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f10f29af80a1002023-02-07 15:18:53.346root 11241100x8000000000000000713616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de284847bb846dbc2023-02-07 15:18:53.347root 11241100x8000000000000000713615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86666ab641a9c5672023-02-07 15:18:53.347root 11241100x8000000000000000713614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8492794500763d7b2023-02-07 15:18:53.347root 11241100x8000000000000000713613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e0c6074d90bfd2023-02-07 15:18:53.347root 11241100x8000000000000000713612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39773e50f0717ca2023-02-07 15:18:53.347root 11241100x8000000000000000713611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5550cf6f7d75092023-02-07 15:18:53.347root 11241100x8000000000000000713610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db87b9e88879d6b2023-02-07 15:18:53.347root 11241100x8000000000000000713609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69a04ae9ee14c962023-02-07 15:18:53.347root 11241100x8000000000000000713608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c86d6f0043f52f2023-02-07 15:18:53.347root 11241100x8000000000000000713607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1238c86b69f58af82023-02-07 15:18:53.347root 11241100x8000000000000000713606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2acb76594cc4db72023-02-07 15:18:53.347root 11241100x8000000000000000713605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f23613b7411f9a2023-02-07 15:18:53.347root 11241100x8000000000000000713604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a4bff67ee2c65b2023-02-07 15:18:53.347root 11241100x8000000000000000713603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18464b5405a8edf2023-02-07 15:18:53.347root 11241100x8000000000000000713602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b4b64522848e2a2023-02-07 15:18:53.347root 11241100x8000000000000000713627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4ed52cdc43ead22023-02-07 15:18:53.846root 11241100x8000000000000000713626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d530d4bef293ec332023-02-07 15:18:53.846root 11241100x8000000000000000713625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae0f412c66a36d2023-02-07 15:18:53.846root 11241100x8000000000000000713624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ad1b694e7688912023-02-07 15:18:53.846root 11241100x8000000000000000713623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115c2317488594452023-02-07 15:18:53.846root 11241100x8000000000000000713622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21dc51882ce20412023-02-07 15:18:53.846root 11241100x8000000000000000713621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ea70ba87e351f02023-02-07 15:18:53.846root 11241100x8000000000000000713620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8c7cd171cabf492023-02-07 15:18:53.846root 11241100x8000000000000000713619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8385166e8ee74f1f2023-02-07 15:18:53.846root 11241100x8000000000000000713618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd7e213f451828f2023-02-07 15:18:53.846root 11241100x8000000000000000713617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b491a09847bbc862023-02-07 15:18:53.846root 11241100x8000000000000000713639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7a56d192eac632023-02-07 15:18:53.847root 11241100x8000000000000000713638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9e33f00cbb97c82023-02-07 15:18:53.847root 11241100x8000000000000000713637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3187ec8475bbd3af2023-02-07 15:18:53.847root 11241100x8000000000000000713636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9545302fc9f655692023-02-07 15:18:53.847root 11241100x8000000000000000713635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843f747563a0dbdd2023-02-07 15:18:53.847root 11241100x8000000000000000713634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c32bf7c80b520ed2023-02-07 15:18:53.847root 11241100x8000000000000000713633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a18d37556c9055a2023-02-07 15:18:53.847root 11241100x8000000000000000713632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f214505a5357192a2023-02-07 15:18:53.847root 11241100x8000000000000000713631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea755d7eae27c572023-02-07 15:18:53.847root 11241100x8000000000000000713630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367b0f968b1fb2ca2023-02-07 15:18:53.847root 11241100x8000000000000000713629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71645a834bdb18d32023-02-07 15:18:53.847root 11241100x8000000000000000713628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9287908351fae4c92023-02-07 15:18:53.847root 11241100x8000000000000000713645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6b97159b1214442023-02-07 15:18:53.848root 11241100x8000000000000000713644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ce2d4f98b8edd22023-02-07 15:18:53.848root 11241100x8000000000000000713643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e79b2a2773b98052023-02-07 15:18:53.848root 11241100x8000000000000000713642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b340f074575f33152023-02-07 15:18:53.848root 11241100x8000000000000000713641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e460d537d699072023-02-07 15:18:53.848root 11241100x8000000000000000713640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:53.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dc5a607cea00de2023-02-07 15:18:53.848root 11241100x8000000000000000713657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f443575d40df98c32023-02-07 15:18:54.346root 11241100x8000000000000000713656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bc2446ebfa8c7b2023-02-07 15:18:54.346root 11241100x8000000000000000713655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9645078697fdc0a42023-02-07 15:18:54.346root 11241100x8000000000000000713654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5a3e12e053372d2023-02-07 15:18:54.346root 11241100x8000000000000000713653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4814957352e37062023-02-07 15:18:54.346root 11241100x8000000000000000713652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb854225856edd32023-02-07 15:18:54.346root 11241100x8000000000000000713651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc21c54dd802a1b2023-02-07 15:18:54.346root 11241100x8000000000000000713650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7272b6e32610bb42023-02-07 15:18:54.346root 11241100x8000000000000000713649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b875ab968f58652023-02-07 15:18:54.346root 11241100x8000000000000000713648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430bc788569674722023-02-07 15:18:54.346root 11241100x8000000000000000713647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdec57fb752ce572023-02-07 15:18:54.346root 11241100x8000000000000000713646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334b346f35bc6bfd2023-02-07 15:18:54.346root 11241100x8000000000000000713668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e522830c997bf72023-02-07 15:18:54.347root 11241100x8000000000000000713667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6626c9b1c9e6a8e02023-02-07 15:18:54.347root 11241100x8000000000000000713666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48078df302ab96cf2023-02-07 15:18:54.347root 11241100x8000000000000000713665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de11e992caba82182023-02-07 15:18:54.347root 11241100x8000000000000000713664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18b3957a49288ea2023-02-07 15:18:54.347root 11241100x8000000000000000713663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16bbcd8f1f8af122023-02-07 15:18:54.347root 11241100x8000000000000000713662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a69eeeac7c30e92023-02-07 15:18:54.347root 11241100x8000000000000000713661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc526f57a4abe912023-02-07 15:18:54.347root 11241100x8000000000000000713660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6faa87e876d6d492023-02-07 15:18:54.347root 11241100x8000000000000000713659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70610dbd94e55d852023-02-07 15:18:54.347root 11241100x8000000000000000713658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fbb2b3621088482023-02-07 15:18:54.347root 11241100x8000000000000000713674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a4d0284535a532023-02-07 15:18:54.348root 11241100x8000000000000000713673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b15fd813b2f83b2023-02-07 15:18:54.348root 11241100x8000000000000000713672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b48646dd41c7502023-02-07 15:18:54.348root 11241100x8000000000000000713671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a35328151882bc2023-02-07 15:18:54.348root 11241100x8000000000000000713670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f29bce64e010882023-02-07 15:18:54.348root 11241100x8000000000000000713669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e96abef72d2faa2023-02-07 15:18:54.348root 11241100x8000000000000000713675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.728{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:18:54.728root 11241100x8000000000000000713684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3866fbde8889de4b2023-02-07 15:18:54.729root 11241100x8000000000000000713683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db952d2f440945ef2023-02-07 15:18:54.729root 11241100x8000000000000000713682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68af52ca35732442023-02-07 15:18:54.729root 11241100x8000000000000000713681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427282afd386c4582023-02-07 15:18:54.729root 11241100x8000000000000000713680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e264672213caaf92023-02-07 15:18:54.729root 11241100x8000000000000000713679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8414c288ddd130b22023-02-07 15:18:54.729root 11241100x8000000000000000713678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b597450cb3b4652023-02-07 15:18:54.729root 11241100x8000000000000000713677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22640578e32abb62023-02-07 15:18:54.729root 11241100x8000000000000000713676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fb176fc862fad32023-02-07 15:18:54.729root 11241100x8000000000000000713693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d080d1ba19975a2023-02-07 15:18:54.730root 11241100x8000000000000000713692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bb258f0c422c42023-02-07 15:18:54.730root 11241100x8000000000000000713691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537d4437d270f19d2023-02-07 15:18:54.730root 11241100x8000000000000000713690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e208496be92507a2023-02-07 15:18:54.730root 11241100x8000000000000000713689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e82fb5c1d4253f82023-02-07 15:18:54.730root 11241100x8000000000000000713688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a4be5ffa55c41f2023-02-07 15:18:54.730root 11241100x8000000000000000713687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d43afb157228252023-02-07 15:18:54.730root 11241100x8000000000000000713686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc22bf101c028b12023-02-07 15:18:54.730root 11241100x8000000000000000713685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2faa71fda6eb7fb52023-02-07 15:18:54.730root 11241100x8000000000000000713704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8753d41ff86d98fc2023-02-07 15:18:54.731root 11241100x8000000000000000713703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cc47718e5428192023-02-07 15:18:54.731root 11241100x8000000000000000713702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0829b0879a4f09722023-02-07 15:18:54.731root 11241100x8000000000000000713701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed56e7f296bf1be82023-02-07 15:18:54.731root 11241100x8000000000000000713700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f781fdcbba43ed282023-02-07 15:18:54.731root 11241100x8000000000000000713699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263aed319642b04f2023-02-07 15:18:54.731root 11241100x8000000000000000713698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15dfea7a3929722023-02-07 15:18:54.731root 11241100x8000000000000000713697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32d4494e4572ec42023-02-07 15:18:54.731root 11241100x8000000000000000713696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da146cad61d20d52023-02-07 15:18:54.731root 11241100x8000000000000000713695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd370706e7a43a42023-02-07 15:18:54.731root 11241100x8000000000000000713694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91e50d971a741882023-02-07 15:18:54.731root 11241100x8000000000000000713716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8a5f1a9a2d18232023-02-07 15:18:54.732root 11241100x8000000000000000713715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b0cb8aeb49c0e52023-02-07 15:18:54.732root 11241100x8000000000000000713714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1123ba476fd49702023-02-07 15:18:54.732root 11241100x8000000000000000713713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0ca8ab608418c2023-02-07 15:18:54.732root 11241100x8000000000000000713712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb64dc4d933041342023-02-07 15:18:54.732root 11241100x8000000000000000713711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb29f07c01227e2023-02-07 15:18:54.732root 11241100x8000000000000000713710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e5c16daa544b62023-02-07 15:18:54.732root 11241100x8000000000000000713709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5fb2a92861ecda2023-02-07 15:18:54.732root 11241100x8000000000000000713708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d83f4b15d245812023-02-07 15:18:54.732root 11241100x8000000000000000713707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721ee29f3a359132023-02-07 15:18:54.732root 11241100x8000000000000000713706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee189d9865cdb47c2023-02-07 15:18:54.732root 11241100x8000000000000000713705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c62059a310e13b2023-02-07 15:18:54.732root 11241100x8000000000000000713717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:54.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b0d889f00132852023-02-07 15:18:54.733root 11241100x8000000000000000713720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd70fc10f9988ff2023-02-07 15:18:55.095root 11241100x8000000000000000713719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81129a28f17b95c42023-02-07 15:18:55.095root 11241100x8000000000000000713718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f6d932194464212023-02-07 15:18:55.095root 11241100x8000000000000000713728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45be5ee716697832023-02-07 15:18:55.096root 11241100x8000000000000000713727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df8476e56f2201e2023-02-07 15:18:55.096root 11241100x8000000000000000713726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33380c993c447f12023-02-07 15:18:55.096root 11241100x8000000000000000713725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c27d374147f85812023-02-07 15:18:55.096root 11241100x8000000000000000713724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc2e281caffe8d2023-02-07 15:18:55.096root 11241100x8000000000000000713723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a6f77f375e25912023-02-07 15:18:55.096root 11241100x8000000000000000713722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceee0b3787d4ca7d2023-02-07 15:18:55.096root 11241100x8000000000000000713721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0d03b29730d52a2023-02-07 15:18:55.096root 11241100x8000000000000000713737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13b846be0bffe8b2023-02-07 15:18:55.097root 11241100x8000000000000000713736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b306db6ead79192023-02-07 15:18:55.097root 11241100x8000000000000000713735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8580f2f1ac6bea52023-02-07 15:18:55.097root 11241100x8000000000000000713734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75eb70870a6ab332023-02-07 15:18:55.097root 11241100x8000000000000000713733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03354e61dfce7982023-02-07 15:18:55.097root 11241100x8000000000000000713732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817b8ea70c9c84a62023-02-07 15:18:55.097root 11241100x8000000000000000713731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0ae6e083a9b052023-02-07 15:18:55.097root 11241100x8000000000000000713730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20234120f89632d22023-02-07 15:18:55.097root 11241100x8000000000000000713729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe04e872e9b72a02023-02-07 15:18:55.097root 11241100x8000000000000000713750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc8169b8c9e4d772023-02-07 15:18:55.098root 11241100x8000000000000000713749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ca4cd6df5eee1f2023-02-07 15:18:55.098root 11241100x8000000000000000713748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d5c87e6ded28012023-02-07 15:18:55.098root 11241100x8000000000000000713747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4175c1ca686bb0722023-02-07 15:18:55.098root 11241100x8000000000000000713746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27088a21375bdcb2023-02-07 15:18:55.098root 11241100x8000000000000000713745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185b9ebbbe5f5bfb2023-02-07 15:18:55.098root 11241100x8000000000000000713744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806cc1c8320434c02023-02-07 15:18:55.098root 11241100x8000000000000000713743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303cda1517ba8f52023-02-07 15:18:55.098root 11241100x8000000000000000713742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb0b81c0f3759692023-02-07 15:18:55.098root 11241100x8000000000000000713741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5bb89fa91b56de2023-02-07 15:18:55.098root 11241100x8000000000000000713740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15cc5cb692960d52023-02-07 15:18:55.098root 11241100x8000000000000000713739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4ff371153484472023-02-07 15:18:55.098root 11241100x8000000000000000713738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d906779a5bd6ad9e2023-02-07 15:18:55.098root 11241100x8000000000000000713762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c197e840545fb9442023-02-07 15:18:55.596root 11241100x8000000000000000713761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c60093d19afb0d2023-02-07 15:18:55.596root 11241100x8000000000000000713760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d046eeaa27753af2023-02-07 15:18:55.596root 11241100x8000000000000000713759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007386b35662e7762023-02-07 15:18:55.596root 11241100x8000000000000000713758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5412aad1f68cd72023-02-07 15:18:55.596root 11241100x8000000000000000713757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7702414ba8ac132023-02-07 15:18:55.596root 11241100x8000000000000000713756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2777e2b7ab6d43ac2023-02-07 15:18:55.596root 11241100x8000000000000000713755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57434f8e51131ba2023-02-07 15:18:55.596root 11241100x8000000000000000713754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0512df7cd76930e2023-02-07 15:18:55.596root 11241100x8000000000000000713753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709e122f467e3a2d2023-02-07 15:18:55.596root 11241100x8000000000000000713752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b50ddfca4fc97b52023-02-07 15:18:55.596root 11241100x8000000000000000713751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4b56ad4001c5ef2023-02-07 15:18:55.596root 11241100x8000000000000000713777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123fe70e94ceede2023-02-07 15:18:55.597root 11241100x8000000000000000713776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e2246f826946d42023-02-07 15:18:55.597root 11241100x8000000000000000713775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce5984408b673d72023-02-07 15:18:55.597root 11241100x8000000000000000713774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d946b12f40cfc322023-02-07 15:18:55.597root 11241100x8000000000000000713773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afff78e49b91a3752023-02-07 15:18:55.597root 11241100x8000000000000000713772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3db8a1400fa647f2023-02-07 15:18:55.597root 11241100x8000000000000000713771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef68c695df4a1482023-02-07 15:18:55.597root 11241100x8000000000000000713770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff993dbe79e4d65c2023-02-07 15:18:55.597root 11241100x8000000000000000713769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd68072bd9c1eb92023-02-07 15:18:55.597root 11241100x8000000000000000713768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82105fa654afa2812023-02-07 15:18:55.597root 11241100x8000000000000000713767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b60e9ca4f530e52023-02-07 15:18:55.597root 11241100x8000000000000000713766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb77efab03739b1d2023-02-07 15:18:55.597root 11241100x8000000000000000713765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066020222ab1be292023-02-07 15:18:55.597root 11241100x8000000000000000713764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b088ab581f62c4302023-02-07 15:18:55.597root 11241100x8000000000000000713763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4302b247105019532023-02-07 15:18:55.597root 11241100x8000000000000000713780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016e93c47c5f7f792023-02-07 15:18:55.598root 11241100x8000000000000000713779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380cf9aa6b5e56562023-02-07 15:18:55.598root 11241100x8000000000000000713778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af170ebd408f04122023-02-07 15:18:55.598root 11241100x8000000000000000713787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f93dcfcb07ab6c2023-02-07 15:18:56.095root 11241100x8000000000000000713786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9a2d4a042d80672023-02-07 15:18:56.095root 11241100x8000000000000000713785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610a082c2e228fca2023-02-07 15:18:56.095root 11241100x8000000000000000713784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1afcb984fa16022023-02-07 15:18:56.095root 11241100x8000000000000000713783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652904606a8707fa2023-02-07 15:18:56.095root 11241100x8000000000000000713782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd25ea86f4d7ce2023-02-07 15:18:56.095root 11241100x8000000000000000713781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d144529e7b65bc2023-02-07 15:18:56.095root 11241100x8000000000000000713788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfe3fba4269d8032023-02-07 15:18:56.096root 11241100x8000000000000000713798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874f7f79873bd9d62023-02-07 15:18:56.097root 11241100x8000000000000000713797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1950f60a929a7892023-02-07 15:18:56.097root 11241100x8000000000000000713796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca531517757c7f3d2023-02-07 15:18:56.097root 11241100x8000000000000000713795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee705c7f620ecd052023-02-07 15:18:56.097root 11241100x8000000000000000713794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b4468d1800f6842023-02-07 15:18:56.097root 11241100x8000000000000000713793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3623b1a59947c4302023-02-07 15:18:56.097root 11241100x8000000000000000713792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef88ea18eb5f3dc2023-02-07 15:18:56.097root 11241100x8000000000000000713791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec919f58c76329ac2023-02-07 15:18:56.097root 11241100x8000000000000000713790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5c4bb636a0db6a2023-02-07 15:18:56.097root 11241100x8000000000000000713789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1b3d93c83eefd52023-02-07 15:18:56.097root 11241100x8000000000000000713806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3949487f478eb8a72023-02-07 15:18:56.098root 11241100x8000000000000000713805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05f6504bba348df2023-02-07 15:18:56.098root 11241100x8000000000000000713804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318a206a344874742023-02-07 15:18:56.098root 11241100x8000000000000000713803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476f8b42480af60a2023-02-07 15:18:56.098root 11241100x8000000000000000713802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397574804fda62662023-02-07 15:18:56.098root 11241100x8000000000000000713801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a947e50f73bb5e2023-02-07 15:18:56.098root 11241100x8000000000000000713800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ccaf002c76f07d2023-02-07 15:18:56.098root 11241100x8000000000000000713799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b519a285dde6c1c42023-02-07 15:18:56.098root 11241100x8000000000000000713808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce6b3e58a232aea2023-02-07 15:18:56.099root 11241100x8000000000000000713807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca38f7598c472082023-02-07 15:18:56.099root 11241100x8000000000000000713810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167b9a50a617a04d2023-02-07 15:18:56.100root 11241100x8000000000000000713809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acd0f8f6877bf9c2023-02-07 15:18:56.100root 354300x8000000000000000713811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.245{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52210-false10.0.1.12-8000- 11241100x8000000000000000713818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7882a26a8ce87c2023-02-07 15:18:56.595root 11241100x8000000000000000713817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f31e0e6c1f4a52023-02-07 15:18:56.595root 11241100x8000000000000000713816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62278b991a9cf5db2023-02-07 15:18:56.595root 11241100x8000000000000000713815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6430d09e1495c52023-02-07 15:18:56.595root 11241100x8000000000000000713814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c591b95956b4ac12023-02-07 15:18:56.595root 11241100x8000000000000000713813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf28569f4bbd7c02023-02-07 15:18:56.595root 11241100x8000000000000000713812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ed69cc62f48ab72023-02-07 15:18:56.595root 11241100x8000000000000000713831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18805dd9b0b45b052023-02-07 15:18:56.596root 11241100x8000000000000000713830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3bea7aa3dabeb22023-02-07 15:18:56.596root 11241100x8000000000000000713829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f0930465457ac42023-02-07 15:18:56.596root 11241100x8000000000000000713828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6ae9903e5108e2023-02-07 15:18:56.596root 11241100x8000000000000000713827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32864ac4d08fde212023-02-07 15:18:56.596root 11241100x8000000000000000713826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac500fbb97dd01372023-02-07 15:18:56.596root 11241100x8000000000000000713825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931338e4ccfcce3d2023-02-07 15:18:56.596root 11241100x8000000000000000713824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b56f660ea5a5b62023-02-07 15:18:56.596root 11241100x8000000000000000713823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64020e7eb78c49302023-02-07 15:18:56.596root 11241100x8000000000000000713822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244def38d3a4cf0a2023-02-07 15:18:56.596root 11241100x8000000000000000713821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdaf8708416305b2023-02-07 15:18:56.596root 11241100x8000000000000000713820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689f408671ef26912023-02-07 15:18:56.596root 11241100x8000000000000000713819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53163be2cce277652023-02-07 15:18:56.596root 11241100x8000000000000000713841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12a6c13891ab5642023-02-07 15:18:56.597root 11241100x8000000000000000713840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe98e0760c0369d2023-02-07 15:18:56.597root 11241100x8000000000000000713839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795cad678e79dd2d2023-02-07 15:18:56.597root 11241100x8000000000000000713838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4a954fdcd7c5de2023-02-07 15:18:56.597root 11241100x8000000000000000713837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477a86a443828e052023-02-07 15:18:56.597root 11241100x8000000000000000713836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f3c73909e0f5c2023-02-07 15:18:56.597root 11241100x8000000000000000713835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af569252c441082023-02-07 15:18:56.597root 11241100x8000000000000000713834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581af5405a7043f82023-02-07 15:18:56.597root 11241100x8000000000000000713833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b04579b5c2fa4a2023-02-07 15:18:56.597root 11241100x8000000000000000713832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ae8b06e4241d382023-02-07 15:18:56.597root 11241100x8000000000000000713845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e883425fde028412023-02-07 15:18:56.598root 11241100x8000000000000000713844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9cf3a7dcf070772023-02-07 15:18:56.598root 11241100x8000000000000000713843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7ffd700608e1fe2023-02-07 15:18:56.598root 11241100x8000000000000000713842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:56.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b09e74e3276a102023-02-07 15:18:56.598root 11241100x8000000000000000713847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe4ab3e6b6f6f862023-02-07 15:18:57.095root 11241100x8000000000000000713846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c83c19d222ebb322023-02-07 15:18:57.095root 11241100x8000000000000000713851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0423bc0eb4e5552023-02-07 15:18:57.096root 11241100x8000000000000000713850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c4c29c5a0fbbc02023-02-07 15:18:57.096root 11241100x8000000000000000713849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c229248040e9672023-02-07 15:18:57.096root 11241100x8000000000000000713848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c2cd259ea1ddf2023-02-07 15:18:57.096root 11241100x8000000000000000713856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111be3bba848fbdb2023-02-07 15:18:57.097root 11241100x8000000000000000713855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c3dc3891d092de2023-02-07 15:18:57.097root 11241100x8000000000000000713854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaf4e491ff19e092023-02-07 15:18:57.097root 11241100x8000000000000000713853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921791d9523c39382023-02-07 15:18:57.097root 11241100x8000000000000000713852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796d2166068f410b2023-02-07 15:18:57.097root 11241100x8000000000000000713864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438651f339d41052023-02-07 15:18:57.098root 11241100x8000000000000000713863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa5544abdece0172023-02-07 15:18:57.098root 11241100x8000000000000000713862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a3fb9a04b5a5c52023-02-07 15:18:57.098root 11241100x8000000000000000713861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148b173ae20c43d52023-02-07 15:18:57.098root 11241100x8000000000000000713860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb08f88c16f7b4f2023-02-07 15:18:57.098root 11241100x8000000000000000713859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ce9a8c253c2b922023-02-07 15:18:57.098root 11241100x8000000000000000713858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d02320d4b62d752023-02-07 15:18:57.098root 11241100x8000000000000000713857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bff4ae22f1ec7a2023-02-07 15:18:57.098root 11241100x8000000000000000713873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a806ba5dde9e8f2023-02-07 15:18:57.099root 11241100x8000000000000000713872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89772095b1e9791a2023-02-07 15:18:57.099root 11241100x8000000000000000713871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c3cd7bd3219a432023-02-07 15:18:57.099root 11241100x8000000000000000713870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d8ff1957045b2c2023-02-07 15:18:57.099root 11241100x8000000000000000713869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71747ad4b94888e22023-02-07 15:18:57.099root 11241100x8000000000000000713868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef92d9c7ca1bdb82023-02-07 15:18:57.099root 11241100x8000000000000000713867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ded28ee18685a12023-02-07 15:18:57.099root 11241100x8000000000000000713866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d5aedcaeadd8ec2023-02-07 15:18:57.099root 11241100x8000000000000000713865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a3a3701cf3ad6a2023-02-07 15:18:57.099root 11241100x8000000000000000713877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d2a3f2feaa822d2023-02-07 15:18:57.100root 11241100x8000000000000000713876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aba1154729220a82023-02-07 15:18:57.100root 11241100x8000000000000000713875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d58cc8fb93528a2023-02-07 15:18:57.100root 11241100x8000000000000000713874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495718d11632d6a02023-02-07 15:18:57.100root 534500x8000000000000000713878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.118{ec244aba-3071-63e2-c83a-8af647560000}6116-sshd 11241100x8000000000000000713879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.120{ec244aba-306a-63e2-58b9-c1ac64550000}1/lib/systemd/systemd/run/systemd/transient/session-9.scope2023-02-07 15:18:57.120root 11241100x8000000000000000713884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.123{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/users/.#1000UOl9YM2023-02-07 15:18:57.123root 11241100x8000000000000000713883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.123{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/sessions/.#9yfkrsC2023-02-07 15:18:57.123root 11241100x8000000000000000713882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.123{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/sessions/.#906QJVr2023-02-07 15:18:57.123root 11241100x8000000000000000713881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.123{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/users/.#1000qZv4oh2023-02-07 15:18:57.123root 11241100x8000000000000000713880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.123{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/sessions/.#98OKqS62023-02-07 15:18:57.123root 154100x8000000000000000713885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.124{ec244aba-6be1-63e2-6872-c940fc550000}6117/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6bd8-63e2-e047-8c08a8550000}6115/usr/sbin/sshd/usr/sbin/sshdroot 154100x8000000000000000713888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.125{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6872-c940fc550000}6117/bin/dashshroot 154100x8000000000000000713887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.125{ec244aba-6be1-63e2-78fc-19a03e560000}6118/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6872-c940fc550000}6117/bin/dashshroot 11241100x8000000000000000713886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.125{ec244aba-6be1-63e2-6872-c940fc550000}6117/bin/dash/run/motd.dynamic.new2023-02-07 15:18:57.125root 154100x8000000000000000713889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.126{ec244aba-6be1-63e2-6862-27ae1b560000}6119/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000713890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.127{ec244aba-6be1-63e2-806e-88ecc1550000}6120/bin/uname-----uname -o/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6862-27ae1b560000}6119/bin/dash/bin/shroot 534500x8000000000000000713893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.128{ec244aba-6be1-63e2-801e-256b40560000}6121/bin/unameroot 154100x8000000000000000713892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.128{ec244aba-6be1-63e2-801e-256b40560000}6121/bin/uname-----uname -r/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6862-27ae1b560000}6119/bin/dash/bin/shroot 534500x8000000000000000713891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.128{ec244aba-6be1-63e2-806e-88ecc1550000}6120/bin/unameroot 154100x8000000000000000713897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.129{ec244aba-6be1-63e2-68a2-cd3669550000}6123/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000713896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.129{ec244aba-6be1-63e2-6862-27ae1b560000}6119/bin/dashroot 534500x8000000000000000713895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.129{ec244aba-6be1-63e2-803e-a87500560000}6122/bin/unameroot 154100x8000000000000000713894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.129{ec244aba-6be1-63e2-803e-a87500560000}6122/bin/uname-----uname -m/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6862-27ae1b560000}6119/bin/dash/bin/shroot 154100x8000000000000000713899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.130{ec244aba-6be1-63e2-68f2-a3c72a560000}6124/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000713898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.130{ec244aba-6be1-63e2-68a2-cd3669550000}6123/bin/dashroot 154100x8000000000000000713900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.131{ec244aba-6be1-63e2-50fc-ef14a4550000}6125/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68f2-a3c72a560000}6124/bin/dash/bin/shroot 534500x8000000000000000713901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.132{ec244aba-6be1-63e2-50fc-ef14a4550000}6125/bin/greproot 154100x8000000000000000713903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.133{ec244aba-6be1-63e2-b890-bbaa99550000}6129/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6127--- 154100x8000000000000000713902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.133{ec244aba-6be1-63e2-983f-ce2871550000}6128/usr/bin/bc-----bc/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6126--- 534500x8000000000000000713905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.134{ec244aba-6be1-63e2-0000-000000000000}6127-root 534500x8000000000000000713904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.134{ec244aba-6be1-63e2-b890-bbaa99550000}6129/usr/bin/cutroot 154100x8000000000000000713908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.135{ec244aba-6be1-63e2-089f-ce38f9550000}6130/bin/date-----/bin/date/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68f2-a3c72a560000}6124/bin/dash/bin/shroot 534500x8000000000000000713907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.135{ec244aba-6be1-63e2-0000-000000000000}6126-root 534500x8000000000000000713906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.135{ec244aba-6be1-63e2-983f-ce2871550000}6128/usr/bin/bcroot 154100x8000000000000000713910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.136{ec244aba-6be1-63e2-2030-7b0000000000}6131/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68f2-a3c72a560000}6124/bin/dash/bin/shroot 534500x8000000000000000713909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.136{ec244aba-6be1-63e2-089f-ce38f9550000}6130/bin/dateroot 154100x8000000000000000713912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.247{ec244aba-6be1-63e2-b851-f402857f0000}6132/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-2030-7b0000000000}6131/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000713911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.247{ec244aba-6be1-63e2-68f2-d9c279550000}6132/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-2030-7b0000000000}6131/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000713913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.249{ec244aba-6be1-63e2-b851-f402857f0000}6132/sbin/ldconfig.realroot 154100x8000000000000000713915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.280{ec244aba-6be1-63e2-b801-3031b37f0000}6133/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-2030-7b0000000000}6131/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000713914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.280{ec244aba-6be1-63e2-6852-636ab8550000}6133/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-2030-7b0000000000}6131/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000713916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.283{ec244aba-6be1-63e2-b801-3031b37f0000}6133/sbin/ldconfig.realroot 154100x8000000000000000713917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.388{ec244aba-6be1-63e2-68a4-312296550000}6134/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 11241100x8000000000000000713920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.389{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd23127b4921e9432023-02-07 15:18:57.389root 11241100x8000000000000000713919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.389{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bde40f255f286222023-02-07 15:18:57.389root 11241100x8000000000000000713918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.389{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254538127a6bcb472023-02-07 15:18:57.389root 11241100x8000000000000000713922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.390{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7f9a8fba11007e2023-02-07 15:18:57.390root 11241100x8000000000000000713921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.390{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7521317b5e3617872023-02-07 15:18:57.390root 11241100x8000000000000000713925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.391{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb2e318b9acdec42023-02-07 15:18:57.391root 11241100x8000000000000000713924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.391{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3072bda40c53810d2023-02-07 15:18:57.391root 11241100x8000000000000000713923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.391{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cb82c32e7fcdf12023-02-07 15:18:57.391root 11241100x8000000000000000713928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.392{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1e39fbf2ed5672023-02-07 15:18:57.392root 11241100x8000000000000000713927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.392{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0f569408d1be322023-02-07 15:18:57.392root 11241100x8000000000000000713926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.392{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16002ac3dcf410f2023-02-07 15:18:57.392root 11241100x8000000000000000713932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.393{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87655bb64933ef32023-02-07 15:18:57.393root 11241100x8000000000000000713931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.393{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808d78b80f306ad72023-02-07 15:18:57.393root 11241100x8000000000000000713930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.393{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd82e4044907d872023-02-07 15:18:57.393root 11241100x8000000000000000713929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.393{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f4385c6244ad232023-02-07 15:18:57.393root 11241100x8000000000000000713936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.394{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ea67d49fcd3c962023-02-07 15:18:57.394root 11241100x8000000000000000713935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.394{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cad82e8baad86742023-02-07 15:18:57.394root 11241100x8000000000000000713934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.394{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97863abff0ccdd132023-02-07 15:18:57.394root 11241100x8000000000000000713933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.394{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0b18e3466d002b2023-02-07 15:18:57.394root 11241100x8000000000000000713940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.395{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365b7968824e97d2023-02-07 15:18:57.395root 11241100x8000000000000000713939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.395{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d62b7448bd875b2023-02-07 15:18:57.395root 11241100x8000000000000000713938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.395{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655f095a3787e6822023-02-07 15:18:57.395root 11241100x8000000000000000713937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.395{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6a70e7c49894a02023-02-07 15:18:57.395root 11241100x8000000000000000713943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.396{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a0fda7cd79edf22023-02-07 15:18:57.396root 11241100x8000000000000000713942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.396{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d246ac0a0f272bf52023-02-07 15:18:57.396root 11241100x8000000000000000713941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.396{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72793145be1791e2023-02-07 15:18:57.396root 11241100x8000000000000000713947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.397{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87bdc2b476508852023-02-07 15:18:57.397root 11241100x8000000000000000713946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.397{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9831b5069209af492023-02-07 15:18:57.397root 11241100x8000000000000000713945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.397{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168d0de4fce2fe782023-02-07 15:18:57.397root 11241100x8000000000000000713944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.397{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec16cf50c2f614d2023-02-07 15:18:57.397root 11241100x8000000000000000713952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.398{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323a5f2b889505912023-02-07 15:18:57.398root 11241100x8000000000000000713951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.398{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc185fbdbdcbe2f2023-02-07 15:18:57.398root 11241100x8000000000000000713950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.398{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beb3e952f5743182023-02-07 15:18:57.398root 11241100x8000000000000000713949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.398{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b374c06fdec13d82023-02-07 15:18:57.398root 11241100x8000000000000000713948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.398{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d2703fc8942dd82023-02-07 15:18:57.398root 11241100x8000000000000000713958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.399{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc785cd6647ee9412023-02-07 15:18:57.399root 11241100x8000000000000000713957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.399{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4ff7378b049db72023-02-07 15:18:57.399root 11241100x8000000000000000713956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.399{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1147f8254618f32c2023-02-07 15:18:57.399root 11241100x8000000000000000713955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.399{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b753d7e2ed2ad32023-02-07 15:18:57.399root 11241100x8000000000000000713954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.399{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1176649a918859662023-02-07 15:18:57.399root 11241100x8000000000000000713953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.399{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42776b7f3752da052023-02-07 15:18:57.399root 11241100x8000000000000000713964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.400{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f05ffcf1a6eab92023-02-07 15:18:57.400root 11241100x8000000000000000713963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.400{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573f6b0c98222e7e2023-02-07 15:18:57.400root 11241100x8000000000000000713962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.400{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b411c837aee4df062023-02-07 15:18:57.400root 11241100x8000000000000000713961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.400{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104f6078202d5d7d2023-02-07 15:18:57.400root 11241100x8000000000000000713960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.400{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41addbe0f253a4f62023-02-07 15:18:57.400root 11241100x8000000000000000713959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.400{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a89e51c42fded1c2023-02-07 15:18:57.400root 11241100x8000000000000000713971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.401{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b9a191d4aaa35c2023-02-07 15:18:57.401root 11241100x8000000000000000713970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.401{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b13ef02e108188a2023-02-07 15:18:57.401root 11241100x8000000000000000713969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.401{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72266516806868232023-02-07 15:18:57.401root 11241100x8000000000000000713968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.401{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32395693a127fff72023-02-07 15:18:57.401root 11241100x8000000000000000713967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.401{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1587715c57b7b42023-02-07 15:18:57.401root 11241100x8000000000000000713966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.401{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8e90fcd1d6f98d2023-02-07 15:18:57.401root 11241100x8000000000000000713965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.401{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dba43b59f3dc552023-02-07 15:18:57.401root 11241100x8000000000000000713978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.402{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240d04ce53dc750e2023-02-07 15:18:57.402root 11241100x8000000000000000713977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.402{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10735d6a5796d3e92023-02-07 15:18:57.402root 11241100x8000000000000000713976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.402{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aec09d2897c90f2023-02-07 15:18:57.402root 11241100x8000000000000000713975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.402{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76a71eedc3a8b792023-02-07 15:18:57.402root 11241100x8000000000000000713974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.402{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf7cf4edc9f5f862023-02-07 15:18:57.402root 534500x8000000000000000713973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.402{ec244aba-6be1-63e2-68a4-312296550000}6134/bin/psroot 11241100x8000000000000000713972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.402{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687d6b911dd796f42023-02-07 15:18:57.402root 11241100x8000000000000000713984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.403{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668765930b770af72023-02-07 15:18:57.403root 11241100x8000000000000000713983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.403{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbab9a7262dadb02023-02-07 15:18:57.403root 11241100x8000000000000000713982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.403{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62080ba05e838382023-02-07 15:18:57.403root 11241100x8000000000000000713981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.403{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f676029eed71f15c2023-02-07 15:18:57.403root 11241100x8000000000000000713980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.403{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eaccbeb2117cc12023-02-07 15:18:57.403root 11241100x8000000000000000713979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.403{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae38d30aa435b0f2023-02-07 15:18:57.403root 11241100x8000000000000000713988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.404{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21416b727f66410d2023-02-07 15:18:57.404root 11241100x8000000000000000713987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.404{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d8505c526dffc82023-02-07 15:18:57.404root 11241100x8000000000000000713986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.404{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975acf80372c45c82023-02-07 15:18:57.404root 11241100x8000000000000000713985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.404{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0195fc243e208ba62023-02-07 15:18:57.404root 11241100x8000000000000000713993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.405{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbf05f2c8a087842023-02-07 15:18:57.405root 11241100x8000000000000000713992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.405{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7baf8a64f6767c62023-02-07 15:18:57.405root 11241100x8000000000000000713991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.405{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8854c61457ea3aef2023-02-07 15:18:57.405root 11241100x8000000000000000713990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.405{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23628d45372e529f2023-02-07 15:18:57.405root 11241100x8000000000000000713989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.405{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cbe8ffc8c0bf212023-02-07 15:18:57.405root 11241100x8000000000000000713997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d346cf2418cf4342023-02-07 15:18:57.406root 11241100x8000000000000000713996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d3038d0736b3932023-02-07 15:18:57.406root 11241100x8000000000000000713995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782e9c007a2ce76e2023-02-07 15:18:57.406root 11241100x8000000000000000713994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3001732d07b422023-02-07 15:18:57.406root 11241100x8000000000000000714001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57615f99165d5be22023-02-07 15:18:57.407root 11241100x8000000000000000714000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500d0e8d77a3ad582023-02-07 15:18:57.407root 11241100x8000000000000000713999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6e9fb675b6483f2023-02-07 15:18:57.407root 11241100x8000000000000000713998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc129d928ea225db2023-02-07 15:18:57.407root 534500x8000000000000000714005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.408{ec244aba-6be1-63e2-0000-000000000000}6135-root 11241100x8000000000000000714004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369590537f615f332023-02-07 15:18:57.408root 11241100x8000000000000000714003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab127d0e2fe2bdf2023-02-07 15:18:57.408root 11241100x8000000000000000714002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c47d331cf9f8d92023-02-07 15:18:57.408root 11241100x8000000000000000714009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982a2ff42e17ced62023-02-07 15:18:57.409root 11241100x8000000000000000714008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcca7ed0eac875f2023-02-07 15:18:57.409root 11241100x8000000000000000714007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f2db7128f134522023-02-07 15:18:57.409root 11241100x8000000000000000714006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828cd1cf080e565c2023-02-07 15:18:57.409root 11241100x8000000000000000714015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bbf092caf959b22023-02-07 15:18:57.410root 11241100x8000000000000000714014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e81e3452896cbf52023-02-07 15:18:57.410root 11241100x8000000000000000714013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d19f323dacca0a32023-02-07 15:18:57.410root 11241100x8000000000000000714012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d22fa1002bc1b6e2023-02-07 15:18:57.410root 11241100x8000000000000000714011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923d66baee40fe332023-02-07 15:18:57.410root 11241100x8000000000000000714010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d568fd3e0667de2023-02-07 15:18:57.410root 11241100x8000000000000000714019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.411{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f929d33d79988cb2023-02-07 15:18:57.411root 11241100x8000000000000000714018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.411{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8c6dddff45c6552023-02-07 15:18:57.411root 11241100x8000000000000000714017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.411{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6a4b3a32d577a12023-02-07 15:18:57.411root 11241100x8000000000000000714016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.411{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527c836ade3aa6e92023-02-07 15:18:57.411root 11241100x8000000000000000714024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.412{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd9c1937949cc52023-02-07 15:18:57.412root 11241100x8000000000000000714023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.412{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5878c193693bc5c52023-02-07 15:18:57.412root 11241100x8000000000000000714022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.412{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4121801c0e81c5a22023-02-07 15:18:57.412root 11241100x8000000000000000714021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.412{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd90f0d0be7c1f72023-02-07 15:18:57.412root 11241100x8000000000000000714020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.412{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8343aa4237c2c1042023-02-07 15:18:57.412root 11241100x8000000000000000714036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cd7140862eb56c2023-02-07 15:18:57.413root 11241100x8000000000000000714035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c4b416271ffa542023-02-07 15:18:57.413root 11241100x8000000000000000714034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62583124e582921a2023-02-07 15:18:57.413root 11241100x8000000000000000714033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406210aa4b52ff522023-02-07 15:18:57.413root 11241100x8000000000000000714032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5258f8012e80a3c22023-02-07 15:18:57.413root 11241100x8000000000000000714031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4238522b79939ec2023-02-07 15:18:57.413root 11241100x8000000000000000714030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8253fc0a631a1ac22023-02-07 15:18:57.413root 11241100x8000000000000000714029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808799939c5db9c22023-02-07 15:18:57.413root 11241100x8000000000000000714028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544b56433d1a34ef2023-02-07 15:18:57.413root 11241100x8000000000000000714027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dfcfa7a1c8913b2023-02-07 15:18:57.413root 11241100x8000000000000000714026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f40c4da287333492023-02-07 15:18:57.413root 11241100x8000000000000000714025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.413{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bcf6d718ed0da42023-02-07 15:18:57.413root 11241100x8000000000000000714050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89467e9b7e38787c2023-02-07 15:18:57.414root 11241100x8000000000000000714049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07abaa1efcea4d32023-02-07 15:18:57.414root 11241100x8000000000000000714048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223891098c91a4f62023-02-07 15:18:57.414root 11241100x8000000000000000714047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469357e1b29327102023-02-07 15:18:57.414root 11241100x8000000000000000714046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9674a60f4d2e0442023-02-07 15:18:57.414root 11241100x8000000000000000714045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1c2d867810831f2023-02-07 15:18:57.414root 11241100x8000000000000000714044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdafa3fd3389fe72023-02-07 15:18:57.414root 11241100x8000000000000000714043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475373870935d2b22023-02-07 15:18:57.414root 11241100x8000000000000000714042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18954d67e6b35c3b2023-02-07 15:18:57.414root 11241100x8000000000000000714041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dbf27a5700d4bc2023-02-07 15:18:57.414root 11241100x8000000000000000714040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b61a2dd20b2e1f2023-02-07 15:18:57.414root 11241100x8000000000000000714039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3caac3b59a60d2023-02-07 15:18:57.414root 11241100x8000000000000000714038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4de775bbcf5bf622023-02-07 15:18:57.414root 11241100x8000000000000000714037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.414{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8578a9c8b28114d62023-02-07 15:18:57.414root 11241100x8000000000000000714055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.415{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b6818d19d5f00e2023-02-07 15:18:57.415root 11241100x8000000000000000714054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.415{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7d8ad9f94933872023-02-07 15:18:57.415root 11241100x8000000000000000714053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.415{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ad596094a3e4af2023-02-07 15:18:57.415root 11241100x8000000000000000714052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.415{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa7184f784061122023-02-07 15:18:57.415root 11241100x8000000000000000714051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.415{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d1671d49e1c6532023-02-07 15:18:57.415root 154100x8000000000000000714056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.448{ec244aba-6be1-63e2-f0d3-0a925f550000}6136/usr/bin/who-----who -q/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-2030-7b0000000000}6131/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000714057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.451{ec244aba-6be1-63e2-f0d3-0a925f550000}6136/usr/bin/whoroot 534500x8000000000000000714058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.494{ec244aba-6be1-63e2-2030-7b0000000000}6131/usr/bin/python3.6root 154100x8000000000000000714060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.495{ec244aba-6be1-63e2-68a2-fb27a3550000}6137/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000714059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.495{ec244aba-6be1-63e2-68f2-a3c72a560000}6124/bin/dashroot 534500x8000000000000000714066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.496{ec244aba-6be1-63e2-d069-3c0bd8550000}6138/bin/catroot 154100x8000000000000000714065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.496{ec244aba-6be1-63e2-b810-835bbc550000}6141/usr/bin/cut-----cut -c -80/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-fb27a3550000}6137/bin/dash/bin/shroot 534500x8000000000000000714064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.496{ec244aba-6be1-63e2-7822-8c100d560000}6139/usr/bin/headroot 154100x8000000000000000714063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.496{ec244aba-6be1-63e2-e0e5-813757550000}6140/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-fb27a3550000}6137/bin/dash/bin/shroot 154100x8000000000000000714062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.496{ec244aba-6be1-63e2-7822-8c100d560000}6139/usr/bin/head-----head -n 10/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-fb27a3550000}6137/bin/dash/bin/shroot 154100x8000000000000000714061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.496{ec244aba-6be1-63e2-d069-3c0bd8550000}6138/bin/cat-----cat /var/cache/motd-news/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-fb27a3550000}6137/bin/dash/bin/shroot 154100x8000000000000000714072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.497{ec244aba-6be1-63e2-6802-723b5c550000}6143/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000714071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.497{ec244aba-6be1-63e2-6882-718c8a550000}6142/bin/dashroot 154100x8000000000000000714070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.497{ec244aba-6be1-63e2-6882-718c8a550000}6142/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000714069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.497{ec244aba-6be1-63e2-68a2-fb27a3550000}6137/bin/dashroot 534500x8000000000000000714068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.497{ec244aba-6be1-63e2-e0e5-813757550000}6140/usr/bin/trroot 534500x8000000000000000714067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.497{ec244aba-6be1-63e2-b810-835bbc550000}6141/usr/bin/cutroot 534500x8000000000000000714075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.498{ec244aba-6be1-63e2-6802-723b5c550000}6143/bin/dashroot 534500x8000000000000000714074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.498{ec244aba-6be1-63e2-d059-ab9474550000}6144/bin/catroot 154100x8000000000000000714073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.498{ec244aba-6be1-63e2-d059-ab9474550000}6144/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6802-723b5c550000}6143/bin/dash/bin/shroot 154100x8000000000000000714084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.499{ec244aba-6be1-63e2-68d2-b4ede5550000}6146/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000714078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.499{ec244aba-6be1-63e2-68e2-8be196550000}6146/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000714077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.499{ec244aba-6be1-63e2-6812-00af26560000}6145/bin/dashroot 154100x8000000000000000714076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.499{ec244aba-6be1-63e2-6812-00af26560000}6145/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000714080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.500{ec244aba-6be1-63e2-b870-ad22f8550000}6149/usr/bin/cut-----cut -d -f4/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6147--- 154100x8000000000000000714079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.500{ec244aba-6be1-63e2-2030-7b0000000000}6148/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6147--- 534500x8000000000000000714083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.552{00000000-0000-0000-0000-000000000000}6147<unknown process>root 534500x8000000000000000714082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.552{ec244aba-6be1-63e2-b870-ad22f8550000}6149/usr/bin/cutroot 534500x8000000000000000714081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.552{ec244aba-6be1-63e2-2030-7b0000000000}6148/usr/bin/python3.6root 154100x8000000000000000714085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.553{ec244aba-6be1-63e2-088f-ed7332560000}6150/bin/date-----date +%s/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68d2-b4ede5550000}6146/bin/dash/bin/shroot 154100x8000000000000000714087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.554{ec244aba-6be1-63e2-88b4-689378550000}6151/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68d2-b4ede5550000}6146/bin/dash/bin/shroot 534500x8000000000000000714086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.554{ec244aba-6be1-63e2-088f-ed7332560000}6150/bin/dateroot 154100x8000000000000000714089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.555{ec244aba-6be1-63e2-9825-4de3c4550000}6152/usr/bin/expr-----expr 1675767937 + 86400/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68d2-b4ede5550000}6146/bin/dash/bin/shroot 534500x8000000000000000714088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.555{ec244aba-6be1-63e2-88b4-689378550000}6151/usr/bin/statroot 154100x8000000000000000714091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.556{ec244aba-6be1-63e2-d069-958921560000}6153/bin/cat-----cat /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68d2-b4ede5550000}6146/bin/dash/bin/shroot 534500x8000000000000000714090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.556{ec244aba-6be1-63e2-9825-4de3c4550000}6152/usr/bin/exprroot 154100x8000000000000000714095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.557{ec244aba-6be1-63e2-68a2-5043ed550000}6154/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000714094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.557{ec244aba-6be1-63e2-68f2-0ab0bd550000}6154/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000714093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.557{ec244aba-6be1-63e2-68d2-b4ede5550000}6146/bin/dashroot 534500x8000000000000000714092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.557{ec244aba-6be1-63e2-d069-958921560000}6153/bin/catroot 154100x8000000000000000714098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.558{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000714097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.558{ec244aba-6be1-63e2-68a2-a68c46560000}6155/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000714096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.558{ec244aba-6be1-63e2-68a2-5043ed550000}6154/bin/dashroot 154100x8000000000000000714099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.562{ec244aba-6be1-63e2-7324-9c6d92550000}6156/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 154100x8000000000000000714100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.567{ec244aba-6be1-63e2-7021-c36673550000}6157/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-7324-9c6d92550000}6156/usr/bin/apt-configapt-configroot 154100x8000000000000000714103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.569{ec244aba-6be1-63e2-7374-988cae550000}6158/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 534500x8000000000000000714102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.569{ec244aba-6be1-63e2-7324-9c6d92550000}6156/usr/bin/apt-configroot 534500x8000000000000000714101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.569{ec244aba-6be1-63e2-7021-c36673550000}6157/usr/bin/dpkgroot 154100x8000000000000000714104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.574{ec244aba-6be1-63e2-7051-41c0b4550000}6159/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-7374-988cae550000}6158/usr/bin/apt-configapt-configroot 154100x8000000000000000714107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.577{ec244aba-6be1-63e2-73a4-f397bf550000}6160/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 534500x8000000000000000714106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.577{ec244aba-6be1-63e2-7374-988cae550000}6158/usr/bin/apt-configroot 534500x8000000000000000714105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.577{ec244aba-6be1-63e2-7051-41c0b4550000}6159/usr/bin/dpkgroot 154100x8000000000000000714108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.581{ec244aba-6be1-63e2-7071-920d03560000}6161/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-73a4-f397bf550000}6160/usr/bin/apt-configapt-configroot 534500x8000000000000000714109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.583{ec244aba-6be1-63e2-7071-920d03560000}6161/usr/bin/dpkgroot 154100x8000000000000000714111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.584{ec244aba-6be1-63e2-7374-df6f28560000}6162/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 534500x8000000000000000714110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.584{ec244aba-6be1-63e2-73a4-f397bf550000}6160/usr/bin/apt-configroot 154100x8000000000000000714112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.593{ec244aba-6be1-63e2-7001-cca16e550000}6163/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-7374-df6f28560000}6162/usr/bin/apt-configapt-configroot 534500x8000000000000000714113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.595{ec244aba-6be1-63e2-7001-cca16e550000}6163/usr/bin/dpkgroot 154100x8000000000000000714115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.596{ec244aba-6be1-63e2-7324-396222560000}6164/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 534500x8000000000000000714114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.596{ec244aba-6be1-63e2-7374-df6f28560000}6162/usr/bin/apt-configroot 154100x8000000000000000714116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.600{ec244aba-6be1-63e2-70e1-285000560000}6165/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-7324-396222560000}6164/usr/bin/apt-configapt-configroot 534500x8000000000000000714117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.602{ec244aba-6be1-63e2-70e1-285000560000}6165/usr/bin/dpkgroot 154100x8000000000000000714119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.603{ec244aba-6be1-63e2-90b0-aae5b8550000}6166/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 534500x8000000000000000714118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.603{ec244aba-6be1-63e2-7324-396222560000}6164/usr/bin/apt-configroot 154100x8000000000000000714123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.605{ec244aba-6be1-63e2-a8f0-dcd8d5550000}6167/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 154100x8000000000000000714121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.605{ec244aba-6be1-63e2-e808-d9b8aa550000}6168/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6167--- 534500x8000000000000000714120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.605{ec244aba-6be1-63e2-90b0-aae5b8550000}6166/usr/bin/findroot 534500x8000000000000000714122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.606{ec244aba-6be1-63e2-e808-d9b8aa550000}6168/usr/bin/dirnameroot 154100x8000000000000000714127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.607{ec244aba-6be1-63e2-2030-7b0000000000}6169/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/hwe-support-status/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 11241100x8000000000000000714126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.607{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/var/lib/update-notifier/tmp.e79xsq8IKD2023-02-07 15:18:57.607root 534500x8000000000000000714125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.607{ec244aba-6be1-63e2-a8f0-dcd8d5550000}6167/bin/mktemproot 11241100x8000000000000000714124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.607{ec244aba-6be1-63e2-a8f0-dcd8d5550000}6167/bin/mktemp/var/lib/update-notifier/tmp.e79xsq8IKD2023-02-07 15:18:57.607root 154100x8000000000000000714128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.705{ec244aba-6be1-63e2-2030-7b0000000000}6170/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-2030-7b0000000000}6169/usr/bin/python3.6/usr/bin/python3root 11241100x8000000000000000714133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.711{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582cac2a6d6771e12023-02-07 15:18:57.711root 11241100x8000000000000000714132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.711{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef596fd37dd78dcb2023-02-07 15:18:57.711root 11241100x8000000000000000714131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.711{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e025b191c26712b52023-02-07 15:18:57.711root 11241100x8000000000000000714130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.711{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f683e2dec2ec7e782023-02-07 15:18:57.711root 11241100x8000000000000000714129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.711{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38408c52a79423c2023-02-07 15:18:57.711root 11241100x8000000000000000714144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76512f7fc25c3ce92023-02-07 15:18:57.712root 11241100x8000000000000000714143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9952bacb15b1ac52023-02-07 15:18:57.712root 11241100x8000000000000000714142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e074cf88ed7ea72023-02-07 15:18:57.712root 11241100x8000000000000000714141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed2d26c4868e82a2023-02-07 15:18:57.712root 11241100x8000000000000000714140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d1c44f4e4e6dde2023-02-07 15:18:57.712root 11241100x8000000000000000714139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad25e2ee3ef502512023-02-07 15:18:57.712root 11241100x8000000000000000714138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c8163004f124952023-02-07 15:18:57.712root 11241100x8000000000000000714137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5ce6314d7f5732023-02-07 15:18:57.712root 11241100x8000000000000000714136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5f23b82ce1f5c2023-02-07 15:18:57.712root 11241100x8000000000000000714135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140cbcbb389e33ec2023-02-07 15:18:57.712root 11241100x8000000000000000714134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.712{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f578bdae8a4fada92023-02-07 15:18:57.712root 11241100x8000000000000000714149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.713{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0100a89b89840b2023-02-07 15:18:57.713root 11241100x8000000000000000714148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.713{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4de5d2c48c72c42023-02-07 15:18:57.713root 11241100x8000000000000000714147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.713{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a806bda4c3e898862023-02-07 15:18:57.713root 11241100x8000000000000000714146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.713{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70754b0a5e4895b42023-02-07 15:18:57.713root 11241100x8000000000000000714145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.713{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2255f5b6d75ce2023-02-07 15:18:57.713root 11241100x8000000000000000714153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.714{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fd42aa5a47107b2023-02-07 15:18:57.714root 11241100x8000000000000000714152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.714{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb785c6000a3052023-02-07 15:18:57.714root 11241100x8000000000000000714151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.714{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e177ac902533d8f82023-02-07 15:18:57.714root 11241100x8000000000000000714150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.714{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f973b264c383eb2023-02-07 15:18:57.714root 11241100x8000000000000000714159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.715{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab1c976740df1d62023-02-07 15:18:57.715root 11241100x8000000000000000714158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.715{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bafd4eadf7df57d2023-02-07 15:18:57.715root 11241100x8000000000000000714157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.715{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06972403855409422023-02-07 15:18:57.715root 11241100x8000000000000000714156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.715{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69c1fece04c6ed2023-02-07 15:18:57.715root 11241100x8000000000000000714155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.715{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac794a11a968d0742023-02-07 15:18:57.715root 11241100x8000000000000000714154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.715{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6dc73962be3e1c2023-02-07 15:18:57.715root 11241100x8000000000000000714171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f096d9e9b560022023-02-07 15:18:57.716root 11241100x8000000000000000714170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714b9c7c4dfeb3792023-02-07 15:18:57.716root 11241100x8000000000000000714169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dfcf5540493e2b2023-02-07 15:18:57.716root 11241100x8000000000000000714168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9e6b98671c1cef2023-02-07 15:18:57.716root 11241100x8000000000000000714167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86b9f1f3aa3aad22023-02-07 15:18:57.716root 11241100x8000000000000000714166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff5aad4bc1ce0742023-02-07 15:18:57.716root 11241100x8000000000000000714165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ff368febb960bf2023-02-07 15:18:57.716root 11241100x8000000000000000714164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea038c8107be61b02023-02-07 15:18:57.716root 11241100x8000000000000000714163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f5ae2cda1b64c32023-02-07 15:18:57.716root 11241100x8000000000000000714162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a0098f6755873d2023-02-07 15:18:57.716root 11241100x8000000000000000714161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673e3d2b26cb90092023-02-07 15:18:57.716root 11241100x8000000000000000714160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.716{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9dccf9cd071ac72023-02-07 15:18:57.716root 11241100x8000000000000000714180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0185a2da053fb46f2023-02-07 15:18:57.717root 11241100x8000000000000000714179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed234c1003a7a632023-02-07 15:18:57.717root 11241100x8000000000000000714178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692d92a44cf1d0e12023-02-07 15:18:57.717root 11241100x8000000000000000714177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f626b1bdc9da4252023-02-07 15:18:57.717root 11241100x8000000000000000714176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277ac9ebd466a22b2023-02-07 15:18:57.717root 11241100x8000000000000000714175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59f92d13df2f7b22023-02-07 15:18:57.717root 11241100x8000000000000000714174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e0ce75524de38d2023-02-07 15:18:57.717root 11241100x8000000000000000714173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337f5c1aa386cf332023-02-07 15:18:57.717root 11241100x8000000000000000714172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.717{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ba0533d3afbc402023-02-07 15:18:57.717root 11241100x8000000000000000714189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c92132e760ae272023-02-07 15:18:57.718root 11241100x8000000000000000714188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3b2d993adaee012023-02-07 15:18:57.718root 11241100x8000000000000000714187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b8cbbe2a457bec2023-02-07 15:18:57.718root 11241100x8000000000000000714186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f3183cef18e3e2023-02-07 15:18:57.718root 11241100x8000000000000000714185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bc4eea61e6c2f82023-02-07 15:18:57.718root 11241100x8000000000000000714184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea2f4b3049c05a42023-02-07 15:18:57.718root 11241100x8000000000000000714183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccbc7729e76e5d52023-02-07 15:18:57.718root 11241100x8000000000000000714182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fc2e626fbe602d2023-02-07 15:18:57.718root 11241100x8000000000000000714181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.718{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71a905195f9fadb2023-02-07 15:18:57.718root 11241100x8000000000000000714198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffb2991847af35d2023-02-07 15:18:57.719root 11241100x8000000000000000714197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48744358d6108bdb2023-02-07 15:18:57.719root 11241100x8000000000000000714196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4269829c3f3ccd2023-02-07 15:18:57.719root 11241100x8000000000000000714195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b562db6152f21132023-02-07 15:18:57.719root 11241100x8000000000000000714194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7688585d72bf3b02023-02-07 15:18:57.719root 11241100x8000000000000000714193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599bab8f0b4aac202023-02-07 15:18:57.719root 11241100x8000000000000000714192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9ad07dbc03eba42023-02-07 15:18:57.719root 11241100x8000000000000000714191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4dc1e7f44d00582023-02-07 15:18:57.719root 11241100x8000000000000000714190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.719{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c516d82b95526e2023-02-07 15:18:57.719root 11241100x8000000000000000714206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9d53739f104ce72023-02-07 15:18:57.720root 11241100x8000000000000000714205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e063cbc738328c2023-02-07 15:18:57.720root 11241100x8000000000000000714204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6513033dbbd8f5f72023-02-07 15:18:57.720root 11241100x8000000000000000714203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7951de6a11721ea22023-02-07 15:18:57.720root 11241100x8000000000000000714202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcfaf9e704a4e5f2023-02-07 15:18:57.720root 11241100x8000000000000000714201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da085bafc47523d42023-02-07 15:18:57.720root 11241100x8000000000000000714200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe75048759606e2023-02-07 15:18:57.720root 11241100x8000000000000000714199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.720{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e3f7e546e0fd9b2023-02-07 15:18:57.720root 11241100x8000000000000000714211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.721{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c5dbd18700cd4f2023-02-07 15:18:57.721root 11241100x8000000000000000714210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.721{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189a2586c7a3b6c92023-02-07 15:18:57.721root 11241100x8000000000000000714209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.721{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1595cc8024a36b42023-02-07 15:18:57.721root 11241100x8000000000000000714208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.721{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a3c48226fdcac72023-02-07 15:18:57.721root 11241100x8000000000000000714207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.721{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e6e063d40809c2023-02-07 15:18:57.721root 11241100x8000000000000000714216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.722{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce851d30d8dafe8e2023-02-07 15:18:57.722root 11241100x8000000000000000714215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.722{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4893e4c0b4215eb62023-02-07 15:18:57.722root 11241100x8000000000000000714214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.722{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337d6b55cee2278d2023-02-07 15:18:57.722root 11241100x8000000000000000714213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.722{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b97d29def026a7e2023-02-07 15:18:57.722root 11241100x8000000000000000714212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.722{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cd0163b469f8bc2023-02-07 15:18:57.722root 11241100x8000000000000000714221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.723{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6461ba33f97dd0bb2023-02-07 15:18:57.723root 11241100x8000000000000000714220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.723{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5947bf79f51256c72023-02-07 15:18:57.723root 11241100x8000000000000000714219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.723{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e95be31d5b7f662023-02-07 15:18:57.723root 11241100x8000000000000000714218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.723{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03772725cb7ffaab2023-02-07 15:18:57.723root 11241100x8000000000000000714217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.723{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd60c5fbe8cf9d782023-02-07 15:18:57.723root 11241100x8000000000000000714236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3e426d360abf2a2023-02-07 15:18:57.724root 11241100x8000000000000000714235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3394dcf7479ed82023-02-07 15:18:57.724root 11241100x8000000000000000714234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8c3eb84da020022023-02-07 15:18:57.724root 11241100x8000000000000000714233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372a7b788321a3082023-02-07 15:18:57.724root 11241100x8000000000000000714232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af990e53a50fbf72023-02-07 15:18:57.724root 11241100x8000000000000000714231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f820c61c74f74b012023-02-07 15:18:57.724root 11241100x8000000000000000714230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a114abf0291bdc302023-02-07 15:18:57.724root 11241100x8000000000000000714229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2180b22e6fd94f6f2023-02-07 15:18:57.724root 11241100x8000000000000000714228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213bea3ed9b3a8712023-02-07 15:18:57.724root 11241100x8000000000000000714227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375687e660b0e3232023-02-07 15:18:57.724root 11241100x8000000000000000714226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e58e838b50ac6222023-02-07 15:18:57.724root 11241100x8000000000000000714225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfaa484073dce5c2023-02-07 15:18:57.724root 11241100x8000000000000000714224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9df8156ad9dd4f2023-02-07 15:18:57.724root 11241100x8000000000000000714223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34347d70630df2a2023-02-07 15:18:57.724root 11241100x8000000000000000714222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.724{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed081447a39e16252023-02-07 15:18:57.724root 11241100x8000000000000000714250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643874e23ef7af612023-02-07 15:18:57.725root 11241100x8000000000000000714249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f203a8c26d6e50a2023-02-07 15:18:57.725root 11241100x8000000000000000714248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4590dadde6e4872023-02-07 15:18:57.725root 11241100x8000000000000000714247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c348def90f6fa74d2023-02-07 15:18:57.725root 11241100x8000000000000000714246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a7c1632d86ffb72023-02-07 15:18:57.725root 11241100x8000000000000000714245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9264600c68bb5c32023-02-07 15:18:57.725root 11241100x8000000000000000714244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1cccf9e00256c82023-02-07 15:18:57.725root 11241100x8000000000000000714243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e461f6fca427a8592023-02-07 15:18:57.725root 11241100x8000000000000000714242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4822e6050e5bcf12023-02-07 15:18:57.725root 11241100x8000000000000000714241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919936cdf67cc4f52023-02-07 15:18:57.725root 11241100x8000000000000000714240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5876b0270f5a4f2f2023-02-07 15:18:57.725root 11241100x8000000000000000714239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6b8905174365d02023-02-07 15:18:57.725root 11241100x8000000000000000714238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c217920299a1272023-02-07 15:18:57.725root 11241100x8000000000000000714237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.725{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a988ab3a253e7632023-02-07 15:18:57.725root 11241100x8000000000000000714258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b05c603b8ade2a32023-02-07 15:18:57.726root 11241100x8000000000000000714257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583ce8e649ebd5172023-02-07 15:18:57.726root 11241100x8000000000000000714256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a16082076ae1c2023-02-07 15:18:57.726root 11241100x8000000000000000714255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd9699c0c856102023-02-07 15:18:57.726root 11241100x8000000000000000714254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0475eff7a69ab9252023-02-07 15:18:57.726root 11241100x8000000000000000714253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3baf22d3f803a2f2023-02-07 15:18:57.726root 11241100x8000000000000000714252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b41f0583e991432023-02-07 15:18:57.726root 11241100x8000000000000000714251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.726{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c0489ebca498a02023-02-07 15:18:57.726root 11241100x8000000000000000714264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.727{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf34de388fe02f22023-02-07 15:18:57.727root 11241100x8000000000000000714263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.727{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a4204175adfb82023-02-07 15:18:57.727root 11241100x8000000000000000714262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.727{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af511b4dc7ed005e2023-02-07 15:18:57.727root 11241100x8000000000000000714261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.727{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58ac83939a2eba62023-02-07 15:18:57.727root 11241100x8000000000000000714260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.727{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616bdba487733b242023-02-07 15:18:57.727root 11241100x8000000000000000714259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.727{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780aeade508131492023-02-07 15:18:57.727root 11241100x8000000000000000714271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0963ad0cf1946b4d2023-02-07 15:18:57.728root 11241100x8000000000000000714270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3549403d88cd569d2023-02-07 15:18:57.728root 11241100x8000000000000000714269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf13b9b727a93a052023-02-07 15:18:57.728root 11241100x8000000000000000714268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e64b54e48e18a972023-02-07 15:18:57.728root 11241100x8000000000000000714267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50404ac3136ffde52023-02-07 15:18:57.728root 11241100x8000000000000000714266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94f40db5d1f97b32023-02-07 15:18:57.728root 11241100x8000000000000000714265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2a51bc3c386f062023-02-07 15:18:57.728root 11241100x8000000000000000714284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4654eaab37d7d2023-02-07 15:18:57.729root 11241100x8000000000000000714283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d050019811a8cd922023-02-07 15:18:57.729root 11241100x8000000000000000714282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535802ac0deab7572023-02-07 15:18:57.729root 11241100x8000000000000000714281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dc0dd37628a7092023-02-07 15:18:57.729root 11241100x8000000000000000714280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a46396a733a3e362023-02-07 15:18:57.729root 11241100x8000000000000000714279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bd51ff6f73d8e32023-02-07 15:18:57.729root 11241100x8000000000000000714278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc63226da9b56a882023-02-07 15:18:57.729root 11241100x8000000000000000714277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53194cb6ca60a9622023-02-07 15:18:57.729root 11241100x8000000000000000714276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e71f7751bd0cea2023-02-07 15:18:57.729root 11241100x8000000000000000714275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460c6b76cf8b49452023-02-07 15:18:57.729root 11241100x8000000000000000714274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81bba52b63a1ec42023-02-07 15:18:57.729root 11241100x8000000000000000714273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711e8147b79e50dc2023-02-07 15:18:57.729root 11241100x8000000000000000714272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3199b538aba761d92023-02-07 15:18:57.729root 11241100x8000000000000000714291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c65f0d6d2f9d9122023-02-07 15:18:57.730root 11241100x8000000000000000714290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc2f5bb10dbf5b32023-02-07 15:18:57.730root 11241100x8000000000000000714289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c39bfea8fdd152023-02-07 15:18:57.730root 11241100x8000000000000000714288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5913a3b6bd7b5b2e2023-02-07 15:18:57.730root 23542300x8000000000000000714287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.730{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000714286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f42a1bb01d8fcd92023-02-07 15:18:57.730root 11241100x8000000000000000714285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c6776c5d5de9412023-02-07 15:18:57.730root 11241100x8000000000000000714300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5c00c2fed9bc52023-02-07 15:18:57.731root 11241100x8000000000000000714299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926adcb32aba41672023-02-07 15:18:57.731root 11241100x8000000000000000714298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a4688099beafa02023-02-07 15:18:57.731root 11241100x8000000000000000714297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f18de700eb7fb62023-02-07 15:18:57.731root 11241100x8000000000000000714296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a216bbc62252a382023-02-07 15:18:57.731root 11241100x8000000000000000714295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4872bb69e35dd3672023-02-07 15:18:57.731root 11241100x8000000000000000714294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29536f8f8b91de512023-02-07 15:18:57.731root 11241100x8000000000000000714293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6ab77abf2bd3142023-02-07 15:18:57.731root 11241100x8000000000000000714292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b9506385ed82bf2023-02-07 15:18:57.731root 11241100x8000000000000000714310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b95efe90f325972023-02-07 15:18:57.732root 11241100x8000000000000000714309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94390089c3a103ad2023-02-07 15:18:57.732root 11241100x8000000000000000714308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4493dec0bab545d22023-02-07 15:18:57.732root 11241100x8000000000000000714307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80a83f391001f132023-02-07 15:18:57.732root 11241100x8000000000000000714306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4229eec74acece182023-02-07 15:18:57.732root 11241100x8000000000000000714305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35691ac8a402fa42023-02-07 15:18:57.732root 11241100x8000000000000000714304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ed78d3b1c789bb2023-02-07 15:18:57.732root 11241100x8000000000000000714303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e723f2892192b2023-02-07 15:18:57.732root 11241100x8000000000000000714302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac19b0bbb34a84a2023-02-07 15:18:57.732root 11241100x8000000000000000714301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805ea4751845b9052023-02-07 15:18:57.732root 11241100x8000000000000000714316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a7aca2eff398db2023-02-07 15:18:57.733root 11241100x8000000000000000714315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad438ed82f52fab42023-02-07 15:18:57.733root 11241100x8000000000000000714314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aff48573f5a8742023-02-07 15:18:57.733root 11241100x8000000000000000714313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0477d40b275add2e2023-02-07 15:18:57.733root 11241100x8000000000000000714312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1608b61080ee81c12023-02-07 15:18:57.733root 11241100x8000000000000000714311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd16fcaa98ca1b92023-02-07 15:18:57.733root 11241100x8000000000000000714326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be9576ff0be5c3f2023-02-07 15:18:57.734root 11241100x8000000000000000714325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ccaf4e365a6ee2023-02-07 15:18:57.734root 11241100x8000000000000000714324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19045ce2145dffc32023-02-07 15:18:57.734root 11241100x8000000000000000714323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91c52766b946912023-02-07 15:18:57.734root 11241100x8000000000000000714322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa4339ae8be4dc12023-02-07 15:18:57.734root 11241100x8000000000000000714321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944026fb55b4d8012023-02-07 15:18:57.734root 11241100x8000000000000000714320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc14f848a76f12dc2023-02-07 15:18:57.734root 11241100x8000000000000000714319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f3a7950760797f2023-02-07 15:18:57.734root 11241100x8000000000000000714318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccaf38bee0c23482023-02-07 15:18:57.734root 11241100x8000000000000000714317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a985ce0a9ee0af2023-02-07 15:18:57.734root 11241100x8000000000000000714336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f90c98ee78248dd2023-02-07 15:18:57.735root 11241100x8000000000000000714335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c0bc4d7f7c14ca2023-02-07 15:18:57.735root 11241100x8000000000000000714334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e39eb15f734916b2023-02-07 15:18:57.735root 11241100x8000000000000000714333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164e7e4b7a1bd6d32023-02-07 15:18:57.735root 11241100x8000000000000000714332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380079575068f69b2023-02-07 15:18:57.735root 11241100x8000000000000000714331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40491c2d14f318ac2023-02-07 15:18:57.735root 11241100x8000000000000000714330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd498671212e07ba2023-02-07 15:18:57.735root 11241100x8000000000000000714329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef67eb3baae39942023-02-07 15:18:57.735root 11241100x8000000000000000714328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfed7e5f505bc3a92023-02-07 15:18:57.735root 11241100x8000000000000000714327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f010d4024505e32023-02-07 15:18:57.735root 11241100x8000000000000000714346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ccdcf14d4395032023-02-07 15:18:57.736root 11241100x8000000000000000714345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a50c535811e4c472023-02-07 15:18:57.736root 11241100x8000000000000000714344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b1d1073cc431392023-02-07 15:18:57.736root 11241100x8000000000000000714343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae1517803b5e812023-02-07 15:18:57.736root 11241100x8000000000000000714342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49293dbd65dd15f02023-02-07 15:18:57.736root 11241100x8000000000000000714341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e58407ab352df72023-02-07 15:18:57.736root 11241100x8000000000000000714340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1918b1c899ada5ea2023-02-07 15:18:57.736root 11241100x8000000000000000714339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe89b63931f239c2023-02-07 15:18:57.736root 11241100x8000000000000000714338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923282a07980bd22023-02-07 15:18:57.736root 11241100x8000000000000000714337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.736{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0626ddbbb18b502023-02-07 15:18:57.736root 11241100x8000000000000000714356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff3aaedf8b96f92023-02-07 15:18:57.737root 11241100x8000000000000000714355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c2ffce9b1664882023-02-07 15:18:57.737root 11241100x8000000000000000714354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9b4c35bc898cc22023-02-07 15:18:57.737root 11241100x8000000000000000714353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe88012c1b685ab2023-02-07 15:18:57.737root 11241100x8000000000000000714352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba586d165b7ddefc2023-02-07 15:18:57.737root 11241100x8000000000000000714351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e49b98818d8a4cc2023-02-07 15:18:57.737root 11241100x8000000000000000714350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae6eed4e37a33fd2023-02-07 15:18:57.737root 11241100x8000000000000000714349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeed15c4005478a2023-02-07 15:18:57.737root 11241100x8000000000000000714348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1eb5217f2c79062023-02-07 15:18:57.737root 11241100x8000000000000000714347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.737{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a332e51d2c800c12023-02-07 15:18:57.737root 11241100x8000000000000000714367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86d44b0e42e3d272023-02-07 15:18:57.738root 11241100x8000000000000000714366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267acd5b36aaa82d2023-02-07 15:18:57.738root 11241100x8000000000000000714365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3125475671f11682023-02-07 15:18:57.738root 11241100x8000000000000000714364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9a9a76df298b62023-02-07 15:18:57.738root 11241100x8000000000000000714363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b511b2626885c8072023-02-07 15:18:57.738root 11241100x8000000000000000714362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa2073a89ea53042023-02-07 15:18:57.738root 11241100x8000000000000000714361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752470eaab27eaaa2023-02-07 15:18:57.738root 11241100x8000000000000000714360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e476a30a98c3c232023-02-07 15:18:57.738root 11241100x8000000000000000714359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327847e6f29b3b9c2023-02-07 15:18:57.738root 11241100x8000000000000000714358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fed03fd6508c932023-02-07 15:18:57.738root 11241100x8000000000000000714357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.738{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da44810951beb9df2023-02-07 15:18:57.738root 11241100x8000000000000000714376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ba03c4c872f2762023-02-07 15:18:57.739root 11241100x8000000000000000714375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabb1420e5ae23b62023-02-07 15:18:57.739root 11241100x8000000000000000714374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb2031eb1638142023-02-07 15:18:57.739root 11241100x8000000000000000714373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5782c8eece0236fd2023-02-07 15:18:57.739root 11241100x8000000000000000714372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefa3b0acc2f70b52023-02-07 15:18:57.739root 11241100x8000000000000000714371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753df7f6bd81c9202023-02-07 15:18:57.739root 11241100x8000000000000000714370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90e29ac1e52a6382023-02-07 15:18:57.739root 11241100x8000000000000000714369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61229865ec2310a2023-02-07 15:18:57.739root 11241100x8000000000000000714368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.739{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fad411ec64c88ad2023-02-07 15:18:57.739root 11241100x8000000000000000714382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad80cecc91281f62023-02-07 15:18:57.740root 11241100x8000000000000000714381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab8204213882ee72023-02-07 15:18:57.740root 11241100x8000000000000000714380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce6c510e6b2fc592023-02-07 15:18:57.740root 11241100x8000000000000000714379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaf9630241191c02023-02-07 15:18:57.740root 11241100x8000000000000000714378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a99e601e74b9f82023-02-07 15:18:57.740root 11241100x8000000000000000714377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.740{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b7d8fe29b620bc2023-02-07 15:18:57.740root 11241100x8000000000000000714389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8c12fc820fafaf2023-02-07 15:18:57.741root 11241100x8000000000000000714388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4344916446ac1a622023-02-07 15:18:57.741root 11241100x8000000000000000714387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cebe0bd0274d2772023-02-07 15:18:57.741root 11241100x8000000000000000714386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04441052fef68c112023-02-07 15:18:57.741root 11241100x8000000000000000714385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2b18cc487b85322023-02-07 15:18:57.741root 11241100x8000000000000000714384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35df27d622f69972023-02-07 15:18:57.741root 11241100x8000000000000000714383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.741{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826138aeaae1285a2023-02-07 15:18:57.741root 11241100x8000000000000000714399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030aea9e0f9ebe722023-02-07 15:18:57.742root 11241100x8000000000000000714398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5347b6c7b9ebf2232023-02-07 15:18:57.742root 11241100x8000000000000000714397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1276800189bb87402023-02-07 15:18:57.742root 11241100x8000000000000000714396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31a8cd0a311f0be2023-02-07 15:18:57.742root 11241100x8000000000000000714395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e2d6a454dd87be2023-02-07 15:18:57.742root 11241100x8000000000000000714394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65e3a42aa7f22ab2023-02-07 15:18:57.742root 11241100x8000000000000000714393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77db5da971c9b2732023-02-07 15:18:57.742root 11241100x8000000000000000714392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077f0f582c619b612023-02-07 15:18:57.742root 11241100x8000000000000000714391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855e2714b7494fcf2023-02-07 15:18:57.742root 11241100x8000000000000000714390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.742{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109b0b184cbcb162023-02-07 15:18:57.742root 11241100x8000000000000000714406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e593f4d6b29413732023-02-07 15:18:57.743root 11241100x8000000000000000714405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37f4eaf7fb460c2023-02-07 15:18:57.743root 11241100x8000000000000000714404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccf4ff45ae6aebb2023-02-07 15:18:57.743root 11241100x8000000000000000714403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ce572ab1f2cb4f2023-02-07 15:18:57.743root 11241100x8000000000000000714402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2aa63b277141192023-02-07 15:18:57.743root 11241100x8000000000000000714401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03170ea6842964542023-02-07 15:18:57.743root 11241100x8000000000000000714400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.743{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9ced057d16d9c82023-02-07 15:18:57.743root 11241100x8000000000000000714410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.744{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b62e2b03881c6f2023-02-07 15:18:57.744root 11241100x8000000000000000714409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.744{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00308e0d3db19aa2023-02-07 15:18:57.744root 11241100x8000000000000000714408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.744{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d6ef8ac7b4fdca2023-02-07 15:18:57.744root 11241100x8000000000000000714407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.744{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed74d9d938c55c32023-02-07 15:18:57.744root 11241100x8000000000000000714417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687036e2665ed4c2023-02-07 15:18:57.745root 11241100x8000000000000000714416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cc4c4f8e70c8b32023-02-07 15:18:57.745root 11241100x8000000000000000714415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee66637f2cdf84852023-02-07 15:18:57.745root 11241100x8000000000000000714414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f57c305ca05f3ef2023-02-07 15:18:57.745root 11241100x8000000000000000714413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40762a844b599832023-02-07 15:18:57.745root 11241100x8000000000000000714412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f2dff14589e23e2023-02-07 15:18:57.745root 11241100x8000000000000000714411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.745{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d608accce30b492023-02-07 15:18:57.745root 11241100x8000000000000000714423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed00e6c1ccfce6eb2023-02-07 15:18:57.746root 11241100x8000000000000000714422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64b112366c94c2e2023-02-07 15:18:57.746root 11241100x8000000000000000714421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14d6b49b6164eda2023-02-07 15:18:57.746root 11241100x8000000000000000714420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052d3cdc4c8fecf02023-02-07 15:18:57.746root 11241100x8000000000000000714419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5939251c50c9122023-02-07 15:18:57.746root 11241100x8000000000000000714418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.746{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce19ebb3d8f68062023-02-07 15:18:57.746root 11241100x8000000000000000714430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea51ae23548cbb2023-02-07 15:18:57.747root 11241100x8000000000000000714429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772035171607cd7d2023-02-07 15:18:57.747root 11241100x8000000000000000714428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0542c93e655e4f6d2023-02-07 15:18:57.747root 11241100x8000000000000000714427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741fe1d1b88183222023-02-07 15:18:57.747root 11241100x8000000000000000714426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd66f33d6c3d9a42023-02-07 15:18:57.747root 11241100x8000000000000000714425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152ab6b306749fb42023-02-07 15:18:57.747root 11241100x8000000000000000714424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.747{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eddd5e136e96ef2023-02-07 15:18:57.747root 11241100x8000000000000000714439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc800732a48e96a72023-02-07 15:18:57.748root 11241100x8000000000000000714438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6f93a1907c854d2023-02-07 15:18:57.748root 11241100x8000000000000000714437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3649ce52f32325e52023-02-07 15:18:57.748root 11241100x8000000000000000714436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244247b703f0bf472023-02-07 15:18:57.748root 11241100x8000000000000000714435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821d5ae5e9f599b92023-02-07 15:18:57.748root 11241100x8000000000000000714434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0972cd231ea629462023-02-07 15:18:57.748root 11241100x8000000000000000714433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0899ef97325fa262023-02-07 15:18:57.748root 11241100x8000000000000000714432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45c9cb27e8ddea82023-02-07 15:18:57.748root 11241100x8000000000000000714431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.748{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b38bee2213b69c2023-02-07 15:18:57.748root 11241100x8000000000000000714443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29035dc5ff6ba84f2023-02-07 15:18:57.749root 11241100x8000000000000000714442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a92da2d50587162023-02-07 15:18:57.749root 11241100x8000000000000000714441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3afed8cb39350f62023-02-07 15:18:57.749root 11241100x8000000000000000714440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.749{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819c258c42ff6f0c2023-02-07 15:18:57.749root 11241100x8000000000000000714451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9d5593af9484572023-02-07 15:18:57.750root 11241100x8000000000000000714450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77ca55a734d64732023-02-07 15:18:57.750root 11241100x8000000000000000714449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b71f95228bdf6a2023-02-07 15:18:57.750root 11241100x8000000000000000714448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e14efb4b1209252023-02-07 15:18:57.750root 11241100x8000000000000000714447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d88f028c78f5cb2023-02-07 15:18:57.750root 11241100x8000000000000000714446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1adce8839cebb32023-02-07 15:18:57.750root 11241100x8000000000000000714445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9006e5e94c6a426b2023-02-07 15:18:57.750root 11241100x8000000000000000714444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.750{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5767ffc2306511f82023-02-07 15:18:57.750root 11241100x8000000000000000714460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb17c21f8ecfe8df2023-02-07 15:18:57.751root 11241100x8000000000000000714459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57f2a8508ebd8b2023-02-07 15:18:57.751root 11241100x8000000000000000714458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7c30b7dae7b22c2023-02-07 15:18:57.751root 11241100x8000000000000000714457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f6ec035ca381f32023-02-07 15:18:57.751root 11241100x8000000000000000714456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff1e341d7c6f6862023-02-07 15:18:57.751root 11241100x8000000000000000714455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e94727ddbfdd8c52023-02-07 15:18:57.751root 11241100x8000000000000000714454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338e4b66677c5e8f2023-02-07 15:18:57.751root 11241100x8000000000000000714453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762fa6b9e109c23a2023-02-07 15:18:57.751root 11241100x8000000000000000714452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.751{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40487171b30c1e82023-02-07 15:18:57.751root 11241100x8000000000000000714467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.752{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907eaa18a133876f2023-02-07 15:18:57.752root 11241100x8000000000000000714466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.752{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25737b7ece0497fb2023-02-07 15:18:57.752root 11241100x8000000000000000714465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.752{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516284d7af6a1b5f2023-02-07 15:18:57.752root 11241100x8000000000000000714464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.752{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b4bdd76250e7ff2023-02-07 15:18:57.752root 11241100x8000000000000000714463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.752{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2efc9f792018e2c2023-02-07 15:18:57.752root 11241100x8000000000000000714462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.752{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705c063d7592557a2023-02-07 15:18:57.752root 11241100x8000000000000000714461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.752{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7778caa890f5f602023-02-07 15:18:57.752root 11241100x8000000000000000714474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.753{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957522ad5b25df022023-02-07 15:18:57.753root 11241100x8000000000000000714473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.753{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ff76d5ddcd49842023-02-07 15:18:57.753root 11241100x8000000000000000714472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.753{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51cf2fb56e5d6132023-02-07 15:18:57.753root 11241100x8000000000000000714471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.753{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97de7a6a7ba03bdb2023-02-07 15:18:57.753root 11241100x8000000000000000714470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.753{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92008eda874535d72023-02-07 15:18:57.753root 11241100x8000000000000000714469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.753{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aebfbaf1ce3bbe82023-02-07 15:18:57.753root 11241100x8000000000000000714468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.753{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3503cc03a4d55eb62023-02-07 15:18:57.753root 11241100x8000000000000000714479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.754{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edf64fc6448f5722023-02-07 15:18:57.754root 11241100x8000000000000000714478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.754{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47d7b7467a12c232023-02-07 15:18:57.754root 11241100x8000000000000000714477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.754{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358679e6c886bb9f2023-02-07 15:18:57.754root 11241100x8000000000000000714476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.754{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f392b460fc89f192023-02-07 15:18:57.754root 11241100x8000000000000000714475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.754{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095832ca5899af4e2023-02-07 15:18:57.754root 11241100x8000000000000000714485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.755{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d853740705e3722023-02-07 15:18:57.755root 11241100x8000000000000000714484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.755{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4261fe32012a9ed22023-02-07 15:18:57.755root 11241100x8000000000000000714483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.755{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976108241d1cd54b2023-02-07 15:18:57.755root 11241100x8000000000000000714482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.755{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98600bdc96694152023-02-07 15:18:57.755root 11241100x8000000000000000714481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.755{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944211d6741f7bc72023-02-07 15:18:57.755root 11241100x8000000000000000714480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.755{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7f0e24e16ad5472023-02-07 15:18:57.755root 11241100x8000000000000000714492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.756{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99228e3a7f255422023-02-07 15:18:57.756root 11241100x8000000000000000714491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.756{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6a6055f9990c062023-02-07 15:18:57.756root 11241100x8000000000000000714490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.756{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad90a7963d87f6ac2023-02-07 15:18:57.756root 11241100x8000000000000000714489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.756{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469862cb1ac0343e2023-02-07 15:18:57.756root 11241100x8000000000000000714488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.756{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e306721876998e9e2023-02-07 15:18:57.756root 11241100x8000000000000000714487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.756{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485093a3dd910c442023-02-07 15:18:57.756root 11241100x8000000000000000714486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.756{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885b0e942b4759012023-02-07 15:18:57.756root 11241100x8000000000000000714500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158d725e2dfdb4382023-02-07 15:18:57.757root 11241100x8000000000000000714499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1959b8446dc41d702023-02-07 15:18:57.757root 11241100x8000000000000000714498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d479746ce52cf2023-02-07 15:18:57.757root 11241100x8000000000000000714497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca78448fc46caa092023-02-07 15:18:57.757root 11241100x8000000000000000714496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea9cb3159e106992023-02-07 15:18:57.757root 11241100x8000000000000000714495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d007eb36384523322023-02-07 15:18:57.757root 11241100x8000000000000000714494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa35319722109b12023-02-07 15:18:57.757root 11241100x8000000000000000714493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.757{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14947c340435158f2023-02-07 15:18:57.757root 11241100x8000000000000000714508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c102f66b17c47d2023-02-07 15:18:57.758root 11241100x8000000000000000714507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84879dcdcf7e6b92023-02-07 15:18:57.758root 11241100x8000000000000000714506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84feefd37411a8c2023-02-07 15:18:57.758root 11241100x8000000000000000714505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7a528f95943f5f2023-02-07 15:18:57.758root 11241100x8000000000000000714504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f77c1ff3cc61ad2023-02-07 15:18:57.758root 11241100x8000000000000000714503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff72277ade5019542023-02-07 15:18:57.758root 11241100x8000000000000000714502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de38893da462f582023-02-07 15:18:57.758root 11241100x8000000000000000714501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.758{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffafbec85470f6a12023-02-07 15:18:57.758root 11241100x8000000000000000714520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262a8a829c801a5c2023-02-07 15:18:57.759root 11241100x8000000000000000714519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd8c453fc6a96182023-02-07 15:18:57.759root 11241100x8000000000000000714518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658df59e1d759f312023-02-07 15:18:57.759root 11241100x8000000000000000714517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d786324c7e0055b82023-02-07 15:18:57.759root 11241100x8000000000000000714516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0634fc2c7eeb61f82023-02-07 15:18:57.759root 11241100x8000000000000000714515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38e52eb359290342023-02-07 15:18:57.759root 11241100x8000000000000000714514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a771b81657f33b2023-02-07 15:18:57.759root 11241100x8000000000000000714513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cea02349cddfac32023-02-07 15:18:57.759root 11241100x8000000000000000714512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a95d0a4ed175e2023-02-07 15:18:57.759root 11241100x8000000000000000714511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1245f4673ed44b2023-02-07 15:18:57.759root 11241100x8000000000000000714510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8011501bb52ebe702023-02-07 15:18:57.759root 11241100x8000000000000000714509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.759{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c34f065a66a1d432023-02-07 15:18:57.759root 11241100x8000000000000000714529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93340eba1acac282023-02-07 15:18:57.760root 11241100x8000000000000000714528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aa8975ea8f7ef02023-02-07 15:18:57.760root 11241100x8000000000000000714527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2499bef25d5570f2023-02-07 15:18:57.760root 11241100x8000000000000000714526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b0a923718e98bc2023-02-07 15:18:57.760root 11241100x8000000000000000714525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0d3f0203e736442023-02-07 15:18:57.760root 11241100x8000000000000000714524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b01556b9c0c12b22023-02-07 15:18:57.760root 11241100x8000000000000000714523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c000909ea40522023-02-07 15:18:57.760root 11241100x8000000000000000714522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62eeaab365700c72023-02-07 15:18:57.760root 11241100x8000000000000000714521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.760{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2503d6b77dac4262023-02-07 15:18:57.760root 11241100x8000000000000000714539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6632eeb1e31cfd2023-02-07 15:18:57.761root 11241100x8000000000000000714538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160b3df6982a26182023-02-07 15:18:57.761root 11241100x8000000000000000714537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fdb7d0bd580f572023-02-07 15:18:57.761root 11241100x8000000000000000714536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6694029348f81b302023-02-07 15:18:57.761root 11241100x8000000000000000714535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c369f6d77575808e2023-02-07 15:18:57.761root 11241100x8000000000000000714534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f497b09e21edf0af2023-02-07 15:18:57.761root 11241100x8000000000000000714533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763f3bec6e66f0d82023-02-07 15:18:57.761root 11241100x8000000000000000714532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd4119d8197f6c72023-02-07 15:18:57.761root 11241100x8000000000000000714531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac1c1f51679da442023-02-07 15:18:57.761root 11241100x8000000000000000714530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.761{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06443394ee8de1742023-02-07 15:18:57.761root 11241100x8000000000000000714548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdd4e3f98fedecb2023-02-07 15:18:57.762root 11241100x8000000000000000714547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785f0afd120b2de42023-02-07 15:18:57.762root 11241100x8000000000000000714546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f6acb3ab69de382023-02-07 15:18:57.762root 11241100x8000000000000000714545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde25a1d5d7d7bd12023-02-07 15:18:57.762root 11241100x8000000000000000714544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e028efd2717ed242023-02-07 15:18:57.762root 11241100x8000000000000000714543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c6075348c080902023-02-07 15:18:57.762root 11241100x8000000000000000714542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60d0ac72d481b5a2023-02-07 15:18:57.762root 11241100x8000000000000000714541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0bbb72b52c7ba42023-02-07 15:18:57.762root 11241100x8000000000000000714540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.762{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3448ab99711787ff2023-02-07 15:18:57.762root 11241100x8000000000000000714555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.763{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2212af5e5c1eada42023-02-07 15:18:57.763root 11241100x8000000000000000714554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.763{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc45b6d4d37446f92023-02-07 15:18:57.763root 11241100x8000000000000000714553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.763{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9cf13bcaa6c88b2023-02-07 15:18:57.763root 11241100x8000000000000000714552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.763{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d4b6935ba7e2702023-02-07 15:18:57.763root 11241100x8000000000000000714551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.763{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a02e6ca14f7ee2023-02-07 15:18:57.763root 11241100x8000000000000000714550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.763{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eee03ddde3eaa72023-02-07 15:18:57.763root 11241100x8000000000000000714549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.763{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50bcc0395b5134e2023-02-07 15:18:57.763root 11241100x8000000000000000714562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.764{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9d0c6899fc2f502023-02-07 15:18:57.764root 11241100x8000000000000000714561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.764{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08302ba9999f1ca82023-02-07 15:18:57.764root 11241100x8000000000000000714560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.764{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fcb2efb2d6bfbb2023-02-07 15:18:57.764root 11241100x8000000000000000714559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.764{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcecbd01c8384db2023-02-07 15:18:57.764root 11241100x8000000000000000714558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.764{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bf02efe378a1022023-02-07 15:18:57.764root 11241100x8000000000000000714557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.764{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838a3cb8c09e58942023-02-07 15:18:57.764root 11241100x8000000000000000714556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.764{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead520ba6b2b567d2023-02-07 15:18:57.764root 11241100x8000000000000000714571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f0a059bcceb6a52023-02-07 15:18:57.765root 11241100x8000000000000000714570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b6c8662dd5c1b2023-02-07 15:18:57.765root 11241100x8000000000000000714569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf643751b30666ee2023-02-07 15:18:57.765root 11241100x8000000000000000714568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41c211637149c622023-02-07 15:18:57.765root 11241100x8000000000000000714567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9720b2480e5e7d2f2023-02-07 15:18:57.765root 11241100x8000000000000000714566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd3bba512db8e572023-02-07 15:18:57.765root 11241100x8000000000000000714565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a39af3b563b2912023-02-07 15:18:57.765root 11241100x8000000000000000714564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cccaa33115eba422023-02-07 15:18:57.765root 11241100x8000000000000000714563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.765{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f193ddf2583d5fad2023-02-07 15:18:57.765root 11241100x8000000000000000714579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73fc84451004aac2023-02-07 15:18:57.766root 11241100x8000000000000000714578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2520c7b0a4e4cb2023-02-07 15:18:57.766root 11241100x8000000000000000714577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe0c7fbf49ba0ab2023-02-07 15:18:57.766root 11241100x8000000000000000714576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41747082f43184d2023-02-07 15:18:57.766root 11241100x8000000000000000714575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a4affbdbb06b132023-02-07 15:18:57.766root 11241100x8000000000000000714574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646aed6d28e08b022023-02-07 15:18:57.766root 11241100x8000000000000000714573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b84ef6fd1a1ed2c2023-02-07 15:18:57.766root 11241100x8000000000000000714572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.766{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a31d50fdd6622d92023-02-07 15:18:57.766root 11241100x8000000000000000714591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78cd30ff00a76762023-02-07 15:18:57.767root 11241100x8000000000000000714590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38464e8b116d4302023-02-07 15:18:57.767root 11241100x8000000000000000714589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b748e695a5ea55d2023-02-07 15:18:57.767root 11241100x8000000000000000714588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9acda85b0949e12023-02-07 15:18:57.767root 11241100x8000000000000000714587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7485ee9a3b3018592023-02-07 15:18:57.767root 11241100x8000000000000000714586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c2a77aa79763792023-02-07 15:18:57.767root 11241100x8000000000000000714585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647ce52f5cc02f402023-02-07 15:18:57.767root 11241100x8000000000000000714584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e404dd7decee052023-02-07 15:18:57.767root 11241100x8000000000000000714583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec0d6980c9a7e962023-02-07 15:18:57.767root 11241100x8000000000000000714582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dde0d54817d0ce2023-02-07 15:18:57.767root 11241100x8000000000000000714581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fc66950e6da4002023-02-07 15:18:57.767root 11241100x8000000000000000714580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.767{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bca4bd625ac36a2023-02-07 15:18:57.767root 11241100x8000000000000000714601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673c526090a16e502023-02-07 15:18:57.768root 11241100x8000000000000000714600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b23e596f8576752023-02-07 15:18:57.768root 11241100x8000000000000000714599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f174ce0196b15e2023-02-07 15:18:57.768root 11241100x8000000000000000714598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf53036e778f0b992023-02-07 15:18:57.768root 11241100x8000000000000000714597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad54529cf572b392023-02-07 15:18:57.768root 11241100x8000000000000000714596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1db5d6ee3b8bcd2023-02-07 15:18:57.768root 11241100x8000000000000000714595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fb537f831fd86b2023-02-07 15:18:57.768root 11241100x8000000000000000714594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb67b816d1f01eb92023-02-07 15:18:57.768root 11241100x8000000000000000714593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb326d301f41bb2023-02-07 15:18:57.768root 11241100x8000000000000000714592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.768{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128963afb6dd3ceb2023-02-07 15:18:57.768root 534500x8000000000000000714651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-6be1-63e2-2030-7b0000000000}6170/usr/bin/python3.6root 11241100x8000000000000000714609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264788e82ae960772023-02-07 15:18:57.769root 11241100x8000000000000000714608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd8bb37f7f753532023-02-07 15:18:57.769root 11241100x8000000000000000714607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e2e13f0efafd252023-02-07 15:18:57.769root 11241100x8000000000000000714606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99bff670649c6002023-02-07 15:18:57.769root 11241100x8000000000000000714605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9913b122da75815b2023-02-07 15:18:57.769root 11241100x8000000000000000714604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec61a1be3975156d2023-02-07 15:18:57.769root 11241100x8000000000000000714603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fa6f6c2568ca742023-02-07 15:18:57.769root 11241100x8000000000000000714602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.769{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879758b446618c492023-02-07 15:18:57.769root 154100x8000000000000000714652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-6be1-63e2-70b1-e8e9e2550000}6171/usr/bin/dpkg-----dpkg --print-foreign-architectures/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-2030-7b0000000000}6169/usr/bin/python3.6/usr/bin/python3root 11241100x8000000000000000714618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d603dc723c8e942023-02-07 15:18:57.770root 11241100x8000000000000000714617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b8a090780312652023-02-07 15:18:57.770root 11241100x8000000000000000714616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35268f5e8d2c7172023-02-07 15:18:57.770root 11241100x8000000000000000714615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1cc864a9fb05472023-02-07 15:18:57.770root 11241100x8000000000000000714614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de1fec2f85e83852023-02-07 15:18:57.770root 11241100x8000000000000000714613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6ed7abf3e42a532023-02-07 15:18:57.770root 11241100x8000000000000000714612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673fbaef4f07c11e2023-02-07 15:18:57.770root 11241100x8000000000000000714611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccff7377dcbb40512023-02-07 15:18:57.770root 11241100x8000000000000000714610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.770{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e22bc8832fb3d822023-02-07 15:18:57.770root 11241100x8000000000000000714628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4f48d371f32e0a2023-02-07 15:18:57.771root 11241100x8000000000000000714627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca286f905c45a932023-02-07 15:18:57.771root 11241100x8000000000000000714626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaab6b6fe8d8cd12023-02-07 15:18:57.771root 11241100x8000000000000000714625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc56163c0527db312023-02-07 15:18:57.771root 11241100x8000000000000000714624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0e9a1f1e4440ec2023-02-07 15:18:57.771root 11241100x8000000000000000714623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b473e4f53ffa16b2023-02-07 15:18:57.771root 11241100x8000000000000000714622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547d452a15d61b7d2023-02-07 15:18:57.771root 11241100x8000000000000000714621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35490b0263f41cc02023-02-07 15:18:57.771root 11241100x8000000000000000714620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c97aaa1a65983302023-02-07 15:18:57.771root 11241100x8000000000000000714619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.771{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c9dd335ba6b1642023-02-07 15:18:57.771root 11241100x8000000000000000714641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35458795c2ef6bc72023-02-07 15:18:57.772root 11241100x8000000000000000714640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23788e111536c5782023-02-07 15:18:57.772root 11241100x8000000000000000714639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f811a958b1213e52023-02-07 15:18:57.772root 11241100x8000000000000000714638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf4282dcc287bdb2023-02-07 15:18:57.772root 11241100x8000000000000000714637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2fca59461c34062023-02-07 15:18:57.772root 11241100x8000000000000000714636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bda42c9cddf7d42023-02-07 15:18:57.772root 11241100x8000000000000000714635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7e30aeb99d78992023-02-07 15:18:57.772root 11241100x8000000000000000714634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba1a8dfba6d6ff52023-02-07 15:18:57.772root 11241100x8000000000000000714633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502d823101974c712023-02-07 15:18:57.772root 11241100x8000000000000000714632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085861a6a749d2812023-02-07 15:18:57.772root 11241100x8000000000000000714631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e035f48756255c72023-02-07 15:18:57.772root 11241100x8000000000000000714630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ab265a27b6835c2023-02-07 15:18:57.772root 11241100x8000000000000000714629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.772{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153e6c3be8d656d82023-02-07 15:18:57.772root 11241100x8000000000000000714644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.773{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bce0bc2bcf73a562023-02-07 15:18:57.773root 11241100x8000000000000000714643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.773{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12b292835f460bb2023-02-07 15:18:57.773root 11241100x8000000000000000714642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.773{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db886f29db64dadd2023-02-07 15:18:57.773root 11241100x8000000000000000714654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3aa003362b8d9f62023-02-07 15:18:57.774root 534500x8000000000000000714653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-6be1-63e2-70b1-e8e9e2550000}6171/usr/bin/dpkgroot 11241100x8000000000000000714650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ea25c67f6907252023-02-07 15:18:57.774root 11241100x8000000000000000714649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e443c77867839b2023-02-07 15:18:57.774root 11241100x8000000000000000714648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1667a4263d765f72023-02-07 15:18:57.774root 11241100x8000000000000000714647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46318d5483d93ba52023-02-07 15:18:57.774root 11241100x8000000000000000714646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4efeebd14041362023-02-07 15:18:57.774root 11241100x8000000000000000714645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.774{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52d8f717dfcff22023-02-07 15:18:57.774root 11241100x8000000000000000714663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f529d5d555b364a2023-02-07 15:18:57.775root 11241100x8000000000000000714662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9eaa5897ac9b002023-02-07 15:18:57.775root 11241100x8000000000000000714661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c389f30ecb0716c72023-02-07 15:18:57.775root 11241100x8000000000000000714660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830faa4f65d935312023-02-07 15:18:57.775root 11241100x8000000000000000714659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a69abc42647f222023-02-07 15:18:57.775root 11241100x8000000000000000714658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bafcb1dc08e57e12023-02-07 15:18:57.775root 11241100x8000000000000000714657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515f5d004e3ecc312023-02-07 15:18:57.775root 11241100x8000000000000000714656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd7980d2621f6f42023-02-07 15:18:57.775root 11241100x8000000000000000714655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.775{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2482a618c873ae72023-02-07 15:18:57.775root 11241100x8000000000000000714673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b2d1cb80595a9e2023-02-07 15:18:57.776root 11241100x8000000000000000714672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08765283e4ffa4a82023-02-07 15:18:57.776root 11241100x8000000000000000714671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b093531af5db422023-02-07 15:18:57.776root 11241100x8000000000000000714670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068116300da96db82023-02-07 15:18:57.776root 11241100x8000000000000000714669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c8fd97db07ec322023-02-07 15:18:57.776root 11241100x8000000000000000714668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4bbb1b22b636512023-02-07 15:18:57.776root 11241100x8000000000000000714667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3025787ec210019a2023-02-07 15:18:57.776root 11241100x8000000000000000714666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8657f7c97840c772023-02-07 15:18:57.776root 11241100x8000000000000000714665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4b25ec557eac352023-02-07 15:18:57.776root 11241100x8000000000000000714664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.776{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577b563cc4bc4fad2023-02-07 15:18:57.776root 11241100x8000000000000000714684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14be8f2007eafe8f2023-02-07 15:18:57.777root 11241100x8000000000000000714683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf883ec92805b2da2023-02-07 15:18:57.777root 11241100x8000000000000000714682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab6644320ec4e502023-02-07 15:18:57.777root 11241100x8000000000000000714681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aca3138d8bd6c2b2023-02-07 15:18:57.777root 11241100x8000000000000000714680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8aa0256c498902023-02-07 15:18:57.777root 11241100x8000000000000000714679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92990b5dfe2ea61c2023-02-07 15:18:57.777root 11241100x8000000000000000714678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd75862668cff49a2023-02-07 15:18:57.777root 11241100x8000000000000000714677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f08b977bbcdc072023-02-07 15:18:57.777root 11241100x8000000000000000714676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e22958ca190ad152023-02-07 15:18:57.777root 11241100x8000000000000000714675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d36a776948b2a72023-02-07 15:18:57.777root 11241100x8000000000000000714674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.777{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ede4ea9fa030c82023-02-07 15:18:57.777root 11241100x8000000000000000714696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7afd9601e44972023-02-07 15:18:57.778root 11241100x8000000000000000714695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aede0a242abcefed2023-02-07 15:18:57.778root 11241100x8000000000000000714694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d287200cfbdc02023-02-07 15:18:57.778root 11241100x8000000000000000714693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fae22ca337d8eb2023-02-07 15:18:57.778root 11241100x8000000000000000714692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d176d5f4fe57551a2023-02-07 15:18:57.778root 11241100x8000000000000000714691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabd043c8e646fdd2023-02-07 15:18:57.778root 11241100x8000000000000000714690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b8850eba6dd58f2023-02-07 15:18:57.778root 11241100x8000000000000000714689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bb22872eadc0cd2023-02-07 15:18:57.778root 11241100x8000000000000000714688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0779e1bd28f9d9d32023-02-07 15:18:57.778root 11241100x8000000000000000714687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b3202ee4c07ccb2023-02-07 15:18:57.778root 11241100x8000000000000000714686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ee99092a0abbfd2023-02-07 15:18:57.778root 11241100x8000000000000000714685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.778{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8747333b0fbe4fbc2023-02-07 15:18:57.778root 11241100x8000000000000000714709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd51c0778ad0d5a2023-02-07 15:18:57.779root 11241100x8000000000000000714708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f032f4b34e3b802023-02-07 15:18:57.779root 11241100x8000000000000000714707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f8c95f5180f9072023-02-07 15:18:57.779root 11241100x8000000000000000714706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c010c06c1687542023-02-07 15:18:57.779root 11241100x8000000000000000714705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303e5d4cc8ed108e2023-02-07 15:18:57.779root 11241100x8000000000000000714704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f49678d6b683722023-02-07 15:18:57.779root 11241100x8000000000000000714703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e43a3b323f1c41c2023-02-07 15:18:57.779root 11241100x8000000000000000714702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a031f2642575392023-02-07 15:18:57.779root 11241100x8000000000000000714701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe90a35e9211d002023-02-07 15:18:57.779root 11241100x8000000000000000714700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe0e9f8f16a19182023-02-07 15:18:57.779root 11241100x8000000000000000714699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4298b55f099317442023-02-07 15:18:57.779root 11241100x8000000000000000714698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef0a27e7203e682023-02-07 15:18:57.779root 11241100x8000000000000000714697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.779{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae40e041dcfd61b2023-02-07 15:18:57.779root 11241100x8000000000000000714725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8ad29434096f052023-02-07 15:18:57.780root 11241100x8000000000000000714724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3805ef7c7acc51362023-02-07 15:18:57.780root 11241100x8000000000000000714723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c431f12a568f3c2f2023-02-07 15:18:57.780root 11241100x8000000000000000714722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dad10ebf47f42d42023-02-07 15:18:57.780root 11241100x8000000000000000714721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23490471a68e6002023-02-07 15:18:57.780root 11241100x8000000000000000714720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7fa4bd20718ff62023-02-07 15:18:57.780root 11241100x8000000000000000714719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9fe9fd79d4dc582023-02-07 15:18:57.780root 11241100x8000000000000000714718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed76f74cf72e4a72023-02-07 15:18:57.780root 11241100x8000000000000000714717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2518d3010f02ec92023-02-07 15:18:57.780root 11241100x8000000000000000714716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384a27c3f0ff7a682023-02-07 15:18:57.780root 11241100x8000000000000000714715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b2bcbc4057b0362023-02-07 15:18:57.780root 11241100x8000000000000000714714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa5f5fe334cfefd2023-02-07 15:18:57.780root 11241100x8000000000000000714713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e219885a9ccbe5142023-02-07 15:18:57.780root 11241100x8000000000000000714712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b3c75dc089e7512023-02-07 15:18:57.780root 11241100x8000000000000000714711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7abd9513f68e72023-02-07 15:18:57.780root 11241100x8000000000000000714710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.780{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba5e7c69e609c252023-02-07 15:18:57.780root 11241100x8000000000000000714733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a13f23a303926e2023-02-07 15:18:57.781root 11241100x8000000000000000714732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2195f19c74810e2023-02-07 15:18:57.781root 11241100x8000000000000000714731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16d23cb187731552023-02-07 15:18:57.781root 11241100x8000000000000000714730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128dc68f9c2e31082023-02-07 15:18:57.781root 11241100x8000000000000000714729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77546aac490a8982023-02-07 15:18:57.781root 11241100x8000000000000000714728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44320a5365ad762023-02-07 15:18:57.781root 11241100x8000000000000000714727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f9e2863dd6d2de2023-02-07 15:18:57.781root 11241100x8000000000000000714726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.781{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db54c456ab26bbf22023-02-07 15:18:57.781root 11241100x8000000000000000714742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11482a46db56f5422023-02-07 15:18:57.782root 11241100x8000000000000000714741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c7e770621760f42023-02-07 15:18:57.782root 11241100x8000000000000000714740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf72f643bfa2bbb2023-02-07 15:18:57.782root 11241100x8000000000000000714739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860e25ff92a737f92023-02-07 15:18:57.782root 11241100x8000000000000000714738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c6f9e5a663fdd62023-02-07 15:18:57.782root 11241100x8000000000000000714737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e086326f49124d542023-02-07 15:18:57.782root 11241100x8000000000000000714736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30188e17e0b50ac2023-02-07 15:18:57.782root 11241100x8000000000000000714735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b3800a24d77ab2023-02-07 15:18:57.782root 11241100x8000000000000000714734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.782{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58dabd0dd5fcf022023-02-07 15:18:57.782root 11241100x8000000000000000714755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982ee7d3e1592de12023-02-07 15:18:57.783root 11241100x8000000000000000714754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4368581bad16be632023-02-07 15:18:57.783root 11241100x8000000000000000714753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9ec2aa6cee1ded2023-02-07 15:18:57.783root 11241100x8000000000000000714752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c224353399aa3242023-02-07 15:18:57.783root 11241100x8000000000000000714751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef60ec98d0fd442a2023-02-07 15:18:57.783root 11241100x8000000000000000714750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf73dee4848d63bb2023-02-07 15:18:57.783root 11241100x8000000000000000714749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018315b67c7506b22023-02-07 15:18:57.783root 11241100x8000000000000000714748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7e0203d2c5af2e2023-02-07 15:18:57.783root 11241100x8000000000000000714747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d227b94e9572cb882023-02-07 15:18:57.783root 11241100x8000000000000000714746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df520d5e8f6d5822023-02-07 15:18:57.783root 11241100x8000000000000000714745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b055035f25def3b2023-02-07 15:18:57.783root 11241100x8000000000000000714744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b073ba5f9037901a2023-02-07 15:18:57.783root 11241100x8000000000000000714743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.783{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6b1c52cb623e182023-02-07 15:18:57.783root 11241100x8000000000000000714761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.784{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9af2a2b065bdc132023-02-07 15:18:57.784root 11241100x8000000000000000714760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.784{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111bbb9c0b03682b2023-02-07 15:18:57.784root 11241100x8000000000000000714759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.784{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590a0912b9b186e22023-02-07 15:18:57.784root 11241100x8000000000000000714758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.784{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b01cfe437dc0ae12023-02-07 15:18:57.784root 11241100x8000000000000000714757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.784{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99239d888fe7930e2023-02-07 15:18:57.784root 11241100x8000000000000000714756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.784{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facfebc3924776142023-02-07 15:18:57.784root 11241100x8000000000000000714772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2272fe0517fef92023-02-07 15:18:57.785root 11241100x8000000000000000714771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e69a84a14ab09312023-02-07 15:18:57.785root 11241100x8000000000000000714770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f7f8c84d2e2d252023-02-07 15:18:57.785root 11241100x8000000000000000714769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575075da16ed4732023-02-07 15:18:57.785root 11241100x8000000000000000714768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa282263f7990e22023-02-07 15:18:57.785root 11241100x8000000000000000714767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17473afe9fb497b2023-02-07 15:18:57.785root 11241100x8000000000000000714766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7996305d182007762023-02-07 15:18:57.785root 11241100x8000000000000000714765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdde087c48e551762023-02-07 15:18:57.785root 11241100x8000000000000000714764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caca914af58b0af2023-02-07 15:18:57.785root 11241100x8000000000000000714763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f127e2bc30619f2023-02-07 15:18:57.785root 11241100x8000000000000000714762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.785{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bdb4e2474b79892023-02-07 15:18:57.785root 11241100x8000000000000000714778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.786{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97ae7ec6af755782023-02-07 15:18:57.786root 11241100x8000000000000000714777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.786{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0a32f7c5419e642023-02-07 15:18:57.786root 11241100x8000000000000000714776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.786{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b261bb3f408ac2612023-02-07 15:18:57.786root 11241100x8000000000000000714775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.786{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcc05de51b254d42023-02-07 15:18:57.786root 11241100x8000000000000000714774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.786{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ae64d282520ab52023-02-07 15:18:57.786root 11241100x8000000000000000714773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.786{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e86cd3b6be468b2023-02-07 15:18:57.786root 11241100x8000000000000000714786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464b88d5d53ea5c42023-02-07 15:18:57.787root 11241100x8000000000000000714785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455166ec82377c9e2023-02-07 15:18:57.787root 11241100x8000000000000000714784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33317e2e888996b2023-02-07 15:18:57.787root 11241100x8000000000000000714783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db86db8861d1fdb2023-02-07 15:18:57.787root 11241100x8000000000000000714782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e8d1a5280a40182023-02-07 15:18:57.787root 11241100x8000000000000000714781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8d98eb48c60ce32023-02-07 15:18:57.787root 11241100x8000000000000000714780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74100e3621b566b72023-02-07 15:18:57.787root 11241100x8000000000000000714779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.787{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df30cf50e3f1f0c2023-02-07 15:18:57.787root 11241100x8000000000000000714793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.788{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5fd95bf22cfad92023-02-07 15:18:57.788root 11241100x8000000000000000714792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.788{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a574e02dd22aed7a2023-02-07 15:18:57.788root 11241100x8000000000000000714791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.788{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7972998f6e285f1d2023-02-07 15:18:57.788root 11241100x8000000000000000714790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.788{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f74294f96a886442023-02-07 15:18:57.788root 11241100x8000000000000000714789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.788{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a2e0d55a7e15f2023-02-07 15:18:57.788root 11241100x8000000000000000714788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.788{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4c1b0fa765c7262023-02-07 15:18:57.788root 11241100x8000000000000000714787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.788{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcac3b0876ecd7522023-02-07 15:18:57.788root 11241100x8000000000000000714804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc117c9a04d580e42023-02-07 15:18:57.789root 11241100x8000000000000000714803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6a1119f22ad3752023-02-07 15:18:57.789root 11241100x8000000000000000714802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf80e63eba21dd12023-02-07 15:18:57.789root 11241100x8000000000000000714801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a01769628b312f2023-02-07 15:18:57.789root 11241100x8000000000000000714800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e714e08b617ded112023-02-07 15:18:57.789root 11241100x8000000000000000714799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd844cff4687d5c2023-02-07 15:18:57.789root 11241100x8000000000000000714798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea744100fef3122023-02-07 15:18:57.789root 11241100x8000000000000000714797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df050080c76de67f2023-02-07 15:18:57.789root 11241100x8000000000000000714796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc482fbe3854111e2023-02-07 15:18:57.789root 11241100x8000000000000000714795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6313e4da66b8232023-02-07 15:18:57.789root 11241100x8000000000000000714794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.789{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fab31924fee488a2023-02-07 15:18:57.789root 11241100x8000000000000000714811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.790{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9f62142f0deaab2023-02-07 15:18:57.790root 11241100x8000000000000000714810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.790{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f4a7d45a8443072023-02-07 15:18:57.790root 11241100x8000000000000000714809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.790{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e8b39f387474302023-02-07 15:18:57.790root 11241100x8000000000000000714808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.790{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3a8c75c92de6da2023-02-07 15:18:57.790root 11241100x8000000000000000714807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.790{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20121952a4e114612023-02-07 15:18:57.790root 11241100x8000000000000000714806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.790{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39837f0ca48371012023-02-07 15:18:57.790root 11241100x8000000000000000714805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.790{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c2257d42753b132023-02-07 15:18:57.790root 11241100x8000000000000000714821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cf68d754c0f7d32023-02-07 15:18:57.791root 11241100x8000000000000000714820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a279e6f7a99ca22023-02-07 15:18:57.791root 11241100x8000000000000000714819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f629b6c29f8eec2023-02-07 15:18:57.791root 11241100x8000000000000000714818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad40b187569166672023-02-07 15:18:57.791root 11241100x8000000000000000714817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d418fa72f27dc4c2023-02-07 15:18:57.791root 11241100x8000000000000000714816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed79e982be7e99f02023-02-07 15:18:57.791root 11241100x8000000000000000714815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d390ff41b6f0e2fa2023-02-07 15:18:57.791root 11241100x8000000000000000714814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d45e3ec70f435512023-02-07 15:18:57.791root 11241100x8000000000000000714813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209f9d8d916a8ba12023-02-07 15:18:57.791root 11241100x8000000000000000714812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.791{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe29403a54ddea2023-02-07 15:18:57.791root 11241100x8000000000000000714831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6f0b3eab0420032023-02-07 15:18:57.792root 11241100x8000000000000000714830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d042dd3cba49e0362023-02-07 15:18:57.792root 11241100x8000000000000000714829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d854c5c55f6d8ea92023-02-07 15:18:57.792root 11241100x8000000000000000714828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c5afc16c3e82e72023-02-07 15:18:57.792root 11241100x8000000000000000714827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d372a0a94f61f82023-02-07 15:18:57.792root 11241100x8000000000000000714826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1744358aee6ce8992023-02-07 15:18:57.792root 11241100x8000000000000000714825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1f33cce5bbe48b2023-02-07 15:18:57.792root 11241100x8000000000000000714824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca2b6c6a8b4ef6d2023-02-07 15:18:57.792root 11241100x8000000000000000714823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8be4f2108c00db2023-02-07 15:18:57.792root 11241100x8000000000000000714822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.792{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff93bd3b7ccda2342023-02-07 15:18:57.792root 11241100x8000000000000000714842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a652a546c303542023-02-07 15:18:57.793root 11241100x8000000000000000714841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552e5ffde85721d2023-02-07 15:18:57.793root 11241100x8000000000000000714840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49f4f588ce16b1b2023-02-07 15:18:57.793root 11241100x8000000000000000714839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972af33ca96fc7c82023-02-07 15:18:57.793root 11241100x8000000000000000714838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b850acd1e375b4562023-02-07 15:18:57.793root 11241100x8000000000000000714837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3c12ae22c5e042023-02-07 15:18:57.793root 11241100x8000000000000000714836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e506d506f0caf392023-02-07 15:18:57.793root 11241100x8000000000000000714835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f5bac9096806bb2023-02-07 15:18:57.793root 11241100x8000000000000000714834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6f4622d76145772023-02-07 15:18:57.793root 11241100x8000000000000000714833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ab623a2e21718d2023-02-07 15:18:57.793root 11241100x8000000000000000714832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.793{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def56ee60ab9b46a2023-02-07 15:18:57.793root 11241100x8000000000000000714849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.794{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb25fcf6b55ec2022023-02-07 15:18:57.794root 11241100x8000000000000000714848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.794{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4edb0122fe17472023-02-07 15:18:57.794root 11241100x8000000000000000714847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.794{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86d804e777e3ca2023-02-07 15:18:57.794root 11241100x8000000000000000714846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.794{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236ea9bcbc1474c52023-02-07 15:18:57.794root 11241100x8000000000000000714845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.794{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e75cdfc4e630cf12023-02-07 15:18:57.794root 11241100x8000000000000000714844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.794{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4825f0047b0387732023-02-07 15:18:57.794root 11241100x8000000000000000714843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.794{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46834b0bfefa9bfc2023-02-07 15:18:57.794root 11241100x8000000000000000714882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.795{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab546df69f0a6a02023-02-07 15:18:57.795root 11241100x8000000000000000714881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.795{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0487100fc6babe2023-02-07 15:18:57.795root 11241100x8000000000000000714880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.795{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ece48e8038a4232023-02-07 15:18:57.795root 11241100x8000000000000000714879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.795{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98159e61c0b02132023-02-07 15:18:57.795root 11241100x8000000000000000714878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.795{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b976bd0008c39822023-02-07 15:18:57.795root 11241100x8000000000000000714877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.795{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091f4dd71708e63e2023-02-07 15:18:57.795root 11241100x8000000000000000714889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.796{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d427350e3e4d2732023-02-07 15:18:57.796root 11241100x8000000000000000714888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.796{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6981711c4d1e3e82023-02-07 15:18:57.796root 11241100x8000000000000000714887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.796{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780f725f85e28e4a2023-02-07 15:18:57.796root 11241100x8000000000000000714886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.796{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b9c369f614ed52023-02-07 15:18:57.796root 11241100x8000000000000000714885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.796{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80d48b6790e81ea2023-02-07 15:18:57.796root 11241100x8000000000000000714884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.796{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39dd8c70f0e7b3c2023-02-07 15:18:57.796root 11241100x8000000000000000714883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.796{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc15227b7586d9de2023-02-07 15:18:57.796root 11241100x8000000000000000714898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74513bb7699875472023-02-07 15:18:57.797root 11241100x8000000000000000714897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2583cda692d2c22023-02-07 15:18:57.797root 11241100x8000000000000000714896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6647e58b49664a2023-02-07 15:18:57.797root 11241100x8000000000000000714895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274fa492f091bf972023-02-07 15:18:57.797root 11241100x8000000000000000714894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b49388fb861e5772023-02-07 15:18:57.797root 11241100x8000000000000000714893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420d6bc73e126ab2023-02-07 15:18:57.797root 11241100x8000000000000000714892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f90a71d4e1e3f2023-02-07 15:18:57.797root 11241100x8000000000000000714891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f4ea74bac8934c2023-02-07 15:18:57.797root 11241100x8000000000000000714890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.797{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020820c731b9c92b2023-02-07 15:18:57.797root 11241100x8000000000000000714904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.798{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997d6e55d6faf9112023-02-07 15:18:57.798root 11241100x8000000000000000714903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.798{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8efeabb9a66973c2023-02-07 15:18:57.798root 11241100x8000000000000000714902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.798{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d414a9143cf8576a2023-02-07 15:18:57.798root 11241100x8000000000000000714901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.798{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3791c4d41778472023-02-07 15:18:57.798root 11241100x8000000000000000714900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.798{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f795e9f1c9f0c52023-02-07 15:18:57.798root 11241100x8000000000000000714899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.798{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02762403ad8d29c2023-02-07 15:18:57.798root 154100x8000000000000000714907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-6be1-63e2-88bb-0f3671550000}6172/bin/mv-----mv /var/lib/update-notifier/tmp.e79xsq8IKD /var/lib/update-notifier/hwe-eol/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 534500x8000000000000000714906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-6be1-63e2-2030-7b0000000000}6169/usr/bin/python3.6root 11241100x8000000000000000714857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ba22506780a77e2023-02-07 15:18:57.799root 11241100x8000000000000000714856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8532703b0978717b2023-02-07 15:18:57.799root 11241100x8000000000000000714855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4672f448ffae082023-02-07 15:18:57.799root 11241100x8000000000000000714854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c2c570fc08a00b2023-02-07 15:18:57.799root 11241100x8000000000000000714853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc77e9e4ba93e62023-02-07 15:18:57.799root 11241100x8000000000000000714852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7139d0be97d202892023-02-07 15:18:57.799root 11241100x8000000000000000714851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ee8cdaca7568802023-02-07 15:18:57.799root 11241100x8000000000000000714850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.799{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8629869d39272f2023-02-07 15:18:57.799root 154100x8000000000000000714910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-6be1-63e2-d0a9-f3a3dd550000}6173/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 534500x8000000000000000714908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-6be1-63e2-88bb-0f3671550000}6172/bin/mvroot 11241100x8000000000000000714871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8c1a91185fc4b82023-02-07 15:18:57.800root 11241100x8000000000000000714870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467fa2cf28275a632023-02-07 15:18:57.800root 11241100x8000000000000000714869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dc2194b5e56a832023-02-07 15:18:57.800root 11241100x8000000000000000714868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02857df3fbc2ad3a2023-02-07 15:18:57.800root 11241100x8000000000000000714867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf344698871803d2023-02-07 15:18:57.800root 11241100x8000000000000000714866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dad7c8bd4eccf292023-02-07 15:18:57.800root 11241100x8000000000000000714865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e167e7da6e7e3e262023-02-07 15:18:57.800root 11241100x8000000000000000714864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3985e188d5f9862023-02-07 15:18:57.800root 11241100x8000000000000000714863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0486cff0ab3e532023-02-07 15:18:57.800root 11241100x8000000000000000714862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c103b189a4740b902023-02-07 15:18:57.800root 11241100x8000000000000000714861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527e0d1d6ebab2332023-02-07 15:18:57.800root 11241100x8000000000000000714860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f50aae573451f72023-02-07 15:18:57.800root 11241100x8000000000000000714859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233ecf812dc0503f2023-02-07 15:18:57.800root 11241100x8000000000000000714858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.800{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62fb68d861ec53c2023-02-07 15:18:57.800root 154100x8000000000000000714974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-6be1-63e2-7043-62cef4550000}6174/bin/rm-----rm -f /var/lib/update-notifier/tmp.e79xsq8IKD/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dash/bin/shroot 11241100x8000000000000000714916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cf526bbf07a4982023-02-07 15:18:57.801root 11241100x8000000000000000714915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13529ceb20947d692023-02-07 15:18:57.801root 11241100x8000000000000000714914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfc1dedcaa0813d2023-02-07 15:18:57.801root 11241100x8000000000000000714913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b82be9c61d9e612023-02-07 15:18:57.801root 534500x8000000000000000714911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-6be1-63e2-d0a9-f3a3dd550000}6173/bin/catroot 11241100x8000000000000000714876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a588da02711a4e612023-02-07 15:18:57.801root 11241100x8000000000000000714875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241edd0db141a3612023-02-07 15:18:57.801root 11241100x8000000000000000714874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a3f8524a6e2cd92023-02-07 15:18:57.801root 11241100x8000000000000000714873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9540181905b13942023-02-07 15:18:57.801root 11241100x8000000000000000714872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.801{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5115bc2dc4cf4b572023-02-07 15:18:57.801root 534500x8000000000000000714975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-6be1-63e2-7043-62cef4550000}6174/bin/rmroot 11241100x8000000000000000714927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c22092821a699ff2023-02-07 15:18:57.802root 11241100x8000000000000000714926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2f64d60910ac602023-02-07 15:18:57.802root 11241100x8000000000000000714925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad972eca60e07d62023-02-07 15:18:57.802root 11241100x8000000000000000714924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8ba5e7107194a92023-02-07 15:18:57.802root 11241100x8000000000000000714923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199fa494ae1023c92023-02-07 15:18:57.802root 11241100x8000000000000000714922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa22dcde41559f12023-02-07 15:18:57.802root 11241100x8000000000000000714921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc15075b6543592023-02-07 15:18:57.802root 11241100x8000000000000000714920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cacae89b5a3b8962023-02-07 15:18:57.802root 11241100x8000000000000000714919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6a71c24d4a4b412023-02-07 15:18:57.802root 11241100x8000000000000000714918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b4733ad1a5500b2023-02-07 15:18:57.802root 11241100x8000000000000000714917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae5deba8cf481d92023-02-07 15:18:57.802root 534500x8000000000000000714912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-6be1-63e2-6892-79fa0f560000}6155/bin/dashroot 154100x8000000000000000714905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.802{ec244aba-6be1-63e2-68f2-971d94550000}6175/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000714977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-6be1-63e2-503c-e33158550000}6177/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6176--- 154100x8000000000000000714976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-6be1-63e2-6882-c8f381550000}6177/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6176--- 11241100x8000000000000000714936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240d210f67b3da3b2023-02-07 15:18:57.803root 11241100x8000000000000000714935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3872051c40ce5c12023-02-07 15:18:57.803root 11241100x8000000000000000714934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fcb58c2c5d96862023-02-07 15:18:57.803root 11241100x8000000000000000714933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428fd83b453df7812023-02-07 15:18:57.803root 11241100x8000000000000000714932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baa0a6d83b9a5952023-02-07 15:18:57.803root 11241100x8000000000000000714931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74504f8ac97c451c2023-02-07 15:18:57.803root 11241100x8000000000000000714930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006dfeb0232f6a162023-02-07 15:18:57.803root 11241100x8000000000000000714929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca08b94ed1a4a5a2023-02-07 15:18:57.803root 11241100x8000000000000000714928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41bea31b687ea862023-02-07 15:18:57.803root 154100x8000000000000000714909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.803{ec244aba-6be1-63e2-18fa-f23703560000}6178/usr/bin/sort-----sort -r/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6176--- 534500x8000000000000000714978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-6be1-63e2-503c-e33158550000}6177/bin/greproot 11241100x8000000000000000714944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b590a9af2e813492023-02-07 15:18:57.804root 11241100x8000000000000000714943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842d855b45c4da62023-02-07 15:18:57.804root 11241100x8000000000000000714942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b215bc3ddb2792e2023-02-07 15:18:57.804root 11241100x8000000000000000714941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b58bb03c3553d2023-02-07 15:18:57.804root 11241100x8000000000000000714940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67e433a277d2912023-02-07 15:18:57.804root 11241100x8000000000000000714939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc755e1fb92bdff2023-02-07 15:18:57.804root 11241100x8000000000000000714938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccc48cbf1ccc6952023-02-07 15:18:57.804root 11241100x8000000000000000714937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.804{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15622038bc6afab92023-02-07 15:18:57.804root 534500x8000000000000000714987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.805{ec244aba-6be1-63e2-18fa-f23703560000}6178/usr/bin/sortroot 534500x8000000000000000714971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.805{ec244aba-6be1-63e2-68f2-971d94550000}6175/bin/dashroot 534500x8000000000000000714970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.805{00000000-0000-0000-0000-000000000000}6176<unknown process>root 11241100x8000000000000000714948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.805{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c4053fed7efef2023-02-07 15:18:57.805root 11241100x8000000000000000714947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.805{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a94eae09c2e8d522023-02-07 15:18:57.805root 11241100x8000000000000000714946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.805{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4900fb25ff98535c2023-02-07 15:18:57.805root 11241100x8000000000000000714945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.805{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a0476286e967b02023-02-07 15:18:57.805root 154100x8000000000000000714980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-6be1-63e2-68a2-77cb38560000}6179/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000714979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-6be1-63e2-6892-51f651560000}6179/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 11241100x8000000000000000714955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868009155c2b1c6d2023-02-07 15:18:57.806root 11241100x8000000000000000714954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dd203fc64632a82023-02-07 15:18:57.806root 11241100x8000000000000000714953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fa8dd56b81eda72023-02-07 15:18:57.806root 11241100x8000000000000000714952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90dc4eed2f33d922023-02-07 15:18:57.806root 11241100x8000000000000000714951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde78a0f95276cd02023-02-07 15:18:57.806root 11241100x8000000000000000714950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20767261351652b2023-02-07 15:18:57.806root 11241100x8000000000000000714949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.806{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fef5d6167551772023-02-07 15:18:57.806root 154100x8000000000000000714981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-6be1-63e2-88c4-b1adf1550000}6180/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-77cb38560000}6179/bin/dash/bin/shroot 11241100x8000000000000000714963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e76fc4f23ab10512023-02-07 15:18:57.807root 11241100x8000000000000000714962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88915e76569cf64d2023-02-07 15:18:57.807root 11241100x8000000000000000714961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69935ef2300485212023-02-07 15:18:57.807root 11241100x8000000000000000714960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa394440be3f6992023-02-07 15:18:57.807root 11241100x8000000000000000714959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1a5d2e4a9e42962023-02-07 15:18:57.807root 11241100x8000000000000000714958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561b4a036b0d6bc72023-02-07 15:18:57.807root 11241100x8000000000000000714957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f6e5f63801c6262023-02-07 15:18:57.807root 11241100x8000000000000000714956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.807{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6e234b1b60fd702023-02-07 15:18:57.807root 154100x8000000000000000714983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-6be1-63e2-f05c-68ee96550000}6182/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-084f-670bfe550000}6181/bin/datedateroot 534500x8000000000000000714982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-6be1-63e2-88c4-b1adf1550000}6180/usr/bin/statroot 154100x8000000000000000714972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-6be1-63e2-084f-670bfe550000}6181/bin/date-----date -d now - 15223.79 seconds +%s/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6179--- 11241100x8000000000000000714969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b9c276f52c8d12023-02-07 15:18:57.808root 11241100x8000000000000000714968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e99ee5377c2302023-02-07 15:18:57.808root 11241100x8000000000000000714967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5cf8f6902958a52023-02-07 15:18:57.808root 11241100x8000000000000000714966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e74a4a0fa6ce22023-02-07 15:18:57.808root 11241100x8000000000000000714965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a26460cc46f8df72023-02-07 15:18:57.808root 11241100x8000000000000000714964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.808{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639798316d58a2e2023-02-07 15:18:57.808root 534500x8000000000000000714984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.809{ec244aba-6be1-63e2-f05c-68ee96550000}6182/usr/bin/gawkroot 154100x8000000000000000714985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.810{ec244aba-6be1-63e2-089f-8a6073550000}6183/bin/date-----date +%s/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-77cb38560000}6179/bin/dash/bin/shroot 534500x8000000000000000714973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.810{ec244aba-6be1-63e2-084f-670bfe550000}6181/bin/dateroot 534500x8000000000000000714986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.811{ec244aba-6be1-63e2-089f-8a6073550000}6183/bin/dateroot 154100x8000000000000000714989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.812{ec244aba-6be1-63e2-a8d2-c28517560000}6185/bin/mount-----mount/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6184--- 154100x8000000000000000714988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.812{ec244aba-6be1-63e2-f04c-a3b856550000}6186/usr/bin/gawk-----awk $5 ~ /^ext(2|3|4)$/ { print $1 }/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6184--- 534500x8000000000000000714990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.813{ec244aba-6be1-63e2-a8d2-c28517560000}6185/bin/mountroot 154100x8000000000000000714993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.814{ec244aba-6be1-63e2-686e-b20e2e560000}6187/sbin/dumpe2fs-----dumpe2fs -h /dev/nvme0n1p1/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-77cb38560000}6179/bin/dash/bin/shroot 534500x8000000000000000714992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.814{00000000-0000-0000-0000-000000000000}6184<unknown process>root 534500x8000000000000000714991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.814{ec244aba-6be1-63e2-f04c-a3b856550000}6186/usr/bin/gawkroot 924900x8000000000000000714994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.815{ec244aba-6be1-63e2-686e-b20e2e560000}6187/sbin/dumpe2fs/dev/nvme0n1p1root 154100x8000000000000000714998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.816{ec244aba-6be1-63e2-b8a0-ba6b44560000}6191/usr/bin/cut-----cut -d: -f 2-/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6188--- 154100x8000000000000000714997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.816{ec244aba-6be1-63e2-505c-07a4fe550000}6190/bin/grep-----grep ^Mount count:/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6188--- 534500x8000000000000000714996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.816{ec244aba-6be1-63e2-0000-000000000000}6189-root 534500x8000000000000000714995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.816{ec244aba-6be1-63e2-686e-b20e2e560000}6187/sbin/dumpe2fsroot 534500x8000000000000000715001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.817{00000000-0000-0000-0000-000000000000}6188<unknown process>root 534500x8000000000000000715000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.817{ec244aba-6be1-63e2-b8a0-ba6b44560000}6191/usr/bin/cutroot 534500x8000000000000000714999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.817{ec244aba-6be1-63e2-505c-07a4fe550000}6190/bin/greproot 154100x8000000000000000715004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.818{ec244aba-6be1-63e2-b8a0-d5cab1550000}6195/usr/bin/cut-----cut -d: -f 2-/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6192--- 154100x8000000000000000715003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.818{ec244aba-6be1-63e2-509c-d0d4df550000}6194/bin/grep-----grep ^Maximum mount count:/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6192--- 534500x8000000000000000715002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.818{ec244aba-6be1-63e2-0000-000000000000}6193-root 154100x8000000000000000715012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.819{ec244aba-6be1-63e2-b810-b70159550000}6199/usr/bin/cut-----cut -d: -f 2-/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6196--- 154100x8000000000000000715009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.819{ec244aba-6be1-63e2-50fc-3ba975550000}6198/bin/grep-----grep ^Check interval:/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6196--- 534500x8000000000000000715008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.819{ec244aba-6be1-63e2-0000-000000000000}6197-root 534500x8000000000000000715007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.819{00000000-0000-0000-0000-000000000000}6192<unknown process>root 534500x8000000000000000715006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.819{ec244aba-6be1-63e2-b8a0-d5cab1550000}6195/usr/bin/cutroot 534500x8000000000000000715005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.819{ec244aba-6be1-63e2-509c-d0d4df550000}6194/bin/greproot 534500x8000000000000000715011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.820{ec244aba-6be1-63e2-50fc-3ba975550000}6198/bin/greproot 154100x8000000000000000715010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.820{ec244aba-6be1-63e2-b850-400bf4550000}6200/usr/bin/cut-----cut -d( -f 1/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6196--- 534500x8000000000000000715015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.821{ec244aba-6be1-63e2-0000-000000000000}6196-root 534500x8000000000000000715014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.821{ec244aba-6be1-63e2-b850-400bf4550000}6200/usr/bin/cutroot 534500x8000000000000000715013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.821{ec244aba-6be1-63e2-b810-b70159550000}6199/usr/bin/cutroot 154100x8000000000000000715018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.822{ec244aba-6be1-63e2-b8a0-d7d791550000}6204/usr/bin/cut-----cut -d: -f 2-/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6201--- 154100x8000000000000000715017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.822{ec244aba-6be1-63e2-500c-f0ce25560000}6203/bin/grep-----grep ^Next check after:/root{ec244aba-0000-0000-0000-000000000000}09no level-{00000000-0000-0000-0000-000000000000}6201--- 534500x8000000000000000715016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.822{ec244aba-6be1-63e2-0000-000000000000}6202-root 154100x8000000000000000715022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.823{ec244aba-6be1-63e2-082f-b98311560000}6205/bin/date-----date -d +%s/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-77cb38560000}6179/bin/dash/bin/shroot 534500x8000000000000000715021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.823{ec244aba-6be1-63e2-0000-000000000000}6201-root 534500x8000000000000000715020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.823{ec244aba-6be1-63e2-b8a0-d7d791550000}6204/usr/bin/cutroot 534500x8000000000000000715019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.823{ec244aba-6be1-63e2-500c-f0ce25560000}6203/bin/greproot 534500x8000000000000000715026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.824{ec244aba-6be1-63e2-68a2-77cb38560000}6179/bin/dashroot 534500x8000000000000000715025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.824{ec244aba-6be1-63e2-d079-b50155560000}6206/bin/catroot 154100x8000000000000000715024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.824{ec244aba-6be1-63e2-d079-b50155560000}6206/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-68a2-77cb38560000}6179/bin/dash/bin/shroot 534500x8000000000000000715023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.824{ec244aba-6be1-63e2-082f-b98311560000}6205/bin/dateroot 154100x8000000000000000715028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.825{ec244aba-6be1-63e2-68c2-f7441a560000}6207/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 154100x8000000000000000715027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.825{ec244aba-6be1-63e2-6832-526dd8550000}6207/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec244aba-0000-0000-0000-000000000000}09no level-{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsrun-partsroot 534500x8000000000000000715031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.826{ec244aba-6be1-63e2-6872-c940fc550000}6117/bin/dashroot 534500x8000000000000000715030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.826{ec244aba-6be1-63e2-38da-16d835560000}6118/bin/run-partsroot 534500x8000000000000000715029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.826{ec244aba-6be1-63e2-68c2-f7441a560000}6207/bin/dashroot 154100x8000000000000000715032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.882{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash------bash/home/ubuntuubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6208--- 154100x8000000000000000715033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.887{ec244aba-6be1-63e2-88ee-4e97cb550000}6211/usr/bin/locale-check-----/usr/bin/locale-check C.UTF-8/home/ubuntuubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6210--- 534500x8000000000000000715035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.889{ec244aba-6be1-63e2-0000-000000000000}6210-ubuntu 534500x8000000000000000715034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.889{ec244aba-6be1-63e2-88ee-4e97cb550000}6211/usr/bin/locale-checkubuntu 154100x8000000000000000715036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.891{ec244aba-6be1-63e2-30f0-a912eb550000}6212/usr/bin/locale-----locale/home/ubuntuubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 534500x8000000000000000715037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.893{ec244aba-6be1-63e2-30f0-a912eb550000}6212/usr/bin/localeubuntu 534500x8000000000000000715038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.894{ec244aba-6be1-63e2-0000-000000000000}6213-ubuntu 154100x8000000000000000715039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.920{ec244aba-6be1-63e2-6892-c184c4550000}6215/bin/dash-----/bin/sh /usr/bin/lesspipe/home/ubuntuubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6214--- 154100x8000000000000000715040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.922{ec244aba-6be1-63e2-e8ab-d33151560000}6216/usr/bin/basename-----basename /usr/bin/lesspipe/home/ubuntuubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-6892-c184c4550000}6215/bin/dash/bin/shubuntu 154100x8000000000000000715042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.923{ec244aba-6be1-63e2-e818-5ad8b0550000}6218/usr/bin/dirname-----dirname /usr/bin/lesspipe/home/ubuntuubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6217--- 534500x8000000000000000715041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.923{ec244aba-6be1-63e2-e8ab-d33151560000}6216/usr/bin/basenameubuntu 534500x8000000000000000715045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.924{ec244aba-6be1-63e2-6892-c184c4550000}6215/bin/dashubuntu 534500x8000000000000000715044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.924{00000000-0000-0000-0000-000000000000}6217<unknown process>ubuntu 534500x8000000000000000715043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.924{ec244aba-6be1-63e2-e818-5ad8b0550000}6218/usr/bin/dirnameubuntu 534500x8000000000000000715046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.925{00000000-0000-0000-0000-000000000000}6214<unknown process>ubuntu 154100x8000000000000000715047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.926{ec244aba-6be1-63e2-4899-6035dc550000}6220/usr/bin/dircolors-----dircolors -b/home/ubuntuubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6219--- 534500x8000000000000000715049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.928{ec244aba-6be1-63e2-0000-000000000000}6219-ubuntu 534500x8000000000000000715048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:57.928{ec244aba-6be1-63e2-4899-6035dc550000}6220/usr/bin/dircolorsubuntu 11241100x8000000000000000715051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3a3f2548e0bce62023-02-07 15:18:58.095root 11241100x8000000000000000715050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a87b49c38d56082023-02-07 15:18:58.095root 11241100x8000000000000000715057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2b7f2097d265192023-02-07 15:18:58.096root 11241100x8000000000000000715056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e2f56efa5fac2b2023-02-07 15:18:58.096root 11241100x8000000000000000715055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7308209e783b932023-02-07 15:18:58.096root 11241100x8000000000000000715054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97909df1037535e62023-02-07 15:18:58.096root 11241100x8000000000000000715053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52bfe6c532f16c02023-02-07 15:18:58.096root 11241100x8000000000000000715052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78116936650512862023-02-07 15:18:58.096root 11241100x8000000000000000715061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b14176aebb3290b2023-02-07 15:18:58.097root 11241100x8000000000000000715060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcb74f71f0bc0912023-02-07 15:18:58.097root 11241100x8000000000000000715059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc4b2e4bfb5563a2023-02-07 15:18:58.097root 11241100x8000000000000000715058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae97a5219767eb92023-02-07 15:18:58.097root 11241100x8000000000000000715065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8863537251499912023-02-07 15:18:58.098root 11241100x8000000000000000715064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea953c21ec5bdfd2023-02-07 15:18:58.098root 11241100x8000000000000000715063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc799703fb21e322023-02-07 15:18:58.098root 11241100x8000000000000000715062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0582cb72488bb902023-02-07 15:18:58.098root 11241100x8000000000000000715066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098a978a8d13eb822023-02-07 15:18:58.099root 11241100x8000000000000000715070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b028e63af84a69422023-02-07 15:18:58.100root 11241100x8000000000000000715069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aea9ad2d7e0ff32023-02-07 15:18:58.100root 11241100x8000000000000000715068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec20078a39314452023-02-07 15:18:58.100root 11241100x8000000000000000715067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bd983ec434054d2023-02-07 15:18:58.100root 11241100x8000000000000000715073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9749f2f804d5d34f2023-02-07 15:18:58.101root 11241100x8000000000000000715072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bf3faff81f1b742023-02-07 15:18:58.101root 11241100x8000000000000000715071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed58d636edce7ae32023-02-07 15:18:58.101root 11241100x8000000000000000715076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9726f5e3801b57662023-02-07 15:18:58.102root 11241100x8000000000000000715075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3a874b8a7665642023-02-07 15:18:58.102root 11241100x8000000000000000715074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3111799e1f1b49b62023-02-07 15:18:58.102root 11241100x8000000000000000715081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6e00736be51f3c2023-02-07 15:18:58.103root 11241100x8000000000000000715080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3443cfde5ac58d122023-02-07 15:18:58.103root 11241100x8000000000000000715079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a7ac2820a86d7a2023-02-07 15:18:58.103root 11241100x8000000000000000715078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c99da466b2f7fc12023-02-07 15:18:58.103root 11241100x8000000000000000715077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da931d4d38b83d92023-02-07 15:18:58.103root 11241100x8000000000000000715086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadb04467d4970d62023-02-07 15:18:58.104root 11241100x8000000000000000715085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bb0435b837d1352023-02-07 15:18:58.104root 11241100x8000000000000000715084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1904fd2c0aa034f2023-02-07 15:18:58.104root 11241100x8000000000000000715083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5088a5c34f9c955e2023-02-07 15:18:58.104root 11241100x8000000000000000715082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f598f488eb8c7d2023-02-07 15:18:58.104root 11241100x8000000000000000715091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2400ef51a7e0872023-02-07 15:18:58.105root 11241100x8000000000000000715090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b2b357232476672023-02-07 15:18:58.105root 11241100x8000000000000000715089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da93cba0b6b87ad02023-02-07 15:18:58.105root 11241100x8000000000000000715088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8798171de2881e1b2023-02-07 15:18:58.105root 11241100x8000000000000000715087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecbb900713696192023-02-07 15:18:58.105root 11241100x8000000000000000715092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1a33d9a1a87b9e2023-02-07 15:18:58.106root 11241100x8000000000000000715094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c1bbc078df0852023-02-07 15:18:58.107root 11241100x8000000000000000715093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.107{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86430112c33a14402023-02-07 15:18:58.107root 11241100x8000000000000000715097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24881da84a67a13d2023-02-07 15:18:58.108root 11241100x8000000000000000715096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8169fe5c1c2e56852023-02-07 15:18:58.108root 11241100x8000000000000000715095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.108{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a909c9dc9ca4318b2023-02-07 15:18:58.108root 11241100x8000000000000000715100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.109{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03251776975cc0d2023-02-07 15:18:58.109root 11241100x8000000000000000715099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.109{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f0ba8ac313b0fd2023-02-07 15:18:58.109root 11241100x8000000000000000715098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.109{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adac5178d00fa5ea2023-02-07 15:18:58.109root 11241100x8000000000000000715104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.110{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feabc163facd258e2023-02-07 15:18:58.110root 11241100x8000000000000000715103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.110{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e879a7b8a9802cb2023-02-07 15:18:58.110root 11241100x8000000000000000715102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.110{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6927ca746c31f82023-02-07 15:18:58.110root 11241100x8000000000000000715101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.110{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc264c18113be682023-02-07 15:18:58.110root 11241100x8000000000000000715105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.111{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc04163276935772023-02-07 15:18:58.111root 11241100x8000000000000000715109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.115{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b199d8a6a5f253e32023-02-07 15:18:58.115root 11241100x8000000000000000715108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.115{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1620c721d2810102023-02-07 15:18:58.115root 11241100x8000000000000000715107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.115{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4555dd1ac17330b2023-02-07 15:18:58.115root 11241100x8000000000000000715106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.115{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b290f9f9340dba92023-02-07 15:18:58.115root 11241100x8000000000000000715111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f35f2bd674ffbc72023-02-07 15:18:58.116root 11241100x8000000000000000715110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.116{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50efc16acd57c6bf2023-02-07 15:18:58.116root 11241100x8000000000000000715112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.117{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0724c96ea4677672023-02-07 15:18:58.117root 11241100x8000000000000000715115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9b858f8a0eba252023-02-07 15:18:58.118root 11241100x8000000000000000715114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0657804db3f312d42023-02-07 15:18:58.118root 11241100x8000000000000000715113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d633ee629fbb19d2023-02-07 15:18:58.118root 11241100x8000000000000000715120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6a05f195b012fd2023-02-07 15:18:58.119root 11241100x8000000000000000715119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08fddb78b1543b2023-02-07 15:18:58.119root 11241100x8000000000000000715118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d2f1db401f8a62023-02-07 15:18:58.119root 11241100x8000000000000000715117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93208db532c1d0422023-02-07 15:18:58.119root 11241100x8000000000000000715116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a7e838416d7f7e2023-02-07 15:18:58.119root 11241100x8000000000000000715123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98018902247170f22023-02-07 15:18:58.120root 11241100x8000000000000000715122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1716c4e4be294e682023-02-07 15:18:58.120root 11241100x8000000000000000715121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.120{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3222abb22e1cb372023-02-07 15:18:58.120root 11241100x8000000000000000715125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.121{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9523540c2bbe1af42023-02-07 15:18:58.121root 11241100x8000000000000000715124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.121{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49fc9b2bed5277c2023-02-07 15:18:58.121root 11241100x8000000000000000715127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.122{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3088b6d5bce4e51b2023-02-07 15:18:58.122root 11241100x8000000000000000715126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.122{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfab8c500cb882b2023-02-07 15:18:58.122root 11241100x8000000000000000715130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.123{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5497597393b14e9a2023-02-07 15:18:58.123root 11241100x8000000000000000715129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.123{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69661bf8c4be6c362023-02-07 15:18:58.123root 11241100x8000000000000000715128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.123{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d122890912005fbc2023-02-07 15:18:58.123root 11241100x8000000000000000715131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.124{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0fec40094398b82023-02-07 15:18:58.124root 11241100x8000000000000000715134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.126{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c17ae686ea4c992023-02-07 15:18:58.126root 11241100x8000000000000000715133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.126{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894f4a312962a4ac2023-02-07 15:18:58.126root 11241100x8000000000000000715132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.126{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e84c96394768a8f2023-02-07 15:18:58.126root 11241100x8000000000000000715136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea136d39284d09d62023-02-07 15:18:58.127root 11241100x8000000000000000715135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.127{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc02591ef846f7b92023-02-07 15:18:58.127root 11241100x8000000000000000715137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.128{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d271771101793c22023-02-07 15:18:58.128root 11241100x8000000000000000715139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62965ed7219fc4272023-02-07 15:18:58.132root 11241100x8000000000000000715138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa00002831e072b2023-02-07 15:18:58.132root 11241100x8000000000000000715143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d5e8d77f0d7ae42023-02-07 15:18:58.133root 11241100x8000000000000000715142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb85207c4b869642023-02-07 15:18:58.133root 11241100x8000000000000000715141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026899f1be8078942023-02-07 15:18:58.133root 11241100x8000000000000000715140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c153f3a257c0b6892023-02-07 15:18:58.133root 11241100x8000000000000000715148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85242333bfab33082023-02-07 15:18:58.134root 11241100x8000000000000000715147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6975e26eddb8b3182023-02-07 15:18:58.134root 11241100x8000000000000000715146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd347a8258838cc2023-02-07 15:18:58.134root 11241100x8000000000000000715145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fbd6bea261be8d2023-02-07 15:18:58.134root 11241100x8000000000000000715144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51734435a77f7532023-02-07 15:18:58.134root 11241100x8000000000000000715153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.135{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d5b4048f79638c2023-02-07 15:18:58.135root 11241100x8000000000000000715152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.135{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a73e592e5529832023-02-07 15:18:58.135root 11241100x8000000000000000715151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.135{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c89ad797bfe94432023-02-07 15:18:58.135root 11241100x8000000000000000715150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.135{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a11793ba645cfa22023-02-07 15:18:58.135root 11241100x8000000000000000715149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.135{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d655a2e105143852023-02-07 15:18:58.135root 11241100x8000000000000000715155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d300abc28fc0bd2023-02-07 15:18:58.136root 11241100x8000000000000000715154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.136{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32647b38a116ce32023-02-07 15:18:58.136root 11241100x8000000000000000715158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66245c0c359e99eb2023-02-07 15:18:58.138root 11241100x8000000000000000715157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5132f2ba71cdf34d2023-02-07 15:18:58.138root 11241100x8000000000000000715156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.138{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac9a4be4723cef22023-02-07 15:18:58.138root 11241100x8000000000000000715160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce732ea912eac0d2023-02-07 15:18:58.139root 11241100x8000000000000000715159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.139{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68447ef0166409652023-02-07 15:18:58.139root 11241100x8000000000000000715161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.140{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46775bc970e03cd52023-02-07 15:18:58.140root 11241100x8000000000000000715163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.141{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbc4e4a13ab82622023-02-07 15:18:58.141root 11241100x8000000000000000715162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.141{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c47648799ee7692023-02-07 15:18:58.141root 11241100x8000000000000000715164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.142{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8881e21f29a71eb82023-02-07 15:18:58.142root 11241100x8000000000000000715166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.143{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1309763496e4bc12023-02-07 15:18:58.143root 11241100x8000000000000000715165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.143{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae44eb92e48daa3e2023-02-07 15:18:58.143root 11241100x8000000000000000715167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.144{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e16f207fb020722023-02-07 15:18:58.144root 11241100x8000000000000000715173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.145{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1826220ede3b8cd52023-02-07 15:18:58.145root 11241100x8000000000000000715172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.145{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300a417b68099a912023-02-07 15:18:58.145root 11241100x8000000000000000715171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.145{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2769642ca0fa4bbe2023-02-07 15:18:58.145root 11241100x8000000000000000715170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.145{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ad27cee7585f622023-02-07 15:18:58.145root 11241100x8000000000000000715169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.145{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91bbf601abad4442023-02-07 15:18:58.145root 11241100x8000000000000000715168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.145{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af19d35205e8dfb52023-02-07 15:18:58.145root 11241100x8000000000000000715177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.146{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd5d4f72d62a1f92023-02-07 15:18:58.146root 11241100x8000000000000000715176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.146{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989c2eb84d27d9fe2023-02-07 15:18:58.146root 11241100x8000000000000000715175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.146{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f73a6e1e79db68f2023-02-07 15:18:58.146root 11241100x8000000000000000715174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.146{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de9a08e36ac1ec2023-02-07 15:18:58.146root 11241100x8000000000000000715183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.147{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06463ec0ddec81692023-02-07 15:18:58.147root 11241100x8000000000000000715182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.147{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93f2f7743b6e44e2023-02-07 15:18:58.147root 11241100x8000000000000000715181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.147{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594a0703954a30772023-02-07 15:18:58.147root 11241100x8000000000000000715180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.147{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2951b17ccf1fa6e2023-02-07 15:18:58.147root 11241100x8000000000000000715179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.147{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a84a4e633de1cdc2023-02-07 15:18:58.147root 11241100x8000000000000000715178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.147{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5a0c2f384523202023-02-07 15:18:58.147root 11241100x8000000000000000715189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43365e46f29380192023-02-07 15:18:58.148root 11241100x8000000000000000715188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505ef03a10e8e2f82023-02-07 15:18:58.148root 11241100x8000000000000000715187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520481b68f6506642023-02-07 15:18:58.148root 11241100x8000000000000000715186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fd3d673fa4529d2023-02-07 15:18:58.148root 11241100x8000000000000000715185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f22d54b56ed87f2023-02-07 15:18:58.148root 11241100x8000000000000000715184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55495a9f3130b6be2023-02-07 15:18:58.148root 11241100x8000000000000000715194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb5795a5af0eb4e2023-02-07 15:18:58.149root 11241100x8000000000000000715193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ace4ee55ed6b32023-02-07 15:18:58.149root 11241100x8000000000000000715192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49f95b8d298af502023-02-07 15:18:58.149root 11241100x8000000000000000715191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01008a140ce7cd2d2023-02-07 15:18:58.149root 11241100x8000000000000000715190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d186e6b52828b152023-02-07 15:18:58.149root 11241100x8000000000000000715199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19029cb4f6d4eac72023-02-07 15:18:58.150root 11241100x8000000000000000715198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede60756c04565692023-02-07 15:18:58.150root 11241100x8000000000000000715197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eef96d8be9ed8412023-02-07 15:18:58.150root 11241100x8000000000000000715196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432388d7a23f3c732023-02-07 15:18:58.150root 11241100x8000000000000000715195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.150{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88673ac75980722c2023-02-07 15:18:58.150root 11241100x8000000000000000715202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.151{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e31d398da1bad4f2023-02-07 15:18:58.151root 11241100x8000000000000000715201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.151{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b269829226a03362023-02-07 15:18:58.151root 11241100x8000000000000000715200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.151{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b79cf6b9adc953b2023-02-07 15:18:58.151root 11241100x8000000000000000715207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.152{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde8cf56f4b439452023-02-07 15:18:58.152root 11241100x8000000000000000715206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.152{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd57b60b44cd1d072023-02-07 15:18:58.152root 11241100x8000000000000000715205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.152{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c526fe0dc462056a2023-02-07 15:18:58.152root 11241100x8000000000000000715204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.152{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b35b3e4e4a3ff22023-02-07 15:18:58.152root 11241100x8000000000000000715203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.152{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dd7cd5fc2da8972023-02-07 15:18:58.152root 11241100x8000000000000000715213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.153{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08360ae348d41a42023-02-07 15:18:58.153root 11241100x8000000000000000715212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.153{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f16c7dad3618ee2023-02-07 15:18:58.153root 11241100x8000000000000000715211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.153{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38477a23fbd48982023-02-07 15:18:58.153root 11241100x8000000000000000715210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.153{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db51cffe466b30262023-02-07 15:18:58.153root 11241100x8000000000000000715209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.153{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8c767e60b9e0552023-02-07 15:18:58.153root 11241100x8000000000000000715208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.153{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5138a9215655fb2023-02-07 15:18:58.153root 11241100x8000000000000000715216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.154{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d52310ab150ca632023-02-07 15:18:58.154root 11241100x8000000000000000715215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.154{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa967585219dd1002023-02-07 15:18:58.154root 11241100x8000000000000000715214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.154{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abb3142ef25abfd2023-02-07 15:18:58.154root 11241100x8000000000000000715221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.155{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f8f0ce14a7fa522023-02-07 15:18:58.155root 11241100x8000000000000000715220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.155{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d65d448bfadd772023-02-07 15:18:58.155root 11241100x8000000000000000715219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.155{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039f6d376721e8382023-02-07 15:18:58.155root 11241100x8000000000000000715218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.155{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc213e0425cf10fd2023-02-07 15:18:58.155root 11241100x8000000000000000715217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.155{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1ca5e802d29dbf2023-02-07 15:18:58.155root 11241100x8000000000000000715225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.156{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eea47020da75972023-02-07 15:18:58.156root 11241100x8000000000000000715224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.156{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d839065214cf82352023-02-07 15:18:58.156root 11241100x8000000000000000715223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.156{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33e2afe8383c45c2023-02-07 15:18:58.156root 11241100x8000000000000000715222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.156{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3005822ee559f74c2023-02-07 15:18:58.156root 11241100x8000000000000000715231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.157{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfc162dc87e92162023-02-07 15:18:58.157root 11241100x8000000000000000715230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.157{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711bc539bb4cdd872023-02-07 15:18:58.157root 11241100x8000000000000000715229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.157{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528c4445a707d27e2023-02-07 15:18:58.157root 11241100x8000000000000000715228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.157{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c695965c41f1dc812023-02-07 15:18:58.157root 11241100x8000000000000000715227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.157{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007803f9fe0692cd2023-02-07 15:18:58.157root 11241100x8000000000000000715226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.157{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883135e52f3d5d9d2023-02-07 15:18:58.157root 11241100x8000000000000000715236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.158{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ca684811e9febc2023-02-07 15:18:58.158root 11241100x8000000000000000715235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.158{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314921a9c15b43862023-02-07 15:18:58.158root 11241100x8000000000000000715234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.158{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077b239d8e8141462023-02-07 15:18:58.158root 11241100x8000000000000000715233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.158{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c7ce1c146b53872023-02-07 15:18:58.158root 11241100x8000000000000000715232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.158{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a0a31e3d33da2a2023-02-07 15:18:58.158root 11241100x8000000000000000715242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.159{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bf8ff57f313d0a2023-02-07 15:18:58.159root 11241100x8000000000000000715241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.159{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccf777d43679b672023-02-07 15:18:58.159root 11241100x8000000000000000715240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.159{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6849c2754f76f0c72023-02-07 15:18:58.159root 11241100x8000000000000000715239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.159{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cba55cb999db8e2023-02-07 15:18:58.159root 11241100x8000000000000000715238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.159{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5062f17f4b9a4b12023-02-07 15:18:58.159root 11241100x8000000000000000715237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.159{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912b650b6d01a852023-02-07 15:18:58.159root 11241100x8000000000000000715246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75621c0e16775dd12023-02-07 15:18:58.160root 11241100x8000000000000000715245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbbb58f91e6a26e2023-02-07 15:18:58.160root 11241100x8000000000000000715244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cc68a1e03a8ea52023-02-07 15:18:58.160root 11241100x8000000000000000715243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb9ce86ecc968f92023-02-07 15:18:58.160root 11241100x8000000000000000715253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.161{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f83b721a1322ed72023-02-07 15:18:58.161root 11241100x8000000000000000715252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.161{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5727df84c6e0be412023-02-07 15:18:58.161root 11241100x8000000000000000715251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.161{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0a4eb18fd8f5e2023-02-07 15:18:58.161root 11241100x8000000000000000715250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.161{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4774eaf8fbebc2a2023-02-07 15:18:58.161root 11241100x8000000000000000715249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.161{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7251fd72f74ee92023-02-07 15:18:58.161root 11241100x8000000000000000715248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.161{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965d13f57623ce6a2023-02-07 15:18:58.161root 11241100x8000000000000000715247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.161{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5be55b1f3cc4a2023-02-07 15:18:58.161root 11241100x8000000000000000715258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.162{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0393f6050849177d2023-02-07 15:18:58.162root 11241100x8000000000000000715257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.162{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7848eba1bca695072023-02-07 15:18:58.162root 11241100x8000000000000000715256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.162{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd980485c43fa1af2023-02-07 15:18:58.162root 11241100x8000000000000000715255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.162{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae0cd0fb8cb32972023-02-07 15:18:58.162root 11241100x8000000000000000715254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.162{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85ed23f91fc29672023-02-07 15:18:58.162root 11241100x8000000000000000715264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.163{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1120d00cfaa539112023-02-07 15:18:58.163root 11241100x8000000000000000715263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.163{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33fe43ea99468472023-02-07 15:18:58.163root 11241100x8000000000000000715262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.163{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac52e3320671ff3e2023-02-07 15:18:58.163root 11241100x8000000000000000715261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.163{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3471940d8b42ffa2023-02-07 15:18:58.163root 11241100x8000000000000000715260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.163{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fb8e6df08ccd102023-02-07 15:18:58.163root 11241100x8000000000000000715259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.163{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6072753c576aa4522023-02-07 15:18:58.163root 11241100x8000000000000000715271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.164{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7d6be87c20e5da2023-02-07 15:18:58.164root 11241100x8000000000000000715270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.164{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0eec6e8c9f6bad2023-02-07 15:18:58.164root 11241100x8000000000000000715269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.164{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c64c853f54702602023-02-07 15:18:58.164root 11241100x8000000000000000715268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.164{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5412f7e321e1312023-02-07 15:18:58.164root 11241100x8000000000000000715267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.164{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619d517e588052862023-02-07 15:18:58.164root 11241100x8000000000000000715266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.164{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a061c0aff3c92eff2023-02-07 15:18:58.164root 11241100x8000000000000000715265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.164{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae67f78fcbf5c8ec2023-02-07 15:18:58.164root 11241100x8000000000000000715277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.165{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce614d7c630434802023-02-07 15:18:58.165root 11241100x8000000000000000715276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.165{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc648ec28abe5b62023-02-07 15:18:58.165root 11241100x8000000000000000715275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.165{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd23235d1e1e86842023-02-07 15:18:58.165root 11241100x8000000000000000715274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.165{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5164e5a3f98494032023-02-07 15:18:58.165root 11241100x8000000000000000715273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.165{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cd14a635b51eb22023-02-07 15:18:58.165root 11241100x8000000000000000715272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.165{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98b6ac6e734b6a12023-02-07 15:18:58.165root 11241100x8000000000000000715278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.167{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fce2dcf8e75454f2023-02-07 15:18:58.167root 11241100x8000000000000000715279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.168{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b490292486b9e12023-02-07 15:18:58.168root 11241100x8000000000000000715285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.169{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac37a1ec822cd8092023-02-07 15:18:58.169root 11241100x8000000000000000715284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.169{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13640114ce6325342023-02-07 15:18:58.169root 11241100x8000000000000000715283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.169{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d8ce5ae7165b362023-02-07 15:18:58.169root 11241100x8000000000000000715282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.169{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310516c8ada263872023-02-07 15:18:58.169root 11241100x8000000000000000715281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.169{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444b89962bc3c14d2023-02-07 15:18:58.169root 11241100x8000000000000000715280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.169{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f1d9077074cbfc2023-02-07 15:18:58.169root 11241100x8000000000000000715290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.170{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe1020093dc11c2023-02-07 15:18:58.170root 11241100x8000000000000000715289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.170{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2093b02983bd192023-02-07 15:18:58.170root 11241100x8000000000000000715288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.170{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150b402e2fb11a972023-02-07 15:18:58.170root 11241100x8000000000000000715287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.170{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed1bc64b6f070de2023-02-07 15:18:58.170root 11241100x8000000000000000715286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.170{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf72f6311563bb2023-02-07 15:18:58.170root 11241100x8000000000000000715298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ef8859e0f6557b2023-02-07 15:18:58.171root 11241100x8000000000000000715297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411db55885ea11422023-02-07 15:18:58.171root 11241100x8000000000000000715296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f47a9a957c76332023-02-07 15:18:58.171root 11241100x8000000000000000715295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2c2f766b137b952023-02-07 15:18:58.171root 11241100x8000000000000000715294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5b2ea66a4c530c2023-02-07 15:18:58.171root 11241100x8000000000000000715293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6a52e3679591242023-02-07 15:18:58.171root 11241100x8000000000000000715292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6f9500ac23f5372023-02-07 15:18:58.171root 11241100x8000000000000000715291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.171{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568b07e80bc19cd72023-02-07 15:18:58.171root 11241100x8000000000000000715302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.172{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eba54d0cfa306ca2023-02-07 15:18:58.172root 11241100x8000000000000000715301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.172{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19621ce291c319942023-02-07 15:18:58.172root 11241100x8000000000000000715300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.172{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20051e55e81ac902023-02-07 15:18:58.172root 11241100x8000000000000000715299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.172{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7551e7ea91e2af382023-02-07 15:18:58.172root 11241100x8000000000000000715305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.173{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3094761fada2debc2023-02-07 15:18:58.173root 11241100x8000000000000000715304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.173{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b413b94266c5112023-02-07 15:18:58.173root 11241100x8000000000000000715303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.173{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde2089250fd30d02023-02-07 15:18:58.173root 11241100x8000000000000000715311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.174{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be238ed3a41fa38b2023-02-07 15:18:58.174root 11241100x8000000000000000715310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.174{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1621c5997037a82023-02-07 15:18:58.174root 11241100x8000000000000000715309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.174{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17edd55d6d6861ed2023-02-07 15:18:58.174root 11241100x8000000000000000715308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.174{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f23f2e725153f662023-02-07 15:18:58.174root 11241100x8000000000000000715307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.174{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4748ad817748dbe82023-02-07 15:18:58.174root 11241100x8000000000000000715306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.174{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e11504e2ebba742023-02-07 15:18:58.174root 11241100x8000000000000000715316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.175{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cacb70a237860be2023-02-07 15:18:58.175root 11241100x8000000000000000715315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.175{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02af2d3008de8922023-02-07 15:18:58.175root 11241100x8000000000000000715314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.175{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2feaa84b761ba0f2023-02-07 15:18:58.175root 11241100x8000000000000000715313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.175{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a228b855cce645a2023-02-07 15:18:58.175root 11241100x8000000000000000715312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.175{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcf200cb8539cb92023-02-07 15:18:58.175root 11241100x8000000000000000715321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.176{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716eb74123d421f52023-02-07 15:18:58.176root 11241100x8000000000000000715320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.176{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf48f2d1f431f3cd2023-02-07 15:18:58.176root 11241100x8000000000000000715319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.176{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d5148b708f4b802023-02-07 15:18:58.176root 11241100x8000000000000000715318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.176{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31408475c5373022023-02-07 15:18:58.176root 11241100x8000000000000000715317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.176{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d85f4f37b39a972023-02-07 15:18:58.176root 11241100x8000000000000000715328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.177{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be862c29f7b27b432023-02-07 15:18:58.177root 11241100x8000000000000000715327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.177{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70c0af1da7d843d2023-02-07 15:18:58.177root 11241100x8000000000000000715326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.177{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fe159c8ed983e12023-02-07 15:18:58.177root 11241100x8000000000000000715325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.177{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99448a0952e34e8b2023-02-07 15:18:58.177root 11241100x8000000000000000715324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.177{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704b20c860413d902023-02-07 15:18:58.177root 11241100x8000000000000000715323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.177{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850a348bbb1a9f0b2023-02-07 15:18:58.177root 11241100x8000000000000000715322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.177{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8e17b5f2fce852023-02-07 15:18:58.177root 11241100x8000000000000000715333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.178{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6b58cb666ad7322023-02-07 15:18:58.178root 11241100x8000000000000000715332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.178{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1122c8d00646c5742023-02-07 15:18:58.178root 11241100x8000000000000000715331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.178{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8152dff42bfc542023-02-07 15:18:58.178root 11241100x8000000000000000715330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.178{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a0d65a4051dea92023-02-07 15:18:58.178root 11241100x8000000000000000715329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.178{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f2b9faf53b4102023-02-07 15:18:58.178root 11241100x8000000000000000715334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.179{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe52406a95a92ae2023-02-07 15:18:58.179root 11241100x8000000000000000715335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.181{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c98443ab7e63b612023-02-07 15:18:58.181root 11241100x8000000000000000715336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.182{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e565b6e477818c2023-02-07 15:18:58.182root 11241100x8000000000000000715339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.183{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63859f7dac379412023-02-07 15:18:58.183root 11241100x8000000000000000715338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.183{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc2c4ca544a33572023-02-07 15:18:58.183root 11241100x8000000000000000715337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.183{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c026da52d343b2023-02-07 15:18:58.183root 11241100x8000000000000000715341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.186{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238030219601e8352023-02-07 15:18:58.186root 11241100x8000000000000000715340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.186{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968b88dc782c3e852023-02-07 15:18:58.186root 11241100x8000000000000000715343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.187{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f9e0736aaf69932023-02-07 15:18:58.187root 11241100x8000000000000000715342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.187{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91658eec971f7882023-02-07 15:18:58.187root 11241100x8000000000000000715347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.188{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041c5e96238af052023-02-07 15:18:58.188root 11241100x8000000000000000715346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.188{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a741de6913813e2023-02-07 15:18:58.188root 11241100x8000000000000000715345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.188{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c15da1634cf80c2023-02-07 15:18:58.188root 11241100x8000000000000000715344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.188{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7ef48a524aaaa42023-02-07 15:18:58.188root 11241100x8000000000000000715353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.189{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dae7c67d5587272023-02-07 15:18:58.189root 11241100x8000000000000000715352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.189{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8385af99450f8c32023-02-07 15:18:58.189root 11241100x8000000000000000715351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.189{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283007342104d9fa2023-02-07 15:18:58.189root 11241100x8000000000000000715350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.189{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb4dc2d9ab874be2023-02-07 15:18:58.189root 11241100x8000000000000000715349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.189{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca025e3d04fa34422023-02-07 15:18:58.189root 11241100x8000000000000000715348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.189{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8117c64ae6f7f8002023-02-07 15:18:58.189root 11241100x8000000000000000715359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.190{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57085c7e7d820b782023-02-07 15:18:58.190root 11241100x8000000000000000715358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.190{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d5365b54389ad32023-02-07 15:18:58.190root 11241100x8000000000000000715357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.190{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7562ddbcb5e850222023-02-07 15:18:58.190root 11241100x8000000000000000715356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.190{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab6b8ecb2661f42023-02-07 15:18:58.190root 11241100x8000000000000000715355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.190{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c6ba4cb2d7b3db2023-02-07 15:18:58.190root 11241100x8000000000000000715354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.190{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208447db0d2560da2023-02-07 15:18:58.190root 11241100x8000000000000000715365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4c85804253752e2023-02-07 15:18:58.191root 11241100x8000000000000000715364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd006dc4f526db42023-02-07 15:18:58.191root 11241100x8000000000000000715363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d695bfc0d073ea2c2023-02-07 15:18:58.191root 11241100x8000000000000000715362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d942025a2711962023-02-07 15:18:58.191root 11241100x8000000000000000715361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a484e3ea8d58617a2023-02-07 15:18:58.191root 11241100x8000000000000000715360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93b4791eb23fe672023-02-07 15:18:58.191root 11241100x8000000000000000715366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:18:58.192{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3834dfecd001c83e2023-02-07 15:18:58.192root 11241100x8000000000000000715616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:24.728{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:19:24.728root 11241100x8000000000000000715617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc7798849ba6bfd2023-02-07 15:19:25.095root 11241100x8000000000000000715618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13279dca6eb4a452023-02-07 15:19:25.595root 11241100x8000000000000000715619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a48fedbc3d1e5b2023-02-07 15:19:26.095root 11241100x8000000000000000715620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b52bea51dd393e2023-02-07 15:19:26.595root 11241100x8000000000000000715621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:26.901{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cef8d5fdc53f2c22023-02-07 15:19:26.901root 11241100x8000000000000000715622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:27.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88628b942db12082023-02-07 15:19:27.345root 11241100x8000000000000000715624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:27.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3322cfa4490ccd6b2023-02-07 15:19:27.729root 23542300x8000000000000000715623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:27.729{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000715626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e425933714e9582023-02-07 15:19:28.095root 11241100x8000000000000000715625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9273674c6a8f9e292023-02-07 15:19:28.095root 354300x8000000000000000715627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:28.255{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35508-false10.0.1.12-8000- 11241100x8000000000000000715630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b423e3f6d2c232c42023-02-07 15:19:28.595root 11241100x8000000000000000715629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd7fa8957ce0ab32023-02-07 15:19:28.595root 11241100x8000000000000000715628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b827274fef7d1f642023-02-07 15:19:28.595root 11241100x8000000000000000715633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81577ef30751c8e32023-02-07 15:19:29.095root 11241100x8000000000000000715632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a365333e90a057512023-02-07 15:19:29.095root 11241100x8000000000000000715631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728fad08d39a87fe2023-02-07 15:19:29.095root 154100x8000000000000000715634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.482{ec244aba-6c01-63e2-485b-5fb939560000}6224/usr/bin/vim.basic-----vim awfulshred3.sh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 11241100x8000000000000000715636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.484{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84134ef2734549a82023-02-07 15:19:29.484root 11241100x8000000000000000715635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.484{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482cd61beba4d2e2023-02-07 15:19:29.484root 11241100x8000000000000000715638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.485{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae177b7c6df782242023-02-07 15:19:29.485root 11241100x8000000000000000715637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.485{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ee8bd89a1de5ce2023-02-07 15:19:29.485root 11241100x8000000000000000715643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.544{ec244aba-6c01-63e2-485b-5fb939560000}6224/usr/bin/vim.basic/home/ubuntu/wiper/.awfulshred3.sh.swp2023-02-07 15:19:29.544ubuntu 23542300x8000000000000000715642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.544{ec244aba-6c01-63e2-485b-5fb939560000}6224ubuntu/usr/bin/vim.basic/home/ubuntu/wiper/.awfulshred3.sh.swp--- 23542300x8000000000000000715641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.544{ec244aba-6c01-63e2-485b-5fb939560000}6224ubuntu/usr/bin/vim.basic/home/ubuntu/wiper/.awfulshred3.sh.swx--- 11241100x8000000000000000715640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.544{ec244aba-6c01-63e2-485b-5fb939560000}6224/usr/bin/vim.basic/home/ubuntu/wiper/.awfulshred3.sh.swx2023-02-07 15:19:29.544ubuntu 11241100x8000000000000000715639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.544{ec244aba-6c01-63e2-485b-5fb939560000}6224/usr/bin/vim.basic/home/ubuntu/wiper/.awfulshred3.sh.swp2023-02-07 15:19:29.544ubuntu 11241100x8000000000000000715647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77832a3a515b78002023-02-07 15:19:29.845root 11241100x8000000000000000715646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfef412f228f88af2023-02-07 15:19:29.845root 11241100x8000000000000000715645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c566b138fd00e52023-02-07 15:19:29.845root 11241100x8000000000000000715644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687f58c63329aef22023-02-07 15:19:29.845root 11241100x8000000000000000715652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75571533ace684782023-02-07 15:19:29.846root 11241100x8000000000000000715651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25349ebbda380af52023-02-07 15:19:29.846root 11241100x8000000000000000715650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59567a6832b233822023-02-07 15:19:29.846root 11241100x8000000000000000715649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4b69ae340d6a072023-02-07 15:19:29.846root 11241100x8000000000000000715648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:29.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bf410c8ebbdd052023-02-07 15:19:29.846root 11241100x8000000000000000715655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d233229742738d362023-02-07 15:19:30.345root 11241100x8000000000000000715654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9225b2f1b4d0d42023-02-07 15:19:30.345root 11241100x8000000000000000715653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c74f59c23a68df22023-02-07 15:19:30.345root 11241100x8000000000000000715661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3ee5a68fba80a62023-02-07 15:19:30.346root 11241100x8000000000000000715660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9026f6cc59c5d9a2023-02-07 15:19:30.346root 11241100x8000000000000000715659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed1c50277d0dc0d2023-02-07 15:19:30.346root 11241100x8000000000000000715658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fe34925d9864db2023-02-07 15:19:30.346root 11241100x8000000000000000715657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e88590bda064622023-02-07 15:19:30.346root 11241100x8000000000000000715656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ee68d86d78ab2e2023-02-07 15:19:30.346root 11241100x8000000000000000715665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc60c363ef040b92023-02-07 15:19:30.845root 11241100x8000000000000000715664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08400ab451302cc52023-02-07 15:19:30.845root 11241100x8000000000000000715663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacec971a62b88de2023-02-07 15:19:30.845root 11241100x8000000000000000715662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b680e86202ef272023-02-07 15:19:30.845root 11241100x8000000000000000715670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a947b7440e6dbb82023-02-07 15:19:30.846root 11241100x8000000000000000715669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523abd92b02aa85a2023-02-07 15:19:30.846root 11241100x8000000000000000715668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f450020de65b3ae2023-02-07 15:19:30.846root 11241100x8000000000000000715667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a0912ec3be12c52023-02-07 15:19:30.846root 11241100x8000000000000000715666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295f119b21d2d0552023-02-07 15:19:30.846root 11241100x8000000000000000715674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36eeccaad3e4db12023-02-07 15:19:31.345root 11241100x8000000000000000715673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bdb6d9f4f5717f2023-02-07 15:19:31.345root 11241100x8000000000000000715672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673af3e1226d1adb2023-02-07 15:19:31.345root 11241100x8000000000000000715671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb53194de0067e42023-02-07 15:19:31.345root 11241100x8000000000000000715679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec906413a4cbaa52023-02-07 15:19:31.346root 11241100x8000000000000000715678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a8a1903de8aa372023-02-07 15:19:31.346root 11241100x8000000000000000715677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4b5d55820923462023-02-07 15:19:31.346root 11241100x8000000000000000715676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8319ef449fb664162023-02-07 15:19:31.346root 11241100x8000000000000000715675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b181fcd9a091dffb2023-02-07 15:19:31.346root 11241100x8000000000000000715683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ebe928c56b05522023-02-07 15:19:31.845root 11241100x8000000000000000715682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f29dd72048ddab72023-02-07 15:19:31.845root 11241100x8000000000000000715681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41225d816e0a3f62023-02-07 15:19:31.845root 11241100x8000000000000000715680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6675cd2f8dd7a39c2023-02-07 15:19:31.845root 11241100x8000000000000000715688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8079f0ca424160062023-02-07 15:19:31.846root 11241100x8000000000000000715687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a60253f0fe6c8ba2023-02-07 15:19:31.846root 11241100x8000000000000000715686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3458e8597ef8ee2023-02-07 15:19:31.846root 11241100x8000000000000000715685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e31115adf560e42023-02-07 15:19:31.846root 11241100x8000000000000000715684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3545dc02a5ed66e42023-02-07 15:19:31.846root 11241100x8000000000000000715697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77241ec1e76bdd642023-02-07 15:19:32.346root 11241100x8000000000000000715696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df43ebf48bfa6a92023-02-07 15:19:32.346root 11241100x8000000000000000715695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5591b0f6de0eb42023-02-07 15:19:32.346root 11241100x8000000000000000715694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd9211eafbde282023-02-07 15:19:32.346root 11241100x8000000000000000715693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f840a6603c36eb2023-02-07 15:19:32.346root 11241100x8000000000000000715692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c6395a647f41cb2023-02-07 15:19:32.346root 11241100x8000000000000000715691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c167f6543239dd2023-02-07 15:19:32.346root 11241100x8000000000000000715690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ccb27475f6c2bf2023-02-07 15:19:32.346root 11241100x8000000000000000715689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d7504112aafe5e2023-02-07 15:19:32.346root 534500x8000000000000000715698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.563{ec244aba-6bfc-63e2-0000-000000000000}6223-sshd 534500x8000000000000000715699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.564{ec244aba-6bf4-63e2-e057-3e314e560000}6222/usr/sbin/sshdroot 11241100x8000000000000000715703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe087824c2e58372023-02-07 15:19:32.845root 11241100x8000000000000000715702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab7f838205f28fc2023-02-07 15:19:32.845root 11241100x8000000000000000715701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f219913dfa082feb2023-02-07 15:19:32.845root 11241100x8000000000000000715700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e991bfa4f46d272023-02-07 15:19:32.845root 11241100x8000000000000000715710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf241158310210d2023-02-07 15:19:32.846root 11241100x8000000000000000715709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea9c61db19c0d82023-02-07 15:19:32.846root 11241100x8000000000000000715708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a14fd3eeea37cb2023-02-07 15:19:32.846root 11241100x8000000000000000715707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8d1a6a9f0a5de82023-02-07 15:19:32.846root 11241100x8000000000000000715706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02246679876f51192023-02-07 15:19:32.846root 11241100x8000000000000000715705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b039c3ec681cae2023-02-07 15:19:32.846root 11241100x8000000000000000715704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a612de8affeb5f1f2023-02-07 15:19:32.846root 11241100x8000000000000000715712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c579e469c7010742023-02-07 15:19:33.345root 11241100x8000000000000000715711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4637863a6e6794a42023-02-07 15:19:33.345root 11241100x8000000000000000715721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ee5a92962a0efe2023-02-07 15:19:33.346root 11241100x8000000000000000715720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f075e07c8a8076df2023-02-07 15:19:33.346root 11241100x8000000000000000715719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d258f102ba9654602023-02-07 15:19:33.346root 11241100x8000000000000000715718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff0a830f69af7932023-02-07 15:19:33.346root 11241100x8000000000000000715717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449010fc87df17192023-02-07 15:19:33.346root 11241100x8000000000000000715716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5a288df79721c92023-02-07 15:19:33.346root 11241100x8000000000000000715715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0158e826ee17e082023-02-07 15:19:33.346root 11241100x8000000000000000715714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cc9ef9d6e60f2d2023-02-07 15:19:33.346root 11241100x8000000000000000715713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d62d0e635211bb42023-02-07 15:19:33.346root 11241100x8000000000000000715722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f63f52375c512c2023-02-07 15:19:33.845root 11241100x8000000000000000715732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8194d19592986c2023-02-07 15:19:33.846root 11241100x8000000000000000715731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6ba3841fa433622023-02-07 15:19:33.846root 11241100x8000000000000000715730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78942f2f5efaaa382023-02-07 15:19:33.846root 11241100x8000000000000000715729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3f903c032426a2023-02-07 15:19:33.846root 11241100x8000000000000000715728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d2123c648bde4b2023-02-07 15:19:33.846root 11241100x8000000000000000715727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22d0efe93129d9f2023-02-07 15:19:33.846root 11241100x8000000000000000715726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450b0ba9bbd0f8292023-02-07 15:19:33.846root 11241100x8000000000000000715725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986e13c4591a6c482023-02-07 15:19:33.846root 11241100x8000000000000000715724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097e0b93768005192023-02-07 15:19:33.846root 11241100x8000000000000000715723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c847bf61a6d0db2023-02-07 15:19:33.846root 354300x8000000000000000715733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.062{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35510-false10.0.1.12-8000- 11241100x8000000000000000715735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79f3c4910cd413c2023-02-07 15:19:34.345root 11241100x8000000000000000715734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0510110bcd81962023-02-07 15:19:34.345root 11241100x8000000000000000715743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7b0220aa65a0062023-02-07 15:19:34.346root 11241100x8000000000000000715742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0d876182375fdb2023-02-07 15:19:34.346root 11241100x8000000000000000715741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db7f2359cc0fcbc2023-02-07 15:19:34.346root 11241100x8000000000000000715740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7010e9ca09e314162023-02-07 15:19:34.346root 11241100x8000000000000000715739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ed77276e48a062023-02-07 15:19:34.346root 11241100x8000000000000000715738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2aed9ea643b3ce2023-02-07 15:19:34.346root 11241100x8000000000000000715737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce75d58853262792023-02-07 15:19:34.346root 11241100x8000000000000000715736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343fb8e096a16352023-02-07 15:19:34.346root 11241100x8000000000000000715745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5551b17baf8c122023-02-07 15:19:34.347root 11241100x8000000000000000715744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dd4da35ca8cecb2023-02-07 15:19:34.347root 11241100x8000000000000000715747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e94752b1912c322023-02-07 15:19:34.845root 11241100x8000000000000000715746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdaec02796b87f22023-02-07 15:19:34.845root 11241100x8000000000000000715757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df317c69966a85682023-02-07 15:19:34.846root 11241100x8000000000000000715756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ddafb5fc02f6e52023-02-07 15:19:34.846root 11241100x8000000000000000715755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea8599e0c2d8f032023-02-07 15:19:34.846root 11241100x8000000000000000715754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0d7abfe96a23a22023-02-07 15:19:34.846root 11241100x8000000000000000715753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51906b50f86c441f2023-02-07 15:19:34.846root 11241100x8000000000000000715752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c46acde67743cb62023-02-07 15:19:34.846root 11241100x8000000000000000715751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c0aaaa0027e12e2023-02-07 15:19:34.846root 11241100x8000000000000000715750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb05ffaec6db1a12023-02-07 15:19:34.846root 11241100x8000000000000000715749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e49bbd23a7865d2023-02-07 15:19:34.846root 11241100x8000000000000000715748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8665d78433e606372023-02-07 15:19:34.846root 11241100x8000000000000000715758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363458461e29b56f2023-02-07 15:19:35.345root 11241100x8000000000000000715769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a8a1fbd9b494932023-02-07 15:19:35.346root 11241100x8000000000000000715768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45eec3a6b3a0dbe2023-02-07 15:19:35.346root 11241100x8000000000000000715767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0562b5f923459a2023-02-07 15:19:35.346root 11241100x8000000000000000715766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28de609dda95ce02023-02-07 15:19:35.346root 11241100x8000000000000000715765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f07f84daef2c3b2023-02-07 15:19:35.346root 11241100x8000000000000000715764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acec50cc213a5f92023-02-07 15:19:35.346root 11241100x8000000000000000715763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad54628982df26322023-02-07 15:19:35.346root 11241100x8000000000000000715762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bfaa1ecc0dc0a92023-02-07 15:19:35.346root 11241100x8000000000000000715761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fed72d314dcbfb2023-02-07 15:19:35.346root 11241100x8000000000000000715760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08ddd255774caad2023-02-07 15:19:35.346root 11241100x8000000000000000715759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af687ef24b6f210f2023-02-07 15:19:35.346root 11241100x8000000000000000715772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d55a5383d49b972023-02-07 15:19:35.846root 11241100x8000000000000000715771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c796a4b94f558b82023-02-07 15:19:35.846root 11241100x8000000000000000715770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718d2d574386608d2023-02-07 15:19:35.846root 11241100x8000000000000000715781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eeae2fc6ffb6242023-02-07 15:19:35.847root 11241100x8000000000000000715780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b1401c34d218ad2023-02-07 15:19:35.847root 11241100x8000000000000000715779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbeb99c57c5d4732023-02-07 15:19:35.847root 11241100x8000000000000000715778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b622c619ba34ca82023-02-07 15:19:35.847root 11241100x8000000000000000715777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b88a74f6268c3552023-02-07 15:19:35.847root 11241100x8000000000000000715776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b17eeb6cb09c492023-02-07 15:19:35.847root 11241100x8000000000000000715775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c479cba02fe1b3ba2023-02-07 15:19:35.847root 11241100x8000000000000000715774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088e65f5daa793a42023-02-07 15:19:35.847root 11241100x8000000000000000715773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27444ee9ecc1acea2023-02-07 15:19:35.847root 11241100x8000000000000000715784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2f85812b31ada2023-02-07 15:19:36.345root 11241100x8000000000000000715783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5398f661da557d32023-02-07 15:19:36.345root 11241100x8000000000000000715782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e0bce8299b10db2023-02-07 15:19:36.345root 11241100x8000000000000000715793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4066f2f3aa069c2023-02-07 15:19:36.346root 11241100x8000000000000000715792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b7c6a0c79342652023-02-07 15:19:36.346root 11241100x8000000000000000715791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beb93b00c4658bf2023-02-07 15:19:36.346root 11241100x8000000000000000715790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba7415077438f372023-02-07 15:19:36.346root 11241100x8000000000000000715789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a179a97ca77c3eda2023-02-07 15:19:36.346root 11241100x8000000000000000715788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5766078df1d51992023-02-07 15:19:36.346root 11241100x8000000000000000715787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc1ea46241db5032023-02-07 15:19:36.346root 11241100x8000000000000000715786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c58b607be365d062023-02-07 15:19:36.346root 11241100x8000000000000000715785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4a83684202d2922023-02-07 15:19:36.346root 11241100x8000000000000000715797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1a3a1915293272023-02-07 15:19:36.845root 11241100x8000000000000000715796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d02609c69a34ce2023-02-07 15:19:36.845root 11241100x8000000000000000715795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68b32319523399b2023-02-07 15:19:36.845root 11241100x8000000000000000715794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede1462174d61c452023-02-07 15:19:36.845root 11241100x8000000000000000715805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a08ca9641069692023-02-07 15:19:36.846root 11241100x8000000000000000715804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0925dc74f13ff91e2023-02-07 15:19:36.846root 11241100x8000000000000000715803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdcb16c141f1dae2023-02-07 15:19:36.846root 11241100x8000000000000000715802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2571b096e5227b9e2023-02-07 15:19:36.846root 11241100x8000000000000000715801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40fc27ca2f313582023-02-07 15:19:36.846root 11241100x8000000000000000715800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7599ce830ff173e2023-02-07 15:19:36.846root 11241100x8000000000000000715799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a901d6d1a368a92023-02-07 15:19:36.846root 11241100x8000000000000000715798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dbaa9861132e5f2023-02-07 15:19:36.846root 11241100x8000000000000000715807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0ada7465e4178e2023-02-07 15:19:37.345root 11241100x8000000000000000715806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f448ea8bc697742023-02-07 15:19:37.345root 11241100x8000000000000000715817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55511dea385e15172023-02-07 15:19:37.346root 11241100x8000000000000000715816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a108cb74e5789f2023-02-07 15:19:37.346root 11241100x8000000000000000715815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707fe80930876e592023-02-07 15:19:37.346root 11241100x8000000000000000715814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffb4c1248ed9a92023-02-07 15:19:37.346root 11241100x8000000000000000715813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e6264716b7f6b2023-02-07 15:19:37.346root 11241100x8000000000000000715812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105e695dd4ce3b952023-02-07 15:19:37.346root 11241100x8000000000000000715811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f2853e846a1c5a2023-02-07 15:19:37.346root 11241100x8000000000000000715810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ead1c67b7e5d4e2023-02-07 15:19:37.346root 11241100x8000000000000000715809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b242d218309118762023-02-07 15:19:37.346root 11241100x8000000000000000715808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd19be24c472d4f2023-02-07 15:19:37.346root 11241100x8000000000000000715820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6d96c3fe0ae23a2023-02-07 15:19:37.845root 11241100x8000000000000000715819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283c3a1189eb63d42023-02-07 15:19:37.845root 11241100x8000000000000000715818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1175f08caafee5b2023-02-07 15:19:37.845root 11241100x8000000000000000715829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250056438507a3772023-02-07 15:19:37.846root 11241100x8000000000000000715828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01887087eacc3ad2023-02-07 15:19:37.846root 11241100x8000000000000000715827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94aa3ab1fc088ca2023-02-07 15:19:37.846root 11241100x8000000000000000715826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a415d8b24fcf12812023-02-07 15:19:37.846root 11241100x8000000000000000715825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc18010ad0dc8f152023-02-07 15:19:37.846root 11241100x8000000000000000715824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb814765a157b7752023-02-07 15:19:37.846root 11241100x8000000000000000715823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f437e40e95e8bd3e2023-02-07 15:19:37.846root 11241100x8000000000000000715822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d970ef53e7c1ef2023-02-07 15:19:37.846root 11241100x8000000000000000715821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd03a5b299274d812023-02-07 15:19:37.846root 11241100x8000000000000000715832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10c40b092615b1e2023-02-07 15:19:38.345root 11241100x8000000000000000715831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44c363c94000c132023-02-07 15:19:38.345root 11241100x8000000000000000715830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6bddcd3cfebd32023-02-07 15:19:38.345root 11241100x8000000000000000715839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ec95738a90af902023-02-07 15:19:38.346root 11241100x8000000000000000715838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0131561afa7ece2023-02-07 15:19:38.346root 11241100x8000000000000000715837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4741ec4e3a3f122023-02-07 15:19:38.346root 11241100x8000000000000000715836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dded3c401dca2f62023-02-07 15:19:38.346root 11241100x8000000000000000715835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8854f6cf1a5986e92023-02-07 15:19:38.346root 11241100x8000000000000000715834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a69782de66f71802023-02-07 15:19:38.346root 11241100x8000000000000000715833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b62b9c070c242812023-02-07 15:19:38.346root 11241100x8000000000000000715841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18353b5fcf8986f22023-02-07 15:19:38.347root 11241100x8000000000000000715840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c9e18b0f6a04582023-02-07 15:19:38.347root 11241100x8000000000000000715842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47494a3c09b573562023-02-07 15:19:38.845root 11241100x8000000000000000715848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab13efd1edbc9be2023-02-07 15:19:38.846root 11241100x8000000000000000715847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1bfd70c68703332023-02-07 15:19:38.846root 11241100x8000000000000000715846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5ffd66864fa9672023-02-07 15:19:38.846root 11241100x8000000000000000715845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4edcacb1efe34392023-02-07 15:19:38.846root 11241100x8000000000000000715844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f446b1ad0e6ad92023-02-07 15:19:38.846root 11241100x8000000000000000715843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4351fc8266a60412023-02-07 15:19:38.846root 11241100x8000000000000000715852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee2d0c7db03aab32023-02-07 15:19:38.847root 11241100x8000000000000000715851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d16995a7962b112023-02-07 15:19:38.847root 11241100x8000000000000000715850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bcf89d074abea42023-02-07 15:19:38.847root 11241100x8000000000000000715849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15686318b200cf92023-02-07 15:19:38.847root 11241100x8000000000000000715853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:38.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c2a83a5ccab0f2023-02-07 15:19:38.848root 354300x8000000000000000715854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.117{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-57588-false10.0.1.12-8000- 11241100x8000000000000000715861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac8c47ca8e9f1be2023-02-07 15:19:39.118root 11241100x8000000000000000715860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a26a6b95bbe1f072023-02-07 15:19:39.118root 11241100x8000000000000000715859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b9f7b8310388ff2023-02-07 15:19:39.118root 11241100x8000000000000000715858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c752cf54da356e62023-02-07 15:19:39.118root 11241100x8000000000000000715857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aeaa1f5ef5176d12023-02-07 15:19:39.118root 11241100x8000000000000000715856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3334c4a115a55ce72023-02-07 15:19:39.118root 11241100x8000000000000000715855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.118{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24de8b54f03528e2023-02-07 15:19:39.118root 11241100x8000000000000000715867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec7f33829382672023-02-07 15:19:39.119root 11241100x8000000000000000715866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d107b1c8a75f8322023-02-07 15:19:39.119root 11241100x8000000000000000715865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6a4ca824bb72632023-02-07 15:19:39.119root 11241100x8000000000000000715864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dd317e9e245a1f2023-02-07 15:19:39.119root 11241100x8000000000000000715863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad98e2e6f59c83c2023-02-07 15:19:39.119root 11241100x8000000000000000715862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.119{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e6d7b5e5ea51e2023-02-07 15:19:39.119root 11241100x8000000000000000715871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7ab0826bb8c1852023-02-07 15:19:39.595root 11241100x8000000000000000715870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a6671038fe7d6d2023-02-07 15:19:39.595root 11241100x8000000000000000715869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12bf1ac603733382023-02-07 15:19:39.595root 11241100x8000000000000000715868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7cdb56b162079e2023-02-07 15:19:39.595root 11241100x8000000000000000715877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f01ba4a0c9f6a92023-02-07 15:19:39.596root 11241100x8000000000000000715876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9306e0ee15901f2023-02-07 15:19:39.596root 11241100x8000000000000000715875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d05552cb5dcabe2023-02-07 15:19:39.596root 11241100x8000000000000000715874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66f5b2d5cf1b2752023-02-07 15:19:39.596root 11241100x8000000000000000715873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32989302e2f286272023-02-07 15:19:39.596root 11241100x8000000000000000715872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7034b662c8b58492023-02-07 15:19:39.596root 11241100x8000000000000000715880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3364ab1a751ce2de2023-02-07 15:19:39.597root 11241100x8000000000000000715879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050d24f139cf79142023-02-07 15:19:39.597root 11241100x8000000000000000715878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e4e3f4cc7304132023-02-07 15:19:39.597root 11241100x8000000000000000715883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43999bf69a6965412023-02-07 15:19:40.095root 11241100x8000000000000000715882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618510e5fecb959a2023-02-07 15:19:40.095root 11241100x8000000000000000715881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388f301772941a002023-02-07 15:19:40.095root 11241100x8000000000000000715890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb0160c749528442023-02-07 15:19:40.096root 11241100x8000000000000000715889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ec56a458afbb02023-02-07 15:19:40.096root 11241100x8000000000000000715888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e3dbed33cdcc02023-02-07 15:19:40.096root 11241100x8000000000000000715887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e231c534176c40522023-02-07 15:19:40.096root 11241100x8000000000000000715886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bf404efb38f3ae2023-02-07 15:19:40.096root 11241100x8000000000000000715885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83421747e4a5c55c2023-02-07 15:19:40.096root 11241100x8000000000000000715884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c0af8aca4c8f102023-02-07 15:19:40.096root 11241100x8000000000000000715893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caefc807d2c19c592023-02-07 15:19:40.097root 11241100x8000000000000000715892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411c5039387d62d42023-02-07 15:19:40.097root 11241100x8000000000000000715891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8011cdb07a7883e2023-02-07 15:19:40.097root 11241100x8000000000000000715897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7d54c6942bca752023-02-07 15:19:40.595root 11241100x8000000000000000715896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba80b51b768912ad2023-02-07 15:19:40.595root 11241100x8000000000000000715895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8e75cbc7e2219e2023-02-07 15:19:40.595root 11241100x8000000000000000715894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089e263ff6333d542023-02-07 15:19:40.595root 11241100x8000000000000000715904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9812733a235cf8032023-02-07 15:19:40.596root 11241100x8000000000000000715903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3d740346607e712023-02-07 15:19:40.596root 11241100x8000000000000000715902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60803f1b2459937f2023-02-07 15:19:40.596root 11241100x8000000000000000715901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852f5bc8a7c2ad1d2023-02-07 15:19:40.596root 11241100x8000000000000000715900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bcfef0b758bdb52023-02-07 15:19:40.596root 11241100x8000000000000000715899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d31df30756a9dae2023-02-07 15:19:40.596root 11241100x8000000000000000715898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5102f813807432b2023-02-07 15:19:40.596root 11241100x8000000000000000715906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214793470886ce852023-02-07 15:19:40.597root 11241100x8000000000000000715905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d048f7d19db1f7a2023-02-07 15:19:40.597root 11241100x8000000000000000715911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dcd70cd599ec5d2023-02-07 15:19:41.095root 11241100x8000000000000000715910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26e607889c10fe52023-02-07 15:19:41.095root 11241100x8000000000000000715909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dae41eebda73de2023-02-07 15:19:41.095root 11241100x8000000000000000715908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfe77a9523328cc2023-02-07 15:19:41.095root 11241100x8000000000000000715907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74aadb42ac2c543d2023-02-07 15:19:41.095root 11241100x8000000000000000715919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0119d60c2aa48d0c2023-02-07 15:19:41.096root 11241100x8000000000000000715918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79095e5ac7680842023-02-07 15:19:41.096root 11241100x8000000000000000715917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0b3859a9e5e0942023-02-07 15:19:41.096root 11241100x8000000000000000715916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c061f9f28a4bb42023-02-07 15:19:41.096root 11241100x8000000000000000715915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeca9858a848b6d2023-02-07 15:19:41.096root 11241100x8000000000000000715914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98abeba6d88c2bd92023-02-07 15:19:41.096root 11241100x8000000000000000715913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8314de1d35ac8a2023-02-07 15:19:41.096root 11241100x8000000000000000715912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb337fce8ab9fa92023-02-07 15:19:41.096root 11241100x8000000000000000715924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ac5e89cdfaab162023-02-07 15:19:41.595root 11241100x8000000000000000715923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41fe560c0f13dfa2023-02-07 15:19:41.595root 11241100x8000000000000000715922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73fb30c86444a9f2023-02-07 15:19:41.595root 11241100x8000000000000000715921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f78146f7d671bb72023-02-07 15:19:41.595root 11241100x8000000000000000715920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cfebabf68df33d2023-02-07 15:19:41.595root 11241100x8000000000000000715932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c5fa39bce4c5df2023-02-07 15:19:41.596root 11241100x8000000000000000715931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cc2839331e7db92023-02-07 15:19:41.596root 11241100x8000000000000000715930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725e992dc8fdef472023-02-07 15:19:41.596root 11241100x8000000000000000715929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2789a93de6d935d2023-02-07 15:19:41.596root 11241100x8000000000000000715928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97e4da62a0b7e3b2023-02-07 15:19:41.596root 11241100x8000000000000000715927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9457ff61d5a080f42023-02-07 15:19:41.596root 11241100x8000000000000000715926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b20b93b666474852023-02-07 15:19:41.596root 11241100x8000000000000000715925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f264be5807a289b72023-02-07 15:19:41.596root 11241100x8000000000000000715933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a039237a37f8eeea2023-02-07 15:19:42.095root 11241100x8000000000000000715936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351eba456b3122e32023-02-07 15:19:42.096root 11241100x8000000000000000715935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b6d6311d41c5dd2023-02-07 15:19:42.096root 11241100x8000000000000000715934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19bccfb59383f6c2023-02-07 15:19:42.096root 11241100x8000000000000000715940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf40c081ec99662023-02-07 15:19:42.097root 11241100x8000000000000000715939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd277dbb97f3fd452023-02-07 15:19:42.097root 11241100x8000000000000000715938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f712eae75a008c582023-02-07 15:19:42.097root 11241100x8000000000000000715937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73207b0139e7582023-02-07 15:19:42.097root 11241100x8000000000000000715945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbb9080996eeeab2023-02-07 15:19:42.098root 11241100x8000000000000000715944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a6801b204561682023-02-07 15:19:42.098root 11241100x8000000000000000715943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef24b2176a650002023-02-07 15:19:42.098root 11241100x8000000000000000715942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f51339fb8c6b6522023-02-07 15:19:42.098root 11241100x8000000000000000715941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c65edfaf20546002023-02-07 15:19:42.098root 11241100x8000000000000000715958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37805dab15cbf562023-02-07 15:19:42.596root 11241100x8000000000000000715957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed5034696c8cffe2023-02-07 15:19:42.596root 11241100x8000000000000000715956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9a76361b552e362023-02-07 15:19:42.596root 11241100x8000000000000000715955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695be540971075a22023-02-07 15:19:42.596root 11241100x8000000000000000715954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a7994befbf5062023-02-07 15:19:42.596root 11241100x8000000000000000715953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4763df20ba04cf402023-02-07 15:19:42.596root 11241100x8000000000000000715952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf37803d487758512023-02-07 15:19:42.596root 11241100x8000000000000000715951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d6cb962cfaa7202023-02-07 15:19:42.596root 11241100x8000000000000000715950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb337ee7f57febd2023-02-07 15:19:42.596root 11241100x8000000000000000715949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97753d41758c1ac2023-02-07 15:19:42.596root 11241100x8000000000000000715948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ed12c98179bd72023-02-07 15:19:42.596root 11241100x8000000000000000715947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699b3466989f2ea2023-02-07 15:19:42.596root 11241100x8000000000000000715946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c3f9dcb5215dd22023-02-07 15:19:42.596root 11241100x8000000000000000715962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f694b8f418cdef2023-02-07 15:19:43.095root 11241100x8000000000000000715961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96432d42d97119ad2023-02-07 15:19:43.095root 11241100x8000000000000000715960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f391cb6fa30ca122023-02-07 15:19:43.095root 11241100x8000000000000000715959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166e24a8e7fd74e82023-02-07 15:19:43.095root 11241100x8000000000000000715968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2d388d1e54cce42023-02-07 15:19:43.096root 11241100x8000000000000000715967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db79ac68a0a3a6662023-02-07 15:19:43.096root 11241100x8000000000000000715966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7688c7dfe059a9f42023-02-07 15:19:43.096root 11241100x8000000000000000715965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eb28d27d44f6f52023-02-07 15:19:43.096root 11241100x8000000000000000715964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dace728f1252b0b22023-02-07 15:19:43.096root 11241100x8000000000000000715963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83223bea79c185b22023-02-07 15:19:43.096root 11241100x8000000000000000715971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4669edd450d1c92023-02-07 15:19:43.097root 11241100x8000000000000000715970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f95f7123145ff202023-02-07 15:19:43.097root 11241100x8000000000000000715969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d555947b2789d82023-02-07 15:19:43.097root 11241100x8000000000000000715975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2b0ee515aeac02023-02-07 15:19:43.595root 11241100x8000000000000000715974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4801694cf69fd92d2023-02-07 15:19:43.595root 11241100x8000000000000000715973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fe8d502c4f91852023-02-07 15:19:43.595root 11241100x8000000000000000715972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b4faf8e6d7a98d2023-02-07 15:19:43.595root 11241100x8000000000000000715984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab717cf4da2d3242023-02-07 15:19:43.596root 11241100x8000000000000000715983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eb13ecb19cfda42023-02-07 15:19:43.596root 11241100x8000000000000000715982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83088e6b680ed8632023-02-07 15:19:43.596root 11241100x8000000000000000715981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfeab1309e84b6b2023-02-07 15:19:43.596root 11241100x8000000000000000715980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b831709a3f38239c2023-02-07 15:19:43.596root 11241100x8000000000000000715979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980d13a9022443c2023-02-07 15:19:43.596root 11241100x8000000000000000715978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4422cabb9c4f81662023-02-07 15:19:43.596root 11241100x8000000000000000715977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa65b80499a827682023-02-07 15:19:43.596root 11241100x8000000000000000715976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b746e55487105d92023-02-07 15:19:43.596root 11241100x8000000000000000715989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32922beda314edd2023-02-07 15:19:44.095root 11241100x8000000000000000715988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae8362d57d13fad2023-02-07 15:19:44.095root 11241100x8000000000000000715987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b42f8090e1ad7a2023-02-07 15:19:44.095root 11241100x8000000000000000715986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf3f628f8fddf222023-02-07 15:19:44.095root 11241100x8000000000000000715985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bea2bf119eb52e2023-02-07 15:19:44.095root 11241100x8000000000000000715996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfca7f5ac2c4de822023-02-07 15:19:44.096root 11241100x8000000000000000715995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6635b819912996c2023-02-07 15:19:44.096root 11241100x8000000000000000715994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcf39da683abc2c2023-02-07 15:19:44.096root 11241100x8000000000000000715993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c059f9658c0b80802023-02-07 15:19:44.096root 11241100x8000000000000000715992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedfe9b658eabd682023-02-07 15:19:44.096root 11241100x8000000000000000715991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f84b6527356cb032023-02-07 15:19:44.096root 11241100x8000000000000000715990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b142064e1e8309642023-02-07 15:19:44.096root 11241100x8000000000000000715997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7329076630de892023-02-07 15:19:44.097root 354300x8000000000000000715998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.251{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-57596-false10.0.1.12-8000- 11241100x8000000000000000716000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f5cf391f9a01942023-02-07 15:19:44.595root 11241100x8000000000000000715999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc059352c39565a82023-02-07 15:19:44.595root 11241100x8000000000000000716003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193204f76b4b37512023-02-07 15:19:44.596root 11241100x8000000000000000716002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a97bea41af1249b2023-02-07 15:19:44.596root 11241100x8000000000000000716001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8945bee0264ce3282023-02-07 15:19:44.596root 11241100x8000000000000000716008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eed6f4490636bb12023-02-07 15:19:44.597root 11241100x8000000000000000716007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06be7c98c1932dc52023-02-07 15:19:44.597root 11241100x8000000000000000716006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5ece7efe61bff12023-02-07 15:19:44.597root 11241100x8000000000000000716005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8d6f42cb8258812023-02-07 15:19:44.597root 11241100x8000000000000000716004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff03a3052e16d6792023-02-07 15:19:44.597root 11241100x8000000000000000716012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d9cdb738940b242023-02-07 15:19:44.598root 11241100x8000000000000000716011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1194297894abb2023-02-07 15:19:44.598root 11241100x8000000000000000716010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f1470412872982023-02-07 15:19:44.598root 11241100x8000000000000000716009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:44.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c1bf3f446880f62023-02-07 15:19:44.598root 11241100x8000000000000000716023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621a6e6939e084642023-02-07 15:19:45.096root 11241100x8000000000000000716022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d63b16f8b9289b2023-02-07 15:19:45.096root 11241100x8000000000000000716021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff28a22f232234bf2023-02-07 15:19:45.096root 11241100x8000000000000000716020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8476e9b41dac69b2023-02-07 15:19:45.096root 11241100x8000000000000000716019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56f857cd47b2072023-02-07 15:19:45.096root 11241100x8000000000000000716018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdea3c8aeb74fcb42023-02-07 15:19:45.096root 11241100x8000000000000000716017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3ab22ddebeece32023-02-07 15:19:45.096root 11241100x8000000000000000716016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b88f6ba1b4c3b802023-02-07 15:19:45.096root 11241100x8000000000000000716015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44dfbc1acbed7442023-02-07 15:19:45.096root 11241100x8000000000000000716014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc56bebd0f465b232023-02-07 15:19:45.096root 11241100x8000000000000000716013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2839d12b0d8d0a822023-02-07 15:19:45.096root 11241100x8000000000000000716026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b330c343f47f1a652023-02-07 15:19:45.097root 11241100x8000000000000000716025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8ad7a6b7289f692023-02-07 15:19:45.097root 11241100x8000000000000000716024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6e6aad9c7689852023-02-07 15:19:45.097root 11241100x8000000000000000716031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4e214d06d14fac2023-02-07 15:19:45.595root 11241100x8000000000000000716030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcffa1001a8b8bf2023-02-07 15:19:45.595root 11241100x8000000000000000716029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f94e03163a43b052023-02-07 15:19:45.595root 11241100x8000000000000000716028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c5580aa3b3cfa02023-02-07 15:19:45.595root 11241100x8000000000000000716027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13503dfc511c3012023-02-07 15:19:45.595root 11241100x8000000000000000716037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af8d89bd7e731bf2023-02-07 15:19:45.596root 11241100x8000000000000000716036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c170e147b7117f62023-02-07 15:19:45.596root 11241100x8000000000000000716035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea1c99f5fadf5072023-02-07 15:19:45.596root 11241100x8000000000000000716034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fd9a02d0950eb52023-02-07 15:19:45.596root 11241100x8000000000000000716033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7b7e986f28ec752023-02-07 15:19:45.596root 11241100x8000000000000000716032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27466724d1afd49f2023-02-07 15:19:45.596root 11241100x8000000000000000716040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db933c3caa727cc62023-02-07 15:19:45.597root 11241100x8000000000000000716039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffe0e9fae750a2a2023-02-07 15:19:45.597root 11241100x8000000000000000716038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5601b7c86f1c539f2023-02-07 15:19:45.597root 11241100x8000000000000000716043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e9da65e067ff52023-02-07 15:19:46.095root 11241100x8000000000000000716042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aa32c7a5d87b612023-02-07 15:19:46.095root 11241100x8000000000000000716041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d13c55a7c30d3a2023-02-07 15:19:46.095root 11241100x8000000000000000716050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39be71439c2a941d2023-02-07 15:19:46.096root 11241100x8000000000000000716049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeea119cf40262b32023-02-07 15:19:46.096root 11241100x8000000000000000716048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ccc194abb68b772023-02-07 15:19:46.096root 11241100x8000000000000000716047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e1bfce09d8cadc2023-02-07 15:19:46.096root 11241100x8000000000000000716046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9d83f2cd63ce042023-02-07 15:19:46.096root 11241100x8000000000000000716045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e579af9d9bf0cd2023-02-07 15:19:46.096root 11241100x8000000000000000716044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14862cd76002f0362023-02-07 15:19:46.096root 11241100x8000000000000000716054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1ff6dcbf3b3cdf2023-02-07 15:19:46.097root 11241100x8000000000000000716053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e1e3fd701956262023-02-07 15:19:46.097root 11241100x8000000000000000716052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67103d00258d10a52023-02-07 15:19:46.097root 11241100x8000000000000000716051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e0e353aa1093672023-02-07 15:19:46.097root 11241100x8000000000000000716060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d832505fe8d4da72023-02-07 15:19:46.595root 11241100x8000000000000000716059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad59b59d9ca6b692023-02-07 15:19:46.595root 11241100x8000000000000000716058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e412f193678fb82023-02-07 15:19:46.595root 11241100x8000000000000000716057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6921e67181ecb2023-02-07 15:19:46.595root 11241100x8000000000000000716056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f180854b4f1912023-02-07 15:19:46.595root 11241100x8000000000000000716055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23c8200daefbc62023-02-07 15:19:46.595root 11241100x8000000000000000716067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d46d98da5e7df62023-02-07 15:19:46.596root 11241100x8000000000000000716066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a765a980e1dbcd02023-02-07 15:19:46.596root 11241100x8000000000000000716065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598712039d3565972023-02-07 15:19:46.596root 11241100x8000000000000000716064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2984dac32edcaf2023-02-07 15:19:46.596root 11241100x8000000000000000716063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a937ba587cebd52023-02-07 15:19:46.596root 11241100x8000000000000000716062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c3f71621dde3742023-02-07 15:19:46.596root 11241100x8000000000000000716061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324b45808fd6f852023-02-07 15:19:46.596root 11241100x8000000000000000716068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:46.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e276cca101099822023-02-07 15:19:46.597root 11241100x8000000000000000716072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd33b83233cc35912023-02-07 15:19:47.095root 11241100x8000000000000000716071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b98b81b8fa2f5f2023-02-07 15:19:47.095root 11241100x8000000000000000716070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cbaf5686999ff12023-02-07 15:19:47.095root 11241100x8000000000000000716069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49c4be5d99419b32023-02-07 15:19:47.095root 11241100x8000000000000000716075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127d5b4b37224da72023-02-07 15:19:47.097root 11241100x8000000000000000716074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a478e22f010e82023-02-07 15:19:47.097root 11241100x8000000000000000716073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d2cdd97c4d84a02023-02-07 15:19:47.097root 11241100x8000000000000000716080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7634fd31ca77d4782023-02-07 15:19:47.098root 11241100x8000000000000000716079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd42f06406969ebf2023-02-07 15:19:47.098root 11241100x8000000000000000716078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65391075818820392023-02-07 15:19:47.098root 11241100x8000000000000000716077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c67ac9200da2c72023-02-07 15:19:47.098root 11241100x8000000000000000716076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3344422e9bdc2ec42023-02-07 15:19:47.098root 11241100x8000000000000000716082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dcf5d1cf56dd682023-02-07 15:19:47.099root 11241100x8000000000000000716081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db82d35e9623fac2023-02-07 15:19:47.099root 11241100x8000000000000000716084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae0ece8d2c415412023-02-07 15:19:47.595root 11241100x8000000000000000716083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3800d6a1436a152023-02-07 15:19:47.595root 11241100x8000000000000000716087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9cbbe1891fb30d2023-02-07 15:19:47.596root 11241100x8000000000000000716086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67a5fbd20a875e62023-02-07 15:19:47.596root 11241100x8000000000000000716085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9dfc05a5132d7c2023-02-07 15:19:47.596root 11241100x8000000000000000716091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8ee10a1903a5292023-02-07 15:19:47.597root 11241100x8000000000000000716090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cff49a289220982023-02-07 15:19:47.597root 11241100x8000000000000000716089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf6f91720d5c0992023-02-07 15:19:47.597root 11241100x8000000000000000716088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f467fd386214732023-02-07 15:19:47.597root 11241100x8000000000000000716095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2e194822fc93b12023-02-07 15:19:47.598root 11241100x8000000000000000716094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05567e54176db4812023-02-07 15:19:47.598root 11241100x8000000000000000716093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898843f97d3f62162023-02-07 15:19:47.598root 11241100x8000000000000000716092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5b039e46c8e6622023-02-07 15:19:47.598root 11241100x8000000000000000716099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cbf4d3c44c8a2a2023-02-07 15:19:47.599root 11241100x8000000000000000716098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79043434a03d0de2023-02-07 15:19:47.599root 11241100x8000000000000000716097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0af061ced1ca1502023-02-07 15:19:47.599root 11241100x8000000000000000716096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:47.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f1236fff82ccb12023-02-07 15:19:47.599root 11241100x8000000000000000716101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d684687af862a5312023-02-07 15:19:48.095root 11241100x8000000000000000716100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709bf075eb3cabd92023-02-07 15:19:48.095root 11241100x8000000000000000716106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea5637863501692023-02-07 15:19:48.096root 11241100x8000000000000000716105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8673086acc9a00d2023-02-07 15:19:48.096root 11241100x8000000000000000716104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a43bf31c33998d2023-02-07 15:19:48.096root 11241100x8000000000000000716103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd4398914cf9692023-02-07 15:19:48.096root 11241100x8000000000000000716102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbdde99175ce5e62023-02-07 15:19:48.096root 11241100x8000000000000000716111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c3d49d3e3105232023-02-07 15:19:48.097root 11241100x8000000000000000716110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6a64688f4143262023-02-07 15:19:48.097root 11241100x8000000000000000716109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7582b568d1ad21092023-02-07 15:19:48.097root 11241100x8000000000000000716108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb56438c893effb2023-02-07 15:19:48.097root 11241100x8000000000000000716107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2387b67fc3b2191a2023-02-07 15:19:48.097root 11241100x8000000000000000716116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d245ad8832210542023-02-07 15:19:48.098root 11241100x8000000000000000716115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c098a9482e73a52023-02-07 15:19:48.098root 11241100x8000000000000000716114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427b7a5416aa0a302023-02-07 15:19:48.098root 11241100x8000000000000000716113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49a514f5afa46e22023-02-07 15:19:48.098root 11241100x8000000000000000716112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27427a3322d4d2102023-02-07 15:19:48.098root 11241100x8000000000000000716121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b5001b97e1d3f42023-02-07 15:19:48.099root 11241100x8000000000000000716120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cc0b601ecce8dd2023-02-07 15:19:48.099root 11241100x8000000000000000716119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a612762a7d783582023-02-07 15:19:48.099root 11241100x8000000000000000716118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b308877901d8beda2023-02-07 15:19:48.099root 11241100x8000000000000000716117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a3b4ba0c10c85f2023-02-07 15:19:48.099root 11241100x8000000000000000716127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062ad6e8dab2143d2023-02-07 15:19:48.100root 11241100x8000000000000000716126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbac64647f22de72023-02-07 15:19:48.100root 11241100x8000000000000000716125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8da2d4c788685c42023-02-07 15:19:48.100root 11241100x8000000000000000716124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b7149f2c93327d2023-02-07 15:19:48.100root 11241100x8000000000000000716123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a57035a111fa33f2023-02-07 15:19:48.100root 11241100x8000000000000000716122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460e8d13389868ba2023-02-07 15:19:48.100root 11241100x8000000000000000716132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2834f921fd031e2023-02-07 15:19:48.101root 11241100x8000000000000000716131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6cb83d7e15f3362023-02-07 15:19:48.101root 11241100x8000000000000000716130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e995d522c3da7b2023-02-07 15:19:48.101root 11241100x8000000000000000716129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e9ec06da8446112023-02-07 15:19:48.101root 11241100x8000000000000000716128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24aa9cc058c4d1c2023-02-07 15:19:48.101root 11241100x8000000000000000716135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6671dcf4d5279bc62023-02-07 15:19:48.102root 11241100x8000000000000000716134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23b081765673c2a2023-02-07 15:19:48.102root 11241100x8000000000000000716133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0a6d8be87969ff2023-02-07 15:19:48.102root 11241100x8000000000000000716144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e181f2f869217f42023-02-07 15:19:48.103root 11241100x8000000000000000716143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7889e0a832027ee52023-02-07 15:19:48.103root 11241100x8000000000000000716142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0347eb0f2ba4b172023-02-07 15:19:48.103root 11241100x8000000000000000716141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e897eb78bcf197182023-02-07 15:19:48.103root 11241100x8000000000000000716140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9105796caf05de472023-02-07 15:19:48.103root 11241100x8000000000000000716139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5645a301ea6d912023-02-07 15:19:48.103root 11241100x8000000000000000716138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e107d93de512e6e22023-02-07 15:19:48.103root 11241100x8000000000000000716137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e578f285b17b81a92023-02-07 15:19:48.103root 11241100x8000000000000000716136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7adb12ffe1280e2023-02-07 15:19:48.103root 11241100x8000000000000000716149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f316ef0a2a90e252023-02-07 15:19:48.595root 11241100x8000000000000000716148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02eeb6550a59a37e2023-02-07 15:19:48.595root 11241100x8000000000000000716147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2c26a6d76738ea2023-02-07 15:19:48.595root 11241100x8000000000000000716146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44356098021a60f02023-02-07 15:19:48.595root 11241100x8000000000000000716145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5c09aa382e52312023-02-07 15:19:48.595root 11241100x8000000000000000716155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53d143facee561c2023-02-07 15:19:48.596root 11241100x8000000000000000716154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ef5df77dcd01c92023-02-07 15:19:48.596root 11241100x8000000000000000716153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cef18875988b052023-02-07 15:19:48.596root 11241100x8000000000000000716152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71820ac356fdda52023-02-07 15:19:48.596root 11241100x8000000000000000716151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed00e7c31cab6e8b2023-02-07 15:19:48.596root 11241100x8000000000000000716150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84700f89b9b434802023-02-07 15:19:48.596root 11241100x8000000000000000716160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8a1aed71a8e1802023-02-07 15:19:48.597root 11241100x8000000000000000716159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4aaef66b468e1b2023-02-07 15:19:48.597root 11241100x8000000000000000716158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8ecbc6bd08de832023-02-07 15:19:48.597root 11241100x8000000000000000716157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c219918e8be5092023-02-07 15:19:48.597root 11241100x8000000000000000716156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fac8e1a6326a822023-02-07 15:19:48.597root 11241100x8000000000000000716167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dc52f7b35fb6c82023-02-07 15:19:48.598root 11241100x8000000000000000716166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1821c08bfa01f562023-02-07 15:19:48.598root 11241100x8000000000000000716165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b039d50631e09cb02023-02-07 15:19:48.598root 11241100x8000000000000000716164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf2bf79c4e1cf712023-02-07 15:19:48.598root 11241100x8000000000000000716163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745ea49ea8d54a522023-02-07 15:19:48.598root 11241100x8000000000000000716162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b259a45886fd53ac2023-02-07 15:19:48.598root 11241100x8000000000000000716161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fa37d9734196e92023-02-07 15:19:48.598root 11241100x8000000000000000716170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9151c3093b01fe912023-02-07 15:19:48.599root 11241100x8000000000000000716169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28de8bebea8ea642023-02-07 15:19:48.599root 11241100x8000000000000000716168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:48.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72616cdf9118055e2023-02-07 15:19:48.599root 11241100x8000000000000000716172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b18faa3a6f373602023-02-07 15:19:49.095root 11241100x8000000000000000716171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575ca6b397a11da92023-02-07 15:19:49.095root 11241100x8000000000000000716182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31449f18939641d2023-02-07 15:19:49.096root 11241100x8000000000000000716181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cdca32d2b0d5e42023-02-07 15:19:49.096root 11241100x8000000000000000716180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4d252e88436cfa2023-02-07 15:19:49.096root 11241100x8000000000000000716179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd5ca0ff9e9e54b2023-02-07 15:19:49.096root 11241100x8000000000000000716178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539726f75c2e51ab2023-02-07 15:19:49.096root 11241100x8000000000000000716177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2f3146c62bd522023-02-07 15:19:49.096root 11241100x8000000000000000716176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d3dc22145f49122023-02-07 15:19:49.096root 11241100x8000000000000000716175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05eea4e8ea851c312023-02-07 15:19:49.096root 11241100x8000000000000000716174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2714e5a270beb62023-02-07 15:19:49.096root 11241100x8000000000000000716173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea9f134a9fc124b2023-02-07 15:19:49.096root 11241100x8000000000000000716184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29939ecca0f9d1d12023-02-07 15:19:49.097root 11241100x8000000000000000716183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260e44cb943b90c92023-02-07 15:19:49.097root 11241100x8000000000000000716186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89a7ca4b1133752023-02-07 15:19:49.595root 11241100x8000000000000000716185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e48a3d133082742023-02-07 15:19:49.595root 11241100x8000000000000000716190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc314a0633ee09642023-02-07 15:19:49.596root 11241100x8000000000000000716189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8706c1254358c292023-02-07 15:19:49.596root 11241100x8000000000000000716188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416860d85367192c2023-02-07 15:19:49.596root 11241100x8000000000000000716187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b7d9b018b841d52023-02-07 15:19:49.596root 11241100x8000000000000000716194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba9ef96fe3688bc2023-02-07 15:19:49.597root 11241100x8000000000000000716193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a33d431132d4a52023-02-07 15:19:49.597root 11241100x8000000000000000716192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6cb187bdaf70b82023-02-07 15:19:49.597root 11241100x8000000000000000716191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e97e20701617e82023-02-07 15:19:49.597root 11241100x8000000000000000716198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58541b18dd472e202023-02-07 15:19:49.598root 11241100x8000000000000000716197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fe916bc3d3e4502023-02-07 15:19:49.598root 11241100x8000000000000000716196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9675375d9e7d8df2023-02-07 15:19:49.598root 11241100x8000000000000000716195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:49.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d97934007f9cb662023-02-07 15:19:49.598root 354300x8000000000000000716199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.072{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41626-false10.0.1.12-8000- 11241100x8000000000000000716210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90c9b726e5a7cb82023-02-07 15:19:50.073root 11241100x8000000000000000716209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac694c3e83db0942023-02-07 15:19:50.073root 11241100x8000000000000000716208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab48b1e1ee3e60b02023-02-07 15:19:50.073root 11241100x8000000000000000716207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfbfacec66c4b902023-02-07 15:19:50.073root 11241100x8000000000000000716206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f539abab7c71f2023-02-07 15:19:50.073root 11241100x8000000000000000716205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f671d6c2366db3c2023-02-07 15:19:50.073root 11241100x8000000000000000716204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c3b82fa1f2365a2023-02-07 15:19:50.073root 11241100x8000000000000000716203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0820b5a6667b2c742023-02-07 15:19:50.073root 11241100x8000000000000000716202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca1708db506b2e2023-02-07 15:19:50.073root 11241100x8000000000000000716201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5527f2c4b468b9bb2023-02-07 15:19:50.073root 11241100x8000000000000000716200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.073{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2e668dfcdd0302023-02-07 15:19:50.073root 11241100x8000000000000000716215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.074{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c86a258b6d4c652023-02-07 15:19:50.074root 11241100x8000000000000000716214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.074{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37474585838538e22023-02-07 15:19:50.074root 11241100x8000000000000000716213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.074{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2f798c6736005c2023-02-07 15:19:50.074root 11241100x8000000000000000716212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.074{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7a3d7b22c88c352023-02-07 15:19:50.074root 11241100x8000000000000000716211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.074{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110b4d45f41bb0022023-02-07 15:19:50.074root 11241100x8000000000000000716226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a093b4bc0111f32023-02-07 15:19:50.347root 11241100x8000000000000000716225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37ac99a81d690492023-02-07 15:19:50.347root 11241100x8000000000000000716224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbdd1b426549c9c2023-02-07 15:19:50.347root 11241100x8000000000000000716223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b97a33c8ac121a2023-02-07 15:19:50.347root 11241100x8000000000000000716222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ba2959aa6f3d032023-02-07 15:19:50.347root 11241100x8000000000000000716221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7477d754e8b672e2023-02-07 15:19:50.347root 11241100x8000000000000000716220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cc5227d5d04cdd2023-02-07 15:19:50.347root 11241100x8000000000000000716219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e4d3d6e420504c2023-02-07 15:19:50.347root 11241100x8000000000000000716218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bcad63ab80be3c2023-02-07 15:19:50.347root 11241100x8000000000000000716217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78676682331b5e1a2023-02-07 15:19:50.347root 11241100x8000000000000000716216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de67b2d4249e4da2023-02-07 15:19:50.347root 11241100x8000000000000000716230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d58a70b893a2d172023-02-07 15:19:50.348root 11241100x8000000000000000716229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b14256e8f453d2023-02-07 15:19:50.348root 11241100x8000000000000000716228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1817fb789d34e22023-02-07 15:19:50.348root 11241100x8000000000000000716227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fed13a65e3ef8b2023-02-07 15:19:50.348root 11241100x8000000000000000716231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b7856ce6e45bc42023-02-07 15:19:50.845root 11241100x8000000000000000716242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc8aeabc4f295382023-02-07 15:19:50.846root 11241100x8000000000000000716241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0969e30b422553ee2023-02-07 15:19:50.846root 11241100x8000000000000000716240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5aa3f7600a01592023-02-07 15:19:50.846root 11241100x8000000000000000716239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263234206b26c07a2023-02-07 15:19:50.846root 11241100x8000000000000000716238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de574013dc50db472023-02-07 15:19:50.846root 11241100x8000000000000000716237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fd8eac780c0ada2023-02-07 15:19:50.846root 11241100x8000000000000000716236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff3d4b0dea5e4802023-02-07 15:19:50.846root 11241100x8000000000000000716235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ef1f18668f7ef32023-02-07 15:19:50.846root 11241100x8000000000000000716234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f21e1b82bb7d972023-02-07 15:19:50.846root 11241100x8000000000000000716233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7612761f8a230a2023-02-07 15:19:50.846root 11241100x8000000000000000716232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a054b808ec506d62023-02-07 15:19:50.846root 11241100x8000000000000000716245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5eb81174fca4952023-02-07 15:19:50.847root 11241100x8000000000000000716244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53336d49f29492e22023-02-07 15:19:50.847root 11241100x8000000000000000716243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:50.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a836b515ee2dd2023-02-07 15:19:50.847root 11241100x8000000000000000716246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3208fa964cb3c392023-02-07 15:19:51.345root 11241100x8000000000000000716257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2f997e66d038382023-02-07 15:19:51.346root 11241100x8000000000000000716256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa45f0665074e82023-02-07 15:19:51.346root 11241100x8000000000000000716255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cf5d01697ecafe2023-02-07 15:19:51.346root 11241100x8000000000000000716254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf07543edc3606432023-02-07 15:19:51.346root 11241100x8000000000000000716253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68654d67492c82152023-02-07 15:19:51.346root 11241100x8000000000000000716252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f351e1775fd804eb2023-02-07 15:19:51.346root 11241100x8000000000000000716251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02cf0356fdf12202023-02-07 15:19:51.346root 11241100x8000000000000000716250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bb00602258a7a12023-02-07 15:19:51.346root 11241100x8000000000000000716249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc045d263682cb42023-02-07 15:19:51.346root 11241100x8000000000000000716248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356b8e6cf1da543e2023-02-07 15:19:51.346root 11241100x8000000000000000716247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9550349e235c1b02023-02-07 15:19:51.346root 11241100x8000000000000000716260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559685f752d9f7562023-02-07 15:19:51.347root 11241100x8000000000000000716259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484365f02ab69d12023-02-07 15:19:51.347root 11241100x8000000000000000716258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6b5963b3681e0d2023-02-07 15:19:51.347root 11241100x8000000000000000716261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486354177551e59b2023-02-07 15:19:51.845root 11241100x8000000000000000716275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8705a1c32c7a49f32023-02-07 15:19:51.846root 11241100x8000000000000000716274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c3633ee3b079cf2023-02-07 15:19:51.846root 11241100x8000000000000000716273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11eeb45e7b96d02d2023-02-07 15:19:51.846root 11241100x8000000000000000716272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1213545aab796de52023-02-07 15:19:51.846root 11241100x8000000000000000716271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a803a6a042b743f52023-02-07 15:19:51.846root 11241100x8000000000000000716270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487bf22d47e2fdbf2023-02-07 15:19:51.846root 11241100x8000000000000000716269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b1a17a6b5935272023-02-07 15:19:51.846root 11241100x8000000000000000716268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f00a70a7a9d723b2023-02-07 15:19:51.846root 11241100x8000000000000000716267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b654082cbe41cc2023-02-07 15:19:51.846root 11241100x8000000000000000716266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f8d2be5f178942023-02-07 15:19:51.846root 11241100x8000000000000000716265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a7aa2d64c09df52023-02-07 15:19:51.846root 11241100x8000000000000000716264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3feaae632d5e6be92023-02-07 15:19:51.846root 11241100x8000000000000000716263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f06682106bb54b52023-02-07 15:19:51.846root 11241100x8000000000000000716262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422557ceeaec6ac12023-02-07 15:19:51.846root 11241100x8000000000000000716276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.868{ec244aba-6c01-63e2-485b-5fb939560000}6224/usr/bin/vim.basic/home/ubuntu/wiper/awfulshred3.sh2023-02-07 15:19:51.868ubuntu 11241100x8000000000000000716277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.871{ec244aba-6c01-63e2-485b-5fb939560000}6224/usr/bin/vim.basic/home/ubuntu/.viminfo2023-02-07 15:19:51.871ubuntu 23542300x8000000000000000716278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.972{ec244aba-6c01-63e2-485b-5fb939560000}6224ubuntu/usr/bin/vim.basic/home/ubuntu/wiper/.awfulshred3.sh.swp--- 534500x8000000000000000716279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:51.974{ec244aba-6c01-63e2-485b-5fb939560000}6224/usr/bin/vim.basicubuntu 11241100x8000000000000000716288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4028f3822154f22023-02-07 15:19:52.346root 11241100x8000000000000000716287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab885f997272f14a2023-02-07 15:19:52.346root 11241100x8000000000000000716286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24e0d0f3304c7602023-02-07 15:19:52.346root 11241100x8000000000000000716285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e053ab13a71712023-02-07 15:19:52.346root 11241100x8000000000000000716284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07265c6a15054b22023-02-07 15:19:52.346root 11241100x8000000000000000716283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a4607bfe540a272023-02-07 15:19:52.346root 11241100x8000000000000000716282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ef9b2756090f092023-02-07 15:19:52.346root 11241100x8000000000000000716281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61896042d7fa57e2023-02-07 15:19:52.346root 11241100x8000000000000000716280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe49899792759552023-02-07 15:19:52.346root 11241100x8000000000000000716297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519d324c3859e4a12023-02-07 15:19:52.347root 11241100x8000000000000000716296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b155355466f2a4e62023-02-07 15:19:52.347root 11241100x8000000000000000716295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b89292f75533c92023-02-07 15:19:52.347root 11241100x8000000000000000716294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de75fe3a04403472023-02-07 15:19:52.347root 11241100x8000000000000000716293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced6fc4e5385c4342023-02-07 15:19:52.347root 11241100x8000000000000000716292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca76a560028fd442023-02-07 15:19:52.347root 11241100x8000000000000000716291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbb68f6f85a98742023-02-07 15:19:52.347root 11241100x8000000000000000716290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd9719c106ef80a2023-02-07 15:19:52.347root 11241100x8000000000000000716289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34d9951b99104312023-02-07 15:19:52.347root 11241100x8000000000000000716298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa772beaaae5e28b2023-02-07 15:19:52.348root 11241100x8000000000000000716301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c09720afe3c392023-02-07 15:19:52.845root 11241100x8000000000000000716300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e76c63b92511ea2023-02-07 15:19:52.845root 11241100x8000000000000000716299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c1e1ad6dab62902023-02-07 15:19:52.845root 11241100x8000000000000000716316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a858e5e346cd62db2023-02-07 15:19:52.846root 11241100x8000000000000000716315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973825c8b87d2a802023-02-07 15:19:52.846root 11241100x8000000000000000716314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c291df8f09cba7c2023-02-07 15:19:52.846root 11241100x8000000000000000716313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56891e4c0e2f73642023-02-07 15:19:52.846root 11241100x8000000000000000716312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db8b338ffe864862023-02-07 15:19:52.846root 11241100x8000000000000000716311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2862a09cd44c2ea2023-02-07 15:19:52.846root 11241100x8000000000000000716310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9600f27643a846732023-02-07 15:19:52.846root 11241100x8000000000000000716309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b21f97ec50eb052023-02-07 15:19:52.846root 11241100x8000000000000000716308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be77a628b815eba52023-02-07 15:19:52.846root 11241100x8000000000000000716307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c50a6dffd25692023-02-07 15:19:52.846root 11241100x8000000000000000716306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14caf29da6466d442023-02-07 15:19:52.846root 11241100x8000000000000000716305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb76ef7d562978682023-02-07 15:19:52.846root 11241100x8000000000000000716304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08dbf80dd8f09ff2023-02-07 15:19:52.846root 11241100x8000000000000000716303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bed316b50d6c6162023-02-07 15:19:52.846root 11241100x8000000000000000716302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9910a2d6ef1843e2023-02-07 15:19:52.846root 11241100x8000000000000000716317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:52.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3fe84a5320a7c52023-02-07 15:19:52.847root 11241100x8000000000000000716322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cb1d3cb33343e72023-02-07 15:19:53.345root 11241100x8000000000000000716321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c3084208eaee5e2023-02-07 15:19:53.345root 11241100x8000000000000000716320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6283805b79a8b2372023-02-07 15:19:53.345root 11241100x8000000000000000716319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c67bfcf9254c9f2023-02-07 15:19:53.345root 11241100x8000000000000000716318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaacbd5b4a408972023-02-07 15:19:53.345root 11241100x8000000000000000716334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9014a6194eb3a9712023-02-07 15:19:53.346root 11241100x8000000000000000716333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb4584845916cc2023-02-07 15:19:53.346root 11241100x8000000000000000716332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1d439abaa641542023-02-07 15:19:53.346root 11241100x8000000000000000716331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8102b8eff27b492023-02-07 15:19:53.346root 11241100x8000000000000000716330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6e921e9001aba52023-02-07 15:19:53.346root 11241100x8000000000000000716329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601275bb0fdee6002023-02-07 15:19:53.346root 11241100x8000000000000000716328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acac8fd776a9bc92023-02-07 15:19:53.346root 11241100x8000000000000000716327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c27c90eee773d512023-02-07 15:19:53.346root 11241100x8000000000000000716326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c1c27dcba581042023-02-07 15:19:53.346root 11241100x8000000000000000716325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7a4810717e488f2023-02-07 15:19:53.346root 11241100x8000000000000000716324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2357cfc05d7a0f42023-02-07 15:19:53.346root 11241100x8000000000000000716323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f628f102902b65c42023-02-07 15:19:53.346root 11241100x8000000000000000716343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826b774ce365d2212023-02-07 15:19:53.347root 11241100x8000000000000000716342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38717b04399f63f92023-02-07 15:19:53.347root 11241100x8000000000000000716341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f996bef3476236df2023-02-07 15:19:53.347root 11241100x8000000000000000716340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43411a35165bb2c72023-02-07 15:19:53.347root 11241100x8000000000000000716339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5c485a7f95b0c32023-02-07 15:19:53.347root 11241100x8000000000000000716338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a524545a0c5d512023-02-07 15:19:53.347root 11241100x8000000000000000716337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8519be1693bd55d92023-02-07 15:19:53.347root 11241100x8000000000000000716336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a369ba107fd427462023-02-07 15:19:53.347root 11241100x8000000000000000716335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1105939919f7432023-02-07 15:19:53.347root 11241100x8000000000000000716353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e67e590ad295d2b2023-02-07 15:19:53.348root 11241100x8000000000000000716352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75152e5b2fc810712023-02-07 15:19:53.348root 11241100x8000000000000000716351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b74a5c2adbf942023-02-07 15:19:53.348root 11241100x8000000000000000716350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc438de9cbaec4c92023-02-07 15:19:53.348root 11241100x8000000000000000716349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2082463a972983ca2023-02-07 15:19:53.348root 11241100x8000000000000000716348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d80a2f9c2a77dd52023-02-07 15:19:53.348root 11241100x8000000000000000716347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f1e74eda247272023-02-07 15:19:53.348root 11241100x8000000000000000716346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dd12c25f673c372023-02-07 15:19:53.348root 11241100x8000000000000000716345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb1989c77a62a542023-02-07 15:19:53.348root 11241100x8000000000000000716344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d4e96358bf92462023-02-07 15:19:53.348root 11241100x8000000000000000716367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6614e620fc5bc572023-02-07 15:19:53.349root 11241100x8000000000000000716366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37951208e65664b2023-02-07 15:19:53.349root 11241100x8000000000000000716365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fea36ccb3adb1dd2023-02-07 15:19:53.349root 11241100x8000000000000000716364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc6c7acc36898d72023-02-07 15:19:53.349root 11241100x8000000000000000716363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16b8956b27d63412023-02-07 15:19:53.349root 11241100x8000000000000000716362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bf83232ddccdcb2023-02-07 15:19:53.349root 11241100x8000000000000000716361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2006781847e347a62023-02-07 15:19:53.349root 11241100x8000000000000000716360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c919dfa583d8f0b2023-02-07 15:19:53.349root 11241100x8000000000000000716359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a245206d6f37a502023-02-07 15:19:53.349root 11241100x8000000000000000716358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb375335561206532023-02-07 15:19:53.349root 11241100x8000000000000000716357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b0c7c1dfa6f43e2023-02-07 15:19:53.349root 11241100x8000000000000000716356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493257602c4c9a6e2023-02-07 15:19:53.349root 11241100x8000000000000000716355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8aae21e4d384892023-02-07 15:19:53.349root 11241100x8000000000000000716354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880988ee2ab8ab452023-02-07 15:19:53.349root 11241100x8000000000000000716369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee74ad94094929a2023-02-07 15:19:53.353root 11241100x8000000000000000716368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423fbac42d4e2a722023-02-07 15:19:53.353root 11241100x8000000000000000716375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481ad60b7a8781542023-02-07 15:19:53.355root 11241100x8000000000000000716374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98304a96f361632023-02-07 15:19:53.355root 11241100x8000000000000000716373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc65430e12b7ad42023-02-07 15:19:53.355root 11241100x8000000000000000716372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778309b3509306d82023-02-07 15:19:53.355root 11241100x8000000000000000716371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e126b61e7bf6e82023-02-07 15:19:53.355root 11241100x8000000000000000716370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225dda19cfbf215c2023-02-07 15:19:53.355root 11241100x8000000000000000716387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bb53231a615ad92023-02-07 15:19:53.846root 11241100x8000000000000000716386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9e6e837c62cc792023-02-07 15:19:53.846root 11241100x8000000000000000716385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a01e43471debbe2023-02-07 15:19:53.846root 11241100x8000000000000000716384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db85bc44e8d10d92023-02-07 15:19:53.846root 11241100x8000000000000000716383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6efd5f3e97e1b3c2023-02-07 15:19:53.846root 11241100x8000000000000000716382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920cf43154a3b7f2023-02-07 15:19:53.846root 11241100x8000000000000000716381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d05053181580b32023-02-07 15:19:53.846root 11241100x8000000000000000716380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c11dd83673640132023-02-07 15:19:53.846root 11241100x8000000000000000716379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a619b64e6bec644f2023-02-07 15:19:53.846root 11241100x8000000000000000716378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c695a84da08e45cc2023-02-07 15:19:53.846root 11241100x8000000000000000716377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6284cc746741055d2023-02-07 15:19:53.846root 11241100x8000000000000000716376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e67d152ea2249802023-02-07 15:19:53.846root 11241100x8000000000000000716394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef42e47e98b618c2023-02-07 15:19:53.847root 11241100x8000000000000000716393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b364fc66d9e30d2023-02-07 15:19:53.847root 11241100x8000000000000000716392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e77b2b6e88cc42023-02-07 15:19:53.847root 11241100x8000000000000000716391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857056d05f7850db2023-02-07 15:19:53.847root 11241100x8000000000000000716390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0bbc476b084f82023-02-07 15:19:53.847root 11241100x8000000000000000716389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3f771ecb6287942023-02-07 15:19:53.847root 11241100x8000000000000000716388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164ccb4cf3e1e3922023-02-07 15:19:53.847root 11241100x8000000000000000716398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1010a355f5b80dc2023-02-07 15:19:54.345root 11241100x8000000000000000716397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb2ceb7404f13872023-02-07 15:19:54.345root 11241100x8000000000000000716396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888fe995c949a542023-02-07 15:19:54.345root 11241100x8000000000000000716395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b558d9e763d1dcfa2023-02-07 15:19:54.345root 11241100x8000000000000000716408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc77ab3a3f227e12023-02-07 15:19:54.346root 11241100x8000000000000000716407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79197399f7dddfc22023-02-07 15:19:54.346root 11241100x8000000000000000716406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68c894c627277602023-02-07 15:19:54.346root 11241100x8000000000000000716405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e78d18528107c322023-02-07 15:19:54.346root 11241100x8000000000000000716404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa04bca6d8738082023-02-07 15:19:54.346root 11241100x8000000000000000716403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce615498f20ca702023-02-07 15:19:54.346root 11241100x8000000000000000716402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78eb2dd48314bb0b2023-02-07 15:19:54.346root 11241100x8000000000000000716401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b09bd25dfe2d2742023-02-07 15:19:54.346root 11241100x8000000000000000716400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c78898c6a4f21b2023-02-07 15:19:54.346root 11241100x8000000000000000716399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1951c361d64ec22023-02-07 15:19:54.346root 11241100x8000000000000000716420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd944ac4eaa8a662023-02-07 15:19:54.347root 11241100x8000000000000000716419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a9c62b16ad35942023-02-07 15:19:54.347root 11241100x8000000000000000716418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eca95fd9cedfecd2023-02-07 15:19:54.347root 11241100x8000000000000000716417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae46291836524d832023-02-07 15:19:54.347root 11241100x8000000000000000716416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4788fa6277844c5a2023-02-07 15:19:54.347root 11241100x8000000000000000716415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bd0cb06bdfa4292023-02-07 15:19:54.347root 11241100x8000000000000000716414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f3b4b75a787d262023-02-07 15:19:54.347root 11241100x8000000000000000716413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc918671f5ca6b7d2023-02-07 15:19:54.347root 11241100x8000000000000000716412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b60485bfbdcc252023-02-07 15:19:54.347root 11241100x8000000000000000716411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32c590c225527042023-02-07 15:19:54.347root 11241100x8000000000000000716410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5167c4d12a009032023-02-07 15:19:54.347root 11241100x8000000000000000716409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ccfb87ff3cb4bc2023-02-07 15:19:54.347root 11241100x8000000000000000716435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d50949f22fa01512023-02-07 15:19:54.348root 11241100x8000000000000000716434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9eb4520baee6cd2023-02-07 15:19:54.348root 11241100x8000000000000000716433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7925d92bc8e6d1f72023-02-07 15:19:54.348root 11241100x8000000000000000716432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b5b1f31c7b08dd2023-02-07 15:19:54.348root 11241100x8000000000000000716431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb3ea1cf29db7452023-02-07 15:19:54.348root 11241100x8000000000000000716430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8785fe3c81ebd9652023-02-07 15:19:54.348root 11241100x8000000000000000716429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f3f314089cd0122023-02-07 15:19:54.348root 11241100x8000000000000000716428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbba3eeda571de572023-02-07 15:19:54.348root 11241100x8000000000000000716427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dd59e1be3206ee2023-02-07 15:19:54.348root 11241100x8000000000000000716426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4c1bdf56f419c2023-02-07 15:19:54.348root 11241100x8000000000000000716425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda03198ad32e86e2023-02-07 15:19:54.348root 11241100x8000000000000000716424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c11084fa0558fe2023-02-07 15:19:54.348root 11241100x8000000000000000716423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eee39a476b87212023-02-07 15:19:54.348root 11241100x8000000000000000716422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d036892c474948062023-02-07 15:19:54.348root 11241100x8000000000000000716421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18b0f117427b53b2023-02-07 15:19:54.348root 11241100x8000000000000000716452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cbb1e6b48fa81e2023-02-07 15:19:54.349root 11241100x8000000000000000716451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945f7e749655ff1c2023-02-07 15:19:54.349root 11241100x8000000000000000716450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a0539bbed8d30a2023-02-07 15:19:54.349root 11241100x8000000000000000716449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2690eaf0d8d534db2023-02-07 15:19:54.349root 11241100x8000000000000000716448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e960e50f705f7512023-02-07 15:19:54.349root 11241100x8000000000000000716447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bea4a0137e381e92023-02-07 15:19:54.349root 11241100x8000000000000000716446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd68127c6b02e852023-02-07 15:19:54.349root 11241100x8000000000000000716445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b73127a6f18bfad2023-02-07 15:19:54.349root 11241100x8000000000000000716444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcb69a697760fe72023-02-07 15:19:54.349root 11241100x8000000000000000716443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedce45e31e2e0972023-02-07 15:19:54.349root 11241100x8000000000000000716442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35614dbaf78a39592023-02-07 15:19:54.349root 11241100x8000000000000000716441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f892e93131519ba2023-02-07 15:19:54.349root 11241100x8000000000000000716440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685ae3a078c9f2892023-02-07 15:19:54.349root 11241100x8000000000000000716439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670e005265f1ad432023-02-07 15:19:54.349root 11241100x8000000000000000716438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85f96deb3f3144f2023-02-07 15:19:54.349root 11241100x8000000000000000716437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926cb05faafd1a182023-02-07 15:19:54.349root 11241100x8000000000000000716436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07d4533c3075a2c2023-02-07 15:19:54.349root 11241100x8000000000000000716465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6fe44c1955b9222023-02-07 15:19:54.350root 11241100x8000000000000000716464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9de264c9a6276222023-02-07 15:19:54.350root 11241100x8000000000000000716463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e849cf250abfd40c2023-02-07 15:19:54.350root 11241100x8000000000000000716462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599575ca545e6e622023-02-07 15:19:54.350root 11241100x8000000000000000716461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b32cc3c5e920882023-02-07 15:19:54.350root 11241100x8000000000000000716460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec3bf6a073562c22023-02-07 15:19:54.350root 11241100x8000000000000000716459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd27ca304a2a7ea2023-02-07 15:19:54.350root 11241100x8000000000000000716458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fcbd58becd6f1f2023-02-07 15:19:54.350root 11241100x8000000000000000716457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e617df0000e012a32023-02-07 15:19:54.350root 11241100x8000000000000000716456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cc740857c82cdc2023-02-07 15:19:54.350root 11241100x8000000000000000716455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039af512ca027aff2023-02-07 15:19:54.350root 11241100x8000000000000000716454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e4e995e39f4e0d2023-02-07 15:19:54.350root 11241100x8000000000000000716453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63da5e96a0942b72023-02-07 15:19:54.350root 11241100x8000000000000000716473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92efea81443f1f832023-02-07 15:19:54.358root 11241100x8000000000000000716472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0174981c28170e42023-02-07 15:19:54.358root 11241100x8000000000000000716471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec55b4f5e548434c2023-02-07 15:19:54.358root 11241100x8000000000000000716470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e47fe7eb15b89a2023-02-07 15:19:54.358root 11241100x8000000000000000716469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc8e4c73e0a3fac2023-02-07 15:19:54.358root 11241100x8000000000000000716468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763a329a9a542fd42023-02-07 15:19:54.358root 11241100x8000000000000000716467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f8eba04f6be9ce2023-02-07 15:19:54.358root 11241100x8000000000000000716466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.358{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57c932fa97de81c2023-02-07 15:19:54.358root 11241100x8000000000000000716475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173446d1b30e179e2023-02-07 15:19:54.728root 11241100x8000000000000000716474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.728{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:19:54.728root 11241100x8000000000000000716479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46927d15a92f6102023-02-07 15:19:54.729root 11241100x8000000000000000716478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b9b7470a7baf822023-02-07 15:19:54.729root 11241100x8000000000000000716477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce9ffe173e1c6842023-02-07 15:19:54.729root 11241100x8000000000000000716476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e07210546a2b1a2023-02-07 15:19:54.729root 11241100x8000000000000000716490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00f0cdbce0ad2e22023-02-07 15:19:54.730root 11241100x8000000000000000716489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed49d26a766a03622023-02-07 15:19:54.730root 11241100x8000000000000000716488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e68dd1e918ffa2023-02-07 15:19:54.730root 11241100x8000000000000000716487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139157774ecf6f892023-02-07 15:19:54.730root 11241100x8000000000000000716486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dd4c99e42f42032023-02-07 15:19:54.730root 11241100x8000000000000000716485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4711404988e2c2f42023-02-07 15:19:54.730root 11241100x8000000000000000716484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06523bcf1b56533a2023-02-07 15:19:54.730root 11241100x8000000000000000716483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141b7a343b992e8a2023-02-07 15:19:54.730root 11241100x8000000000000000716482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9da934679a79b92023-02-07 15:19:54.730root 11241100x8000000000000000716481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ddf055974c96992023-02-07 15:19:54.730root 11241100x8000000000000000716480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17198ebc087844052023-02-07 15:19:54.730root 11241100x8000000000000000716497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78da85312d4f28172023-02-07 15:19:54.731root 11241100x8000000000000000716496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebbdc409deb13482023-02-07 15:19:54.731root 11241100x8000000000000000716495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86fd6906c66ac592023-02-07 15:19:54.731root 11241100x8000000000000000716494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf34ba2b6263d8482023-02-07 15:19:54.731root 11241100x8000000000000000716493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1cc6f868cda2932023-02-07 15:19:54.731root 11241100x8000000000000000716492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4effbfb21a0a0b2023-02-07 15:19:54.731root 11241100x8000000000000000716491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e28441c16e560f92023-02-07 15:19:54.731root 11241100x8000000000000000716498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:54.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffc7291183d2b292023-02-07 15:19:54.732root 11241100x8000000000000000716503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9b0b7c7343b6d12023-02-07 15:19:55.096root 11241100x8000000000000000716502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2985bacb7a0fd19c2023-02-07 15:19:55.096root 11241100x8000000000000000716501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc929b2ad9a0d8e2023-02-07 15:19:55.096root 11241100x8000000000000000716500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132306dd2ed04e642023-02-07 15:19:55.096root 11241100x8000000000000000716499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44de51da7a9d454f2023-02-07 15:19:55.096root 11241100x8000000000000000716511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133fb7725fb448882023-02-07 15:19:55.097root 11241100x8000000000000000716510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc36923743c647ce2023-02-07 15:19:55.097root 11241100x8000000000000000716509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7a3e965a154a4c2023-02-07 15:19:55.097root 11241100x8000000000000000716508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40e479cbbf63eaf2023-02-07 15:19:55.097root 11241100x8000000000000000716507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d7c7f527d59e7c2023-02-07 15:19:55.097root 11241100x8000000000000000716506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330c1f36621a68292023-02-07 15:19:55.097root 11241100x8000000000000000716505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a722e318073d16382023-02-07 15:19:55.097root 11241100x8000000000000000716504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ac7ebb1ff4b5952023-02-07 15:19:55.097root 11241100x8000000000000000716518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08b4dab9f35f6b2023-02-07 15:19:55.098root 11241100x8000000000000000716517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cee5ac7142e9d832023-02-07 15:19:55.098root 11241100x8000000000000000716516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a5eec0cbeee182023-02-07 15:19:55.098root 11241100x8000000000000000716515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dda49ea168344252023-02-07 15:19:55.098root 11241100x8000000000000000716514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c790e0ddeb9829da2023-02-07 15:19:55.098root 11241100x8000000000000000716513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3b9763910699712023-02-07 15:19:55.098root 11241100x8000000000000000716512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb6ec0c0f8017ca2023-02-07 15:19:55.098root 354300x8000000000000000716519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.254{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33026-false10.0.1.12-8000- 534500x8000000000000000716520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.493{00000000-0000-0000-0000-000000000000}6226<unknown process>ubuntu 11241100x8000000000000000716522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.494{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb0d2f343cbb42d2023-02-07 15:19:55.494root 11241100x8000000000000000716521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.494{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503dcbf95dfaf2a42023-02-07 15:19:55.494root 11241100x8000000000000000716530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce5a4359d4015a12023-02-07 15:19:55.495root 11241100x8000000000000000716529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c107724ebeaac4772023-02-07 15:19:55.495root 11241100x8000000000000000716528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e489d129ea9b6df2023-02-07 15:19:55.495root 11241100x8000000000000000716527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17bfe9c9cf4fe3d2023-02-07 15:19:55.495root 11241100x8000000000000000716526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5bd8f993b4c2912023-02-07 15:19:55.495root 23542300x8000000000000000716525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-6be1-63e2-4874-5465c2550000}6209ubuntu/bin/bash/tmp/sh-thd.8JrM3q--- 11241100x8000000000000000716524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash/tmp/sh-thd.8JrM3q2023-02-07 15:19:55.495ubuntu 534500x8000000000000000716523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.495{ec244aba-6bfc-63e2-0000-000000000000}6227-ubuntu 11241100x8000000000000000716536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.496{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058dd96674a13bb82023-02-07 15:19:55.496root 11241100x8000000000000000716535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.496{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a383a274fc4d952023-02-07 15:19:55.496root 11241100x8000000000000000716534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.496{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953c8f6b2aca11b32023-02-07 15:19:55.496root 11241100x8000000000000000716533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.496{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6871752e438da152023-02-07 15:19:55.496root 11241100x8000000000000000716532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.496{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6021e39e0f91b9392023-02-07 15:19:55.496root 11241100x8000000000000000716531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.496{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06b1c5e4366200e2023-02-07 15:19:55.496root 11241100x8000000000000000716537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.497{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2a8bca52ebee7c2023-02-07 15:19:55.497root 11241100x8000000000000000716540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.498{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9466a1fe3935a3932023-02-07 15:19:55.498root 11241100x8000000000000000716539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.498{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c409fd1105116a12023-02-07 15:19:55.498root 11241100x8000000000000000716538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.498{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eba67c7a2af4ce12023-02-07 15:19:55.498root 11241100x8000000000000000716543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.499{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7a07e250e77d62023-02-07 15:19:55.499root 11241100x8000000000000000716542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.499{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e462abbfcf7b39082023-02-07 15:19:55.499root 11241100x8000000000000000716541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.499{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f9cc08cf9eaa2a2023-02-07 15:19:55.499root 11241100x8000000000000000716544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.500{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773db61cd462ecfd2023-02-07 15:19:55.500root 11241100x8000000000000000716547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.501{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06c7fa21c0ba69b2023-02-07 15:19:55.501root 11241100x8000000000000000716546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.501{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c0fbb875f609162023-02-07 15:19:55.501root 11241100x8000000000000000716545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.501{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117e7b4f0aa80c482023-02-07 15:19:55.501root 11241100x8000000000000000716559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647072ea199ceb742023-02-07 15:19:55.846root 11241100x8000000000000000716558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7d78a18f7f0fc82023-02-07 15:19:55.846root 11241100x8000000000000000716557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad4de174e489e72023-02-07 15:19:55.846root 11241100x8000000000000000716556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ead8cdfd3936dc2023-02-07 15:19:55.846root 11241100x8000000000000000716555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f681003dc6c3a2023-02-07 15:19:55.846root 11241100x8000000000000000716554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e812482434a9341f2023-02-07 15:19:55.846root 11241100x8000000000000000716553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9311a9dad392daa2023-02-07 15:19:55.846root 11241100x8000000000000000716552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633286980a7a039c2023-02-07 15:19:55.846root 11241100x8000000000000000716551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb7a91766ff1ebd2023-02-07 15:19:55.846root 11241100x8000000000000000716550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4a7f0e404577912023-02-07 15:19:55.846root 11241100x8000000000000000716549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737406957667fe992023-02-07 15:19:55.846root 11241100x8000000000000000716548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c99a2874f438432023-02-07 15:19:55.846root 11241100x8000000000000000716567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a254cf993d08082023-02-07 15:19:55.847root 11241100x8000000000000000716566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4702d07b8c2a3e9f2023-02-07 15:19:55.847root 11241100x8000000000000000716565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db3e01d53bfcb732023-02-07 15:19:55.847root 11241100x8000000000000000716564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fdfca0d255976a2023-02-07 15:19:55.847root 11241100x8000000000000000716563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0082ddf1e108232023-02-07 15:19:55.847root 11241100x8000000000000000716562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad28127bd881d9a2023-02-07 15:19:55.847root 11241100x8000000000000000716561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e721e87d22a455062023-02-07 15:19:55.847root 11241100x8000000000000000716560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc46f8301aed11992023-02-07 15:19:55.847root 11241100x8000000000000000716568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f94c83ddd88aa532023-02-07 15:19:55.848root 11241100x8000000000000000716570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1f3d4d78a085c02023-02-07 15:19:55.849root 11241100x8000000000000000716569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383c8aa26254db482023-02-07 15:19:55.849root 11241100x8000000000000000716574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8252203a06abc7a62023-02-07 15:19:55.850root 11241100x8000000000000000716573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f1cd793c9ebb582023-02-07 15:19:55.850root 11241100x8000000000000000716572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b68b65cd9fe1632023-02-07 15:19:55.850root 11241100x8000000000000000716571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b4a29a476105d2023-02-07 15:19:55.850root 11241100x8000000000000000716578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c2755ad2e284ff2023-02-07 15:19:55.851root 11241100x8000000000000000716577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa5159f20712c9e2023-02-07 15:19:55.851root 11241100x8000000000000000716576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cff72bc8bbf3782023-02-07 15:19:55.851root 11241100x8000000000000000716575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b39f1f76c2202d2023-02-07 15:19:55.851root 11241100x8000000000000000716585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91daf3bf917f51c32023-02-07 15:19:55.852root 11241100x8000000000000000716584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67f9b8d9c393b8f2023-02-07 15:19:55.852root 11241100x8000000000000000716583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ee8ac3c154f2eb2023-02-07 15:19:55.852root 11241100x8000000000000000716582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5036268ecd2a3a2023-02-07 15:19:55.852root 11241100x8000000000000000716581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d46ebc352b4b8bd2023-02-07 15:19:55.852root 11241100x8000000000000000716580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae4bfa62afce3c2023-02-07 15:19:55.852root 11241100x8000000000000000716579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:55.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889b1e923ea1a37c2023-02-07 15:19:55.852root 11241100x8000000000000000716589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3916d49463c451fc2023-02-07 15:19:56.346root 11241100x8000000000000000716588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8bfe1e36a474c2023-02-07 15:19:56.346root 11241100x8000000000000000716587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42bd1dc2c5223cb2023-02-07 15:19:56.346root 11241100x8000000000000000716586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60c3a6421db66d12023-02-07 15:19:56.346root 11241100x8000000000000000716594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce574fe7c7a79c02023-02-07 15:19:56.347root 11241100x8000000000000000716593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b797adc983d9e6f82023-02-07 15:19:56.347root 11241100x8000000000000000716592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82c9bf6e8403c122023-02-07 15:19:56.347root 11241100x8000000000000000716591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9d5d48f72902b82023-02-07 15:19:56.347root 11241100x8000000000000000716590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c8a1dd8a8073ba2023-02-07 15:19:56.347root 11241100x8000000000000000716603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84f320786c2e4082023-02-07 15:19:56.348root 11241100x8000000000000000716602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9449ca4a943a21f2023-02-07 15:19:56.348root 11241100x8000000000000000716601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75beff8a4c8db4572023-02-07 15:19:56.348root 11241100x8000000000000000716600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18710f801c2da32023-02-07 15:19:56.348root 11241100x8000000000000000716599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528736175eb733a82023-02-07 15:19:56.348root 11241100x8000000000000000716598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9044cfa64570ca32023-02-07 15:19:56.348root 11241100x8000000000000000716597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731d8e396c1a445b2023-02-07 15:19:56.348root 11241100x8000000000000000716596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac48352b529248a2023-02-07 15:19:56.348root 11241100x8000000000000000716595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544d495ef76f93a12023-02-07 15:19:56.348root 11241100x8000000000000000716608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dcad59096037cc2023-02-07 15:19:56.349root 11241100x8000000000000000716607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841722eb2850f19e2023-02-07 15:19:56.349root 11241100x8000000000000000716606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840abbfc8edac7c92023-02-07 15:19:56.349root 11241100x8000000000000000716605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d12e2a643b7ec2b2023-02-07 15:19:56.349root 11241100x8000000000000000716604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e8530cdf0fa7e12023-02-07 15:19:56.349root 11241100x8000000000000000716610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f200849ea869fde2023-02-07 15:19:56.350root 11241100x8000000000000000716609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf715be4fb3718c2023-02-07 15:19:56.350root 11241100x8000000000000000716611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0854f37a6d958e2023-02-07 15:19:56.845root 11241100x8000000000000000716619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b4913f920037752023-02-07 15:19:56.846root 11241100x8000000000000000716618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fa011c2335f8a52023-02-07 15:19:56.846root 11241100x8000000000000000716617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc587d04cbd91792023-02-07 15:19:56.846root 11241100x8000000000000000716616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243408aa29eb4ff62023-02-07 15:19:56.846root 11241100x8000000000000000716615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe3097caa16b2112023-02-07 15:19:56.846root 11241100x8000000000000000716614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a0480d20bb70b72023-02-07 15:19:56.846root 11241100x8000000000000000716613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406aa40da351b9c12023-02-07 15:19:56.846root 11241100x8000000000000000716612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bf3c598dadc8772023-02-07 15:19:56.846root 11241100x8000000000000000716631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7bd1e9e69eb1162023-02-07 15:19:56.847root 11241100x8000000000000000716630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7fc136f98168102023-02-07 15:19:56.847root 11241100x8000000000000000716629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae39823a0c422292023-02-07 15:19:56.847root 11241100x8000000000000000716628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64de1ed9c9f0200c2023-02-07 15:19:56.847root 11241100x8000000000000000716627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31993b6ac97eaaea2023-02-07 15:19:56.847root 11241100x8000000000000000716626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c0b8b1859f62b82023-02-07 15:19:56.847root 11241100x8000000000000000716625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feadfdc47631794b2023-02-07 15:19:56.847root 11241100x8000000000000000716624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1c003283d0198b2023-02-07 15:19:56.847root 11241100x8000000000000000716623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45215104024530e12023-02-07 15:19:56.847root 11241100x8000000000000000716622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b64e54b3e35ff172023-02-07 15:19:56.847root 11241100x8000000000000000716621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281c927ce8ae26e52023-02-07 15:19:56.847root 11241100x8000000000000000716620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965590188dce3e8a2023-02-07 15:19:56.847root 11241100x8000000000000000716635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025971a573e1d4e02023-02-07 15:19:56.848root 11241100x8000000000000000716634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be46d5e10bd3117a2023-02-07 15:19:56.848root 11241100x8000000000000000716633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cf7c2498d2c5382023-02-07 15:19:56.848root 11241100x8000000000000000716632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:56.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c438b99c02625132023-02-07 15:19:56.848root 11241100x8000000000000000716639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea18de9e14394092023-02-07 15:19:57.346root 11241100x8000000000000000716638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75675a47dbf20d6c2023-02-07 15:19:57.346root 11241100x8000000000000000716637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3d5296b6d268152023-02-07 15:19:57.346root 11241100x8000000000000000716636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b10d2ff1f1f0982023-02-07 15:19:57.346root 11241100x8000000000000000716647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891a55a526bcd1602023-02-07 15:19:57.347root 11241100x8000000000000000716646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754f01846e60ae412023-02-07 15:19:57.347root 11241100x8000000000000000716645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25f27ff5a361542023-02-07 15:19:57.347root 11241100x8000000000000000716644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd4a4c9aee738a12023-02-07 15:19:57.347root 11241100x8000000000000000716643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd9f319b5303862023-02-07 15:19:57.347root 11241100x8000000000000000716642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547e76203b2cb8812023-02-07 15:19:57.347root 11241100x8000000000000000716641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed50a0bd7b6da8bb2023-02-07 15:19:57.347root 11241100x8000000000000000716640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b401e252e2566e382023-02-07 15:19:57.347root 11241100x8000000000000000716658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e1db1f2ca52aa42023-02-07 15:19:57.348root 11241100x8000000000000000716657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc66818cd3b93c22023-02-07 15:19:57.348root 11241100x8000000000000000716656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982e53ac576315492023-02-07 15:19:57.348root 11241100x8000000000000000716655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f806e92a20ff3662023-02-07 15:19:57.348root 11241100x8000000000000000716654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af49e5009c9a8e92023-02-07 15:19:57.348root 11241100x8000000000000000716653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce8ab37e0ad54242023-02-07 15:19:57.348root 11241100x8000000000000000716652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b107af509c624fb2023-02-07 15:19:57.348root 11241100x8000000000000000716651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5f0582317489b2023-02-07 15:19:57.348root 11241100x8000000000000000716650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efa6c62ae92c4212023-02-07 15:19:57.348root 11241100x8000000000000000716649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f7ec75f9fabab72023-02-07 15:19:57.348root 11241100x8000000000000000716648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa9f8776399ed92023-02-07 15:19:57.348root 11241100x8000000000000000716660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d81af174c8793c12023-02-07 15:19:57.349root 11241100x8000000000000000716659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7439273d829db272023-02-07 15:19:57.349root 23542300x8000000000000000716661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.729{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000716662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f7bf177667e3752023-02-07 15:19:57.730root 11241100x8000000000000000716667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5117080a404d352023-02-07 15:19:57.731root 11241100x8000000000000000716666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af26f3a8f29290442023-02-07 15:19:57.731root 11241100x8000000000000000716665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7cebd4579123102023-02-07 15:19:57.731root 11241100x8000000000000000716664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bf54a6d83f199f2023-02-07 15:19:57.731root 11241100x8000000000000000716663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.731{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1cc6f06a0b4f262023-02-07 15:19:57.731root 11241100x8000000000000000716677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba1e61a7d4799112023-02-07 15:19:57.732root 11241100x8000000000000000716676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d0eef966eafe9e2023-02-07 15:19:57.732root 11241100x8000000000000000716675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b5c9c0965a1c4f2023-02-07 15:19:57.732root 11241100x8000000000000000716674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a8d86699b4bf262023-02-07 15:19:57.732root 11241100x8000000000000000716673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac2b6d6ae9fd7ea2023-02-07 15:19:57.732root 11241100x8000000000000000716672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6085c347795229e02023-02-07 15:19:57.732root 11241100x8000000000000000716671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea259b8d81f9ba12023-02-07 15:19:57.732root 11241100x8000000000000000716670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee163786340ae982023-02-07 15:19:57.732root 11241100x8000000000000000716669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a4dc34e1a118322023-02-07 15:19:57.732root 11241100x8000000000000000716668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.732{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a75da4d12938ad02023-02-07 15:19:57.732root 11241100x8000000000000000716685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e2bd0a30527ee92023-02-07 15:19:57.733root 11241100x8000000000000000716684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0159d047c5e38e2023-02-07 15:19:57.733root 11241100x8000000000000000716683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b0ea64784d1c112023-02-07 15:19:57.733root 11241100x8000000000000000716682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21b739a3caae9072023-02-07 15:19:57.733root 11241100x8000000000000000716681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b8efd700227412023-02-07 15:19:57.733root 11241100x8000000000000000716680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8428b43df49aaaf02023-02-07 15:19:57.733root 11241100x8000000000000000716679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f85c1ca07fcdf52023-02-07 15:19:57.733root 11241100x8000000000000000716678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.733{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be07c8e2f2dff88f2023-02-07 15:19:57.733root 11241100x8000000000000000716691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d17a93c659e3f92023-02-07 15:19:57.734root 11241100x8000000000000000716690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6cad148b5108a92023-02-07 15:19:57.734root 11241100x8000000000000000716689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f141726c1aca7c2023-02-07 15:19:57.734root 11241100x8000000000000000716688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8676f0d006e2a462023-02-07 15:19:57.734root 11241100x8000000000000000716687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c134d432f2c9dd52023-02-07 15:19:57.734root 11241100x8000000000000000716686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.734{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9443b4fe05032142023-02-07 15:19:57.734root 11241100x8000000000000000716692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.735{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6627cc06942eb82023-02-07 15:19:57.735root 154100x8000000000000000716695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.929{ec244aba-6c1d-63e2-10d8-8d7d00560000}6229/bin/less-----less/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 154100x8000000000000000716693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.929{ec244aba-6c1d-63e2-d029-f021d6550000}6228/bin/cat-----cat awfulshred3.sh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 534500x8000000000000000716694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:57.931{ec244aba-6c1d-63e2-d029-f021d6550000}6228/bin/catubuntu 11241100x8000000000000000716696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832a2a775231df192023-02-07 15:19:58.095root 11241100x8000000000000000716701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fd0982c3f118db2023-02-07 15:19:58.096root 11241100x8000000000000000716700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682fc5b77d5cbcf12023-02-07 15:19:58.096root 11241100x8000000000000000716699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0107929ece85142d2023-02-07 15:19:58.096root 11241100x8000000000000000716698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc97fe1ee9635a22023-02-07 15:19:58.096root 11241100x8000000000000000716697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273f40dbc016cc322023-02-07 15:19:58.096root 11241100x8000000000000000716708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1af8b601c99c8a72023-02-07 15:19:58.097root 11241100x8000000000000000716707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858c65aa56c89a692023-02-07 15:19:58.097root 11241100x8000000000000000716706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f18d1059cff2342023-02-07 15:19:58.097root 11241100x8000000000000000716705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c077468cf91bce082023-02-07 15:19:58.097root 11241100x8000000000000000716704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f682fe80dd3d54d2023-02-07 15:19:58.097root 11241100x8000000000000000716703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e087cbafe725d952023-02-07 15:19:58.097root 11241100x8000000000000000716702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f73d3f55ea662022023-02-07 15:19:58.097root 11241100x8000000000000000716719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f688a8e5a4eda532023-02-07 15:19:58.098root 11241100x8000000000000000716718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74387659d9ca7832023-02-07 15:19:58.098root 11241100x8000000000000000716717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a64d40ee74ac6672023-02-07 15:19:58.098root 11241100x8000000000000000716716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b2d4af10dbe8212023-02-07 15:19:58.098root 11241100x8000000000000000716715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fcd9e029d1927b2023-02-07 15:19:58.098root 11241100x8000000000000000716714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616a0255094b1fb2023-02-07 15:19:58.098root 11241100x8000000000000000716713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5101736630443fe72023-02-07 15:19:58.098root 11241100x8000000000000000716712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3f9737e833c68c2023-02-07 15:19:58.098root 11241100x8000000000000000716711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3cf30feb606d262023-02-07 15:19:58.098root 11241100x8000000000000000716710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1f6d6dc32c1fef2023-02-07 15:19:58.098root 11241100x8000000000000000716709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e0cd486aee960e2023-02-07 15:19:58.098root 11241100x8000000000000000716722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5e54e5aef02f042023-02-07 15:19:58.099root 11241100x8000000000000000716721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ca4d3ee1e3fc52023-02-07 15:19:58.099root 11241100x8000000000000000716720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304affe7784447242023-02-07 15:19:58.099root 11241100x8000000000000000716724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d283b9c3135f942023-02-07 15:19:58.101root 11241100x8000000000000000716723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824c66b7e907fffd2023-02-07 15:19:58.101root 11241100x8000000000000000716727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dad167f89c4ca12023-02-07 15:19:58.102root 11241100x8000000000000000716726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0379fbb27dfa0c2023-02-07 15:19:58.102root 11241100x8000000000000000716725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52defbad9136e182023-02-07 15:19:58.102root 154100x8000000000000000716728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.404{ec244aba-6c1e-63e2-6884-782597550000}6230/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 11241100x8000000000000000716729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.405{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e168f81652192942023-02-07 15:19:58.405root 11241100x8000000000000000716735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ca218edd81671d2023-02-07 15:19:58.406root 11241100x8000000000000000716734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9e977321ed117b2023-02-07 15:19:58.406root 11241100x8000000000000000716733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a8f884808c2a132023-02-07 15:19:58.406root 11241100x8000000000000000716732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f0ca0349de49a52023-02-07 15:19:58.406root 11241100x8000000000000000716731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbff7513032db332023-02-07 15:19:58.406root 11241100x8000000000000000716730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.406{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a2d0a0c5c954a42023-02-07 15:19:58.406root 11241100x8000000000000000716741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abafaf58cbed6732023-02-07 15:19:58.407root 11241100x8000000000000000716740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade543c134bd11342023-02-07 15:19:58.407root 11241100x8000000000000000716739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e104145a0e282e2023-02-07 15:19:58.407root 11241100x8000000000000000716738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e9039a332d564c2023-02-07 15:19:58.407root 11241100x8000000000000000716737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6e3c5124aad7a42023-02-07 15:19:58.407root 11241100x8000000000000000716736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.407{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a1f4d34c5fa6d32023-02-07 15:19:58.407root 11241100x8000000000000000716748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f544cb1b008ae362023-02-07 15:19:58.408root 11241100x8000000000000000716747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b35c8b94bcab3b2023-02-07 15:19:58.408root 11241100x8000000000000000716746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa76f8f14965398c2023-02-07 15:19:58.408root 11241100x8000000000000000716745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe7c9e5c924beb82023-02-07 15:19:58.408root 11241100x8000000000000000716744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b176017edd93c622023-02-07 15:19:58.408root 11241100x8000000000000000716743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a35817e8b1b2c2023-02-07 15:19:58.408root 11241100x8000000000000000716742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.408{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f986c55f03f9ddaf2023-02-07 15:19:58.408root 11241100x8000000000000000716758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9163006c44a1702023-02-07 15:19:58.409root 11241100x8000000000000000716757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026cadc131b1fbca2023-02-07 15:19:58.409root 11241100x8000000000000000716756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7162a8f7a599582023-02-07 15:19:58.409root 11241100x8000000000000000716755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5403d4d5cba8eeb22023-02-07 15:19:58.409root 11241100x8000000000000000716754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76c9661ffe7c1982023-02-07 15:19:58.409root 11241100x8000000000000000716753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b31e48c134233012023-02-07 15:19:58.409root 11241100x8000000000000000716752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f469985e02193e2023-02-07 15:19:58.409root 11241100x8000000000000000716751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fa40f3631b5d082023-02-07 15:19:58.409root 11241100x8000000000000000716750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abe842e870b01e62023-02-07 15:19:58.409root 11241100x8000000000000000716749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.409{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bd940ab2cf9ccb2023-02-07 15:19:58.409root 11241100x8000000000000000716770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988046a19abbfee92023-02-07 15:19:58.410root 11241100x8000000000000000716769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520a27db7316af5a2023-02-07 15:19:58.410root 11241100x8000000000000000716768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc4f92e8d985ed02023-02-07 15:19:58.410root 11241100x8000000000000000716767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58549639150093d02023-02-07 15:19:58.410root 11241100x8000000000000000716766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d57ba837e4baed2023-02-07 15:19:58.410root 11241100x8000000000000000716765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98c895c31fcf1fb2023-02-07 15:19:58.410root 11241100x8000000000000000716764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf21186ebafc44b2023-02-07 15:19:58.410root 11241100x8000000000000000716763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c2e4e2980ccce2023-02-07 15:19:58.410root 11241100x8000000000000000716762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8ac18a83790b9a2023-02-07 15:19:58.410root 11241100x8000000000000000716761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb5dc6bd2a892432023-02-07 15:19:58.410root 11241100x8000000000000000716760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0ce7ac453e126b2023-02-07 15:19:58.410root 11241100x8000000000000000716759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.410{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9788388cad8694d2023-02-07 15:19:58.410root 11241100x8000000000000000716772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.411{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d68b426ac992c62023-02-07 15:19:58.411root 11241100x8000000000000000716771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.411{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd74ed9ab56f34b32023-02-07 15:19:58.411root 534500x8000000000000000716773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.419{ec244aba-6c1e-63e2-6884-782597550000}6230/bin/psroot 11241100x8000000000000000716776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47b71153d196e792023-02-07 15:19:58.845root 11241100x8000000000000000716775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0d02ae14fb363b2023-02-07 15:19:58.845root 11241100x8000000000000000716774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd208ec37c9da702023-02-07 15:19:58.845root 11241100x8000000000000000716787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d6f35684cc1c172023-02-07 15:19:58.846root 11241100x8000000000000000716786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f9805f9273c28e2023-02-07 15:19:58.846root 11241100x8000000000000000716785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bddeacd9d83ac22023-02-07 15:19:58.846root 11241100x8000000000000000716784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3981e0c304721ffe2023-02-07 15:19:58.846root 11241100x8000000000000000716783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1214eb410c7608b92023-02-07 15:19:58.846root 11241100x8000000000000000716782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e9d6ca329fc7472023-02-07 15:19:58.846root 11241100x8000000000000000716781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadcd3c1960f6e9c2023-02-07 15:19:58.846root 11241100x8000000000000000716780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eabf42fe936ab62023-02-07 15:19:58.846root 11241100x8000000000000000716779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf1b845cf6f47f52023-02-07 15:19:58.846root 11241100x8000000000000000716778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe080fb59d6f6f3e2023-02-07 15:19:58.846root 11241100x8000000000000000716777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b41ccf8a5c31c1a2023-02-07 15:19:58.846root 11241100x8000000000000000716795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9280f65cb62f74912023-02-07 15:19:58.847root 11241100x8000000000000000716794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e936fcdd55341ac2023-02-07 15:19:58.847root 11241100x8000000000000000716793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639576c4b51976982023-02-07 15:19:58.847root 11241100x8000000000000000716792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea59e44e8f90f742023-02-07 15:19:58.847root 11241100x8000000000000000716791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12a78507f9552f02023-02-07 15:19:58.847root 11241100x8000000000000000716790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6066b2f3755b5daa2023-02-07 15:19:58.847root 11241100x8000000000000000716789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e9cf3977a08192023-02-07 15:19:58.847root 11241100x8000000000000000716788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb692e4c63e14e722023-02-07 15:19:58.847root 11241100x8000000000000000716802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c094074f19faa42023-02-07 15:19:58.848root 11241100x8000000000000000716801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82896f33b65332392023-02-07 15:19:58.848root 11241100x8000000000000000716800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82df73337ab53b02023-02-07 15:19:58.848root 11241100x8000000000000000716799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf62da7722ecc712023-02-07 15:19:58.848root 11241100x8000000000000000716798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e900ae7547d7bc2023-02-07 15:19:58.848root 11241100x8000000000000000716797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f4c08f1d8cfad62023-02-07 15:19:58.848root 11241100x8000000000000000716796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5441ed51ac65648c2023-02-07 15:19:58.848root 11241100x8000000000000000716808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f47c006631fe5682023-02-07 15:19:58.849root 11241100x8000000000000000716807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c81b2c2c90ef3112023-02-07 15:19:58.849root 11241100x8000000000000000716806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe00cf6d016b59b2023-02-07 15:19:58.849root 11241100x8000000000000000716805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5f4ccd8d6f5a9a2023-02-07 15:19:58.849root 11241100x8000000000000000716804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1313f372cc254232023-02-07 15:19:58.849root 11241100x8000000000000000716803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:58.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e05b7d2ac4d8b02023-02-07 15:19:58.849root 11241100x8000000000000000716812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524b81a870a961a32023-02-07 15:19:59.345root 11241100x8000000000000000716811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae681d049e9cfa02023-02-07 15:19:59.345root 11241100x8000000000000000716810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8253079749de962023-02-07 15:19:59.345root 11241100x8000000000000000716809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4089d5bf54cc102023-02-07 15:19:59.345root 11241100x8000000000000000716823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d81443ea3765c82023-02-07 15:19:59.346root 11241100x8000000000000000716822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00f0dc4d1f9f45a2023-02-07 15:19:59.346root 11241100x8000000000000000716821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8809af8f90a3a8a52023-02-07 15:19:59.346root 11241100x8000000000000000716820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5bf5cf781f85712023-02-07 15:19:59.346root 11241100x8000000000000000716819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81816058b367d522023-02-07 15:19:59.346root 11241100x8000000000000000716818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a1efe67860c5ae2023-02-07 15:19:59.346root 11241100x8000000000000000716817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ab60241b9d80c52023-02-07 15:19:59.346root 11241100x8000000000000000716816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe0af4efd7029132023-02-07 15:19:59.346root 11241100x8000000000000000716815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a53147b240b57e2023-02-07 15:19:59.346root 11241100x8000000000000000716814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d162bc163456432023-02-07 15:19:59.346root 11241100x8000000000000000716813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f36743dc98a5ae2023-02-07 15:19:59.346root 11241100x8000000000000000716833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14505257fcea57b82023-02-07 15:19:59.347root 11241100x8000000000000000716832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251320a67cfca72b2023-02-07 15:19:59.347root 11241100x8000000000000000716831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886554537b0168b62023-02-07 15:19:59.347root 11241100x8000000000000000716830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d3785fd5db4ed2023-02-07 15:19:59.347root 11241100x8000000000000000716829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7797596e3c260a8e2023-02-07 15:19:59.347root 11241100x8000000000000000716828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8390dbf27d0e93892023-02-07 15:19:59.347root 11241100x8000000000000000716827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b427d4aa349893d2023-02-07 15:19:59.347root 11241100x8000000000000000716826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055719a0d8b410882023-02-07 15:19:59.347root 11241100x8000000000000000716825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b194b5b7cc817d32023-02-07 15:19:59.347root 11241100x8000000000000000716824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025e0ed0f5bcd40a2023-02-07 15:19:59.347root 11241100x8000000000000000716843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2f239b705739b22023-02-07 15:19:59.348root 11241100x8000000000000000716842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59026e4c99ba3a8e2023-02-07 15:19:59.348root 11241100x8000000000000000716841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdd7676e0b04daa2023-02-07 15:19:59.348root 11241100x8000000000000000716840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d33c6b1ceccc722023-02-07 15:19:59.348root 11241100x8000000000000000716839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472fdfe4945891d12023-02-07 15:19:59.348root 11241100x8000000000000000716838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b83c1b8de94b742023-02-07 15:19:59.348root 11241100x8000000000000000716837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df28d80342da572b2023-02-07 15:19:59.348root 11241100x8000000000000000716836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e2035cc044fd42023-02-07 15:19:59.348root 11241100x8000000000000000716835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25df2fbec656e9ee2023-02-07 15:19:59.348root 11241100x8000000000000000716834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f3d9eab23db5062023-02-07 15:19:59.348root 11241100x8000000000000000716846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97a4e813a433442023-02-07 15:19:59.349root 11241100x8000000000000000716845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae64feceef173b42023-02-07 15:19:59.349root 11241100x8000000000000000716844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90342f59142ecd72023-02-07 15:19:59.349root 11241100x8000000000000000716849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67884a17efdc95872023-02-07 15:19:59.845root 11241100x8000000000000000716848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dd1e5d4dd211592023-02-07 15:19:59.845root 11241100x8000000000000000716847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f1f01a4f70caa12023-02-07 15:19:59.845root 11241100x8000000000000000716860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d9d323696af192023-02-07 15:19:59.846root 11241100x8000000000000000716859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b306605dc971d03d2023-02-07 15:19:59.846root 11241100x8000000000000000716858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e9f14a19e741922023-02-07 15:19:59.846root 11241100x8000000000000000716857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af32661c6f136f882023-02-07 15:19:59.846root 11241100x8000000000000000716856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbe2f50a1b1cce22023-02-07 15:19:59.846root 11241100x8000000000000000716855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a70916a550830ed2023-02-07 15:19:59.846root 11241100x8000000000000000716854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8182d608544224552023-02-07 15:19:59.846root 11241100x8000000000000000716853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa7723dbd68fb1a2023-02-07 15:19:59.846root 11241100x8000000000000000716852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4780a3dc7e08d7852023-02-07 15:19:59.846root 11241100x8000000000000000716851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c707dd345b92e1662023-02-07 15:19:59.846root 11241100x8000000000000000716850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67a0b06afbbb2c72023-02-07 15:19:59.846root 11241100x8000000000000000716865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf72ede50ce8fb802023-02-07 15:19:59.847root 11241100x8000000000000000716864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de08c68883674ec42023-02-07 15:19:59.847root 11241100x8000000000000000716863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c972b8302a5401432023-02-07 15:19:59.847root 11241100x8000000000000000716862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e5081561f341f02023-02-07 15:19:59.847root 11241100x8000000000000000716861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd3c87248c37b8b2023-02-07 15:19:59.847root 11241100x8000000000000000716871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7ba2233a23873b2023-02-07 15:19:59.848root 11241100x8000000000000000716870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a4162db149c2212023-02-07 15:19:59.848root 11241100x8000000000000000716869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4c410286fee66c2023-02-07 15:19:59.848root 11241100x8000000000000000716868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd0af92976279b32023-02-07 15:19:59.848root 11241100x8000000000000000716867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c53e35dc7f5442b2023-02-07 15:19:59.848root 11241100x8000000000000000716866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca3a436f7eb2dcf2023-02-07 15:19:59.848root 11241100x8000000000000000716875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7eeb988212beeca2023-02-07 15:19:59.849root 11241100x8000000000000000716874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb76ed51611cd92023-02-07 15:19:59.849root 11241100x8000000000000000716873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8451245fd4cb370b2023-02-07 15:19:59.849root 11241100x8000000000000000716872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594cb8d0a685fd352023-02-07 15:19:59.849root 11241100x8000000000000000716880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee41980e50b71aa92023-02-07 15:19:59.850root 11241100x8000000000000000716879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d41c1d5a83f961e2023-02-07 15:19:59.850root 11241100x8000000000000000716878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ada43aa5697fa2023-02-07 15:19:59.850root 11241100x8000000000000000716877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b024246a33162072023-02-07 15:19:59.850root 11241100x8000000000000000716876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775e58d2bb847be2023-02-07 15:19:59.850root 11241100x8000000000000000716888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945da7acc8541a382023-02-07 15:19:59.851root 11241100x8000000000000000716887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c9017960bf0e172023-02-07 15:19:59.851root 11241100x8000000000000000716886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621533f1ad934d0e2023-02-07 15:19:59.851root 11241100x8000000000000000716885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ed8bb242924da52023-02-07 15:19:59.851root 11241100x8000000000000000716884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96778a73cc229afe2023-02-07 15:19:59.851root 11241100x8000000000000000716883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faad380a566d2ac82023-02-07 15:19:59.851root 11241100x8000000000000000716882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca23a084177d9152023-02-07 15:19:59.851root 11241100x8000000000000000716881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121aa5ba151cbad12023-02-07 15:19:59.851root 11241100x8000000000000000716893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e9d79d16a15a022023-02-07 15:19:59.852root 11241100x8000000000000000716892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63243f40d65a48702023-02-07 15:19:59.852root 11241100x8000000000000000716891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278d9b27490f2312023-02-07 15:19:59.852root 11241100x8000000000000000716890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b33003b491bf562023-02-07 15:19:59.852root 11241100x8000000000000000716889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:19:59.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84933a16f727fdab2023-02-07 15:19:59.852root 11241100x8000000000000000716894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01e1d6e0d03309d2023-02-07 15:20:00.345root 11241100x8000000000000000716899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35b8d9dc1b4b2b12023-02-07 15:20:00.346root 11241100x8000000000000000716898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa637d2eb9ac75cf2023-02-07 15:20:00.346root 11241100x8000000000000000716897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35196a6f6a4be8a22023-02-07 15:20:00.346root 11241100x8000000000000000716896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c19f818832cf972023-02-07 15:20:00.346root 11241100x8000000000000000716895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0364f2aa4ddba92023-02-07 15:20:00.346root 11241100x8000000000000000716912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb47c4cc7db3b602023-02-07 15:20:00.347root 11241100x8000000000000000716911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bfc62a30431d5b2023-02-07 15:20:00.347root 11241100x8000000000000000716910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad860dbe0c76d3d72023-02-07 15:20:00.347root 11241100x8000000000000000716909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072dcabfca6f3a2f2023-02-07 15:20:00.347root 11241100x8000000000000000716908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f21b6a6edfd1ef32023-02-07 15:20:00.347root 11241100x8000000000000000716907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea60770619a131e42023-02-07 15:20:00.347root 11241100x8000000000000000716906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15797cbbae0bd292023-02-07 15:20:00.347root 11241100x8000000000000000716905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a1dd703acf435d2023-02-07 15:20:00.347root 11241100x8000000000000000716904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd0b3434d28e80c2023-02-07 15:20:00.347root 11241100x8000000000000000716903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9e790507e88a012023-02-07 15:20:00.347root 11241100x8000000000000000716902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3526a4495e891792023-02-07 15:20:00.347root 11241100x8000000000000000716901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e103568757ba32023-02-07 15:20:00.347root 11241100x8000000000000000716900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecc6eda5f2ce2062023-02-07 15:20:00.347root 11241100x8000000000000000716925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372ac9503017f9e52023-02-07 15:20:00.348root 11241100x8000000000000000716924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6624d75ee6ddf9732023-02-07 15:20:00.348root 11241100x8000000000000000716923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a2e1e1374a07942023-02-07 15:20:00.348root 11241100x8000000000000000716922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e96433e771b23292023-02-07 15:20:00.348root 11241100x8000000000000000716921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e52bdf342d4a45e2023-02-07 15:20:00.348root 11241100x8000000000000000716920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b06ed095a66defc2023-02-07 15:20:00.348root 11241100x8000000000000000716919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbdcdb46336b38a2023-02-07 15:20:00.348root 11241100x8000000000000000716918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5c8efa4c1c5bd12023-02-07 15:20:00.348root 11241100x8000000000000000716917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b4390b0b2e16702023-02-07 15:20:00.348root 11241100x8000000000000000716916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3585a3d12a3a9782023-02-07 15:20:00.348root 11241100x8000000000000000716915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c795471495bd7f2023-02-07 15:20:00.348root 11241100x8000000000000000716914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916212b235da34dd2023-02-07 15:20:00.348root 11241100x8000000000000000716913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f657fdb3899c92023-02-07 15:20:00.348root 11241100x8000000000000000716927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0923ddad2a04df972023-02-07 15:20:00.349root 11241100x8000000000000000716926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23db3d8fee740f572023-02-07 15:20:00.349root 11241100x8000000000000000716931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e4de59b2ca0792023-02-07 15:20:00.845root 11241100x8000000000000000716930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ee089c0afa4ff72023-02-07 15:20:00.845root 11241100x8000000000000000716929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31fd2335c02800b2023-02-07 15:20:00.845root 11241100x8000000000000000716928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7072062c24027b452023-02-07 15:20:00.845root 11241100x8000000000000000716941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbaa0ada8afbff62023-02-07 15:20:00.846root 11241100x8000000000000000716940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5f58b590c61be32023-02-07 15:20:00.846root 11241100x8000000000000000716939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d0cea6b6b552392023-02-07 15:20:00.846root 11241100x8000000000000000716938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572e7a264c4628172023-02-07 15:20:00.846root 11241100x8000000000000000716937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0adf711b5a6989b2023-02-07 15:20:00.846root 11241100x8000000000000000716936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d077f9bc18ef6182023-02-07 15:20:00.846root 11241100x8000000000000000716935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a174087ea76fb4b32023-02-07 15:20:00.846root 11241100x8000000000000000716934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543b1bb2c6de2322023-02-07 15:20:00.846root 11241100x8000000000000000716933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2da36ac0c73e0d2023-02-07 15:20:00.846root 11241100x8000000000000000716932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f34aa6b5d826552023-02-07 15:20:00.846root 11241100x8000000000000000716953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c35df435df65352023-02-07 15:20:00.847root 11241100x8000000000000000716952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e96c679cfbab3e32023-02-07 15:20:00.847root 11241100x8000000000000000716951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e89d8ab4190ed252023-02-07 15:20:00.847root 11241100x8000000000000000716950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76bd8467d23c3372023-02-07 15:20:00.847root 11241100x8000000000000000716949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aa8344eb8019572023-02-07 15:20:00.847root 11241100x8000000000000000716948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4956c821294042322023-02-07 15:20:00.847root 11241100x8000000000000000716947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353b68cd604ede6f2023-02-07 15:20:00.847root 11241100x8000000000000000716946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffefa6b4a73149822023-02-07 15:20:00.847root 11241100x8000000000000000716945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f84ebe6beb5159b2023-02-07 15:20:00.847root 11241100x8000000000000000716944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7598e6e1a5a6c9e22023-02-07 15:20:00.847root 11241100x8000000000000000716943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e93d1db3a32a532023-02-07 15:20:00.847root 11241100x8000000000000000716942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a34fefb16a94b522023-02-07 15:20:00.847root 11241100x8000000000000000716958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfd38577732c9312023-02-07 15:20:00.848root 11241100x8000000000000000716957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3be0859d0b80de2023-02-07 15:20:00.848root 11241100x8000000000000000716956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d1ec1c153bdb12023-02-07 15:20:00.848root 11241100x8000000000000000716955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee05b1aa8acbd7082023-02-07 15:20:00.848root 11241100x8000000000000000716954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:00.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f3a3cd1f87a4062023-02-07 15:20:00.848root 354300x8000000000000000716959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.081{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33028-false10.0.1.12-8000- 11241100x8000000000000000716961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e388c7e4fdc27e2023-02-07 15:20:01.345root 11241100x8000000000000000716960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248126bd4ca14f5b2023-02-07 15:20:01.345root 11241100x8000000000000000716968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9190bb191cb982023-02-07 15:20:01.346root 11241100x8000000000000000716967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5e0c2109d2788d2023-02-07 15:20:01.346root 11241100x8000000000000000716966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd7a92133699d322023-02-07 15:20:01.346root 11241100x8000000000000000716965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4773be4cb1e2667d2023-02-07 15:20:01.346root 11241100x8000000000000000716964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15d5018a9269b182023-02-07 15:20:01.346root 11241100x8000000000000000716963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e021491a9984ed2023-02-07 15:20:01.346root 11241100x8000000000000000716962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0fb63ae960be732023-02-07 15:20:01.346root 11241100x8000000000000000716982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16632a91eb2d52c2023-02-07 15:20:01.347root 11241100x8000000000000000716981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0cb52a136abf2b2023-02-07 15:20:01.347root 11241100x8000000000000000716980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb378a1dc9579d02023-02-07 15:20:01.347root 11241100x8000000000000000716979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6501fea43a9a55e2023-02-07 15:20:01.347root 11241100x8000000000000000716978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dc2d45baf501082023-02-07 15:20:01.347root 11241100x8000000000000000716977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382851c4d1321ac32023-02-07 15:20:01.347root 11241100x8000000000000000716976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c83f7b46a062c52023-02-07 15:20:01.347root 11241100x8000000000000000716975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f1155a2eadf8c62023-02-07 15:20:01.347root 11241100x8000000000000000716974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8803db243b98d3812023-02-07 15:20:01.347root 11241100x8000000000000000716973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10453869e3fef1fb2023-02-07 15:20:01.347root 11241100x8000000000000000716972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a634847a6784d7642023-02-07 15:20:01.347root 11241100x8000000000000000716971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf3bbb726adf1fe2023-02-07 15:20:01.347root 11241100x8000000000000000716970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d592773b068b97012023-02-07 15:20:01.347root 11241100x8000000000000000716969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7bd88474a4678f2023-02-07 15:20:01.347root 11241100x8000000000000000716994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f15cdd6fd81c72023-02-07 15:20:01.348root 11241100x8000000000000000716993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4609ac2ae50d572023-02-07 15:20:01.348root 11241100x8000000000000000716992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea66f62d72ca0622023-02-07 15:20:01.348root 11241100x8000000000000000716991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3611f06227794582023-02-07 15:20:01.348root 11241100x8000000000000000716990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046a1bca3ee626002023-02-07 15:20:01.348root 11241100x8000000000000000716989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f53e0eac7dd54582023-02-07 15:20:01.348root 11241100x8000000000000000716988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d598183103c460942023-02-07 15:20:01.348root 11241100x8000000000000000716987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eada0750952a4a72023-02-07 15:20:01.348root 11241100x8000000000000000716986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81610abe04a3c9e22023-02-07 15:20:01.348root 11241100x8000000000000000716985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ca763e995caf222023-02-07 15:20:01.348root 11241100x8000000000000000716984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5023a92ad609b0b2023-02-07 15:20:01.348root 11241100x8000000000000000716983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ac7181e138b4c42023-02-07 15:20:01.348root 11241100x8000000000000000716996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8609154219c898cc2023-02-07 15:20:01.349root 11241100x8000000000000000716995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2f3b6c73b9729d2023-02-07 15:20:01.349root 11241100x8000000000000000716999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9830d22bfa67fe2023-02-07 15:20:01.845root 11241100x8000000000000000716998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f379e85f4b3a232023-02-07 15:20:01.845root 11241100x8000000000000000716997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095662163de9a35c2023-02-07 15:20:01.845root 11241100x8000000000000000717008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8156ee1b94f4c8782023-02-07 15:20:01.846root 11241100x8000000000000000717007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f464dd7a1851a812023-02-07 15:20:01.846root 11241100x8000000000000000717006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0e1d46e9fe2b552023-02-07 15:20:01.846root 11241100x8000000000000000717005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c6038bcb40bcf52023-02-07 15:20:01.846root 11241100x8000000000000000717004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7683c8765fe5f0272023-02-07 15:20:01.846root 11241100x8000000000000000717003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a973321831ddd0382023-02-07 15:20:01.846root 11241100x8000000000000000717002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266c8f5552e1d7e42023-02-07 15:20:01.846root 11241100x8000000000000000717001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd84f609c84be30b2023-02-07 15:20:01.846root 11241100x8000000000000000717000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd258fef8142e232023-02-07 15:20:01.846root 11241100x8000000000000000717018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce87758472390da2023-02-07 15:20:01.847root 11241100x8000000000000000717017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb370bde199ebcda2023-02-07 15:20:01.847root 11241100x8000000000000000717016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b941146b1cfeff2023-02-07 15:20:01.847root 11241100x8000000000000000717015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cad47605e0fe402023-02-07 15:20:01.847root 11241100x8000000000000000717014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081c9441af8cf87c2023-02-07 15:20:01.847root 11241100x8000000000000000717013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d55410b50b9d82023-02-07 15:20:01.847root 11241100x8000000000000000717012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af55e2bb32e0dca2023-02-07 15:20:01.847root 11241100x8000000000000000717011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86268971dc1caefa2023-02-07 15:20:01.847root 11241100x8000000000000000717010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e576f3313bfd32023-02-07 15:20:01.847root 11241100x8000000000000000717009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd066f8597a57ee62023-02-07 15:20:01.847root 11241100x8000000000000000717027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e671e6ced0f52ec62023-02-07 15:20:01.848root 11241100x8000000000000000717026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc916d69637dabe72023-02-07 15:20:01.848root 11241100x8000000000000000717025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d54de073c38f7372023-02-07 15:20:01.848root 11241100x8000000000000000717024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6838c06c3ddc4a42023-02-07 15:20:01.848root 11241100x8000000000000000717023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f316eea4cf7312023-02-07 15:20:01.848root 11241100x8000000000000000717022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1209040d6d4e8402023-02-07 15:20:01.848root 11241100x8000000000000000717021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d840a569158f5b2023-02-07 15:20:01.848root 11241100x8000000000000000717020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31ea0ccbded15c32023-02-07 15:20:01.848root 11241100x8000000000000000717019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a505b0585bc19612023-02-07 15:20:01.848root 11241100x8000000000000000717032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9feff511dec1872023-02-07 15:20:01.849root 11241100x8000000000000000717031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a851f58b56ab0a12023-02-07 15:20:01.849root 11241100x8000000000000000717030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe086d63815fd73d2023-02-07 15:20:01.849root 11241100x8000000000000000717029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5ed6e5bb6370b52023-02-07 15:20:01.849root 11241100x8000000000000000717028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c4e52bbd5817a92023-02-07 15:20:01.849root 11241100x8000000000000000717035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425cbbb12e69ece12023-02-07 15:20:02.345root 11241100x8000000000000000717034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e8ef27833111aa2023-02-07 15:20:02.345root 11241100x8000000000000000717033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3049e71e78a44e2023-02-07 15:20:02.345root 11241100x8000000000000000717045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca35e697bd16d2c52023-02-07 15:20:02.346root 11241100x8000000000000000717044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7d3c999d89720c2023-02-07 15:20:02.346root 11241100x8000000000000000717043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f2e7d989fea6a92023-02-07 15:20:02.346root 11241100x8000000000000000717042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763f345eff582c412023-02-07 15:20:02.346root 11241100x8000000000000000717041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e721c5cacf6fa7042023-02-07 15:20:02.346root 11241100x8000000000000000717040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93524364d459cc2023-02-07 15:20:02.346root 11241100x8000000000000000717039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7397bea99fd836612023-02-07 15:20:02.346root 11241100x8000000000000000717038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2614f742e0e8af2023-02-07 15:20:02.346root 11241100x8000000000000000717037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1593c4f5ee4a5752023-02-07 15:20:02.346root 11241100x8000000000000000717036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555d40ec464b2fbf2023-02-07 15:20:02.346root 11241100x8000000000000000717058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee90214cac22c032023-02-07 15:20:02.347root 11241100x8000000000000000717057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bd7bede75046b02023-02-07 15:20:02.347root 11241100x8000000000000000717056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29107b0041141ff2023-02-07 15:20:02.347root 11241100x8000000000000000717055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f134383f1caeb1982023-02-07 15:20:02.347root 11241100x8000000000000000717054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f14d157f0da3e112023-02-07 15:20:02.347root 11241100x8000000000000000717053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f576eb49f0c93e722023-02-07 15:20:02.347root 11241100x8000000000000000717052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029ef01783a7e86a2023-02-07 15:20:02.347root 11241100x8000000000000000717051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72676a09eb7ac532023-02-07 15:20:02.347root 11241100x8000000000000000717050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5c7a62b3f721702023-02-07 15:20:02.347root 11241100x8000000000000000717049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc453261981ace12023-02-07 15:20:02.347root 11241100x8000000000000000717048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef595f95456263422023-02-07 15:20:02.347root 11241100x8000000000000000717047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36f52ddfe36c50f2023-02-07 15:20:02.347root 11241100x8000000000000000717046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90360e7d28d9fbd2023-02-07 15:20:02.347root 11241100x8000000000000000717067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d8de8cf8451d492023-02-07 15:20:02.348root 11241100x8000000000000000717066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ec25f369385eab2023-02-07 15:20:02.348root 11241100x8000000000000000717065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3936d1ffdb9578112023-02-07 15:20:02.348root 11241100x8000000000000000717064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744f3c282ff2580d2023-02-07 15:20:02.348root 11241100x8000000000000000717063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671777cbcc4b67dc2023-02-07 15:20:02.348root 11241100x8000000000000000717062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acde6a43884eee912023-02-07 15:20:02.348root 11241100x8000000000000000717061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a378da350ee5f92023-02-07 15:20:02.348root 11241100x8000000000000000717060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e0d3396dbe2572023-02-07 15:20:02.348root 11241100x8000000000000000717059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49204ebfff911b2023-02-07 15:20:02.348root 11241100x8000000000000000717072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1032b3dca0cd4902023-02-07 15:20:02.349root 11241100x8000000000000000717071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda9b6793f1a3e932023-02-07 15:20:02.349root 11241100x8000000000000000717070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cded248bf56f652023-02-07 15:20:02.349root 11241100x8000000000000000717069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a9f325de8cb75e2023-02-07 15:20:02.349root 11241100x8000000000000000717068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976f46597cd72e262023-02-07 15:20:02.349root 11241100x8000000000000000717073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82419f5243eebc432023-02-07 15:20:02.350root 11241100x8000000000000000717078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cb6d2add4580472023-02-07 15:20:02.351root 11241100x8000000000000000717077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ccf3180d898962023-02-07 15:20:02.351root 11241100x8000000000000000717076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e1e89eb93e4da42023-02-07 15:20:02.351root 11241100x8000000000000000717075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f805f6cdb56ba2572023-02-07 15:20:02.351root 11241100x8000000000000000717074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3086487aee66d55d2023-02-07 15:20:02.351root 11241100x8000000000000000717084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae16a98df01c28302023-02-07 15:20:02.352root 11241100x8000000000000000717083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5d7b4c3d2c33cd2023-02-07 15:20:02.352root 11241100x8000000000000000717082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463422c3fafdb5732023-02-07 15:20:02.352root 11241100x8000000000000000717081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37cc5ae05043bd62023-02-07 15:20:02.352root 11241100x8000000000000000717080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b720d845e947c6bc2023-02-07 15:20:02.352root 11241100x8000000000000000717079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bded0e12c52e831a2023-02-07 15:20:02.352root 11241100x8000000000000000717095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e6a076c419bbe92023-02-07 15:20:02.353root 11241100x8000000000000000717094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef413621e1e535912023-02-07 15:20:02.353root 11241100x8000000000000000717093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eb5a16ff8253dd2023-02-07 15:20:02.353root 11241100x8000000000000000717092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e0770efc6d5c912023-02-07 15:20:02.353root 11241100x8000000000000000717091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58a044f5f480c112023-02-07 15:20:02.353root 11241100x8000000000000000717090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d4889329d8d32f2023-02-07 15:20:02.353root 11241100x8000000000000000717089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e17f5beec58fbf2023-02-07 15:20:02.353root 11241100x8000000000000000717088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1e049697717fe22023-02-07 15:20:02.353root 11241100x8000000000000000717087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd16fcefafdc7642023-02-07 15:20:02.353root 11241100x8000000000000000717086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b251d085719d16932023-02-07 15:20:02.353root 11241100x8000000000000000717085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.353{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7735941878728c42023-02-07 15:20:02.353root 11241100x8000000000000000717101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105a2aff18e13c9d2023-02-07 15:20:02.354root 11241100x8000000000000000717100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cc1d5310390e462023-02-07 15:20:02.354root 11241100x8000000000000000717099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690dbddb2f96ed292023-02-07 15:20:02.354root 11241100x8000000000000000717098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eacb25cf88b77a02023-02-07 15:20:02.354root 11241100x8000000000000000717097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a466e9eede71e42023-02-07 15:20:02.354root 11241100x8000000000000000717096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.354{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ed74aca2374c732023-02-07 15:20:02.354root 11241100x8000000000000000717104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d566359168b4553e2023-02-07 15:20:02.846root 11241100x8000000000000000717103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e0822f875fd4a02023-02-07 15:20:02.846root 11241100x8000000000000000717102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccebe30ca9275432023-02-07 15:20:02.846root 11241100x8000000000000000717110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22a042f507031b92023-02-07 15:20:02.847root 11241100x8000000000000000717109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1726ee5c543fbd862023-02-07 15:20:02.847root 11241100x8000000000000000717108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178da371ab6d61062023-02-07 15:20:02.847root 11241100x8000000000000000717107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d18a0caac2e74f2023-02-07 15:20:02.847root 11241100x8000000000000000717106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99eda8675cb70052023-02-07 15:20:02.847root 11241100x8000000000000000717105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8864f9bc33273f832023-02-07 15:20:02.847root 11241100x8000000000000000717115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f350c5394cceafcd2023-02-07 15:20:02.848root 11241100x8000000000000000717114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884478e870ca9a9e2023-02-07 15:20:02.848root 11241100x8000000000000000717113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5697a32393ed71be2023-02-07 15:20:02.848root 11241100x8000000000000000717112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7254ff16140f022023-02-07 15:20:02.848root 11241100x8000000000000000717111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b5f0d4ed4f200a2023-02-07 15:20:02.848root 11241100x8000000000000000717120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe51d49f0a1670d2023-02-07 15:20:02.849root 11241100x8000000000000000717119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25672f5f98b4580d2023-02-07 15:20:02.849root 11241100x8000000000000000717118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf749ca483ecc41e2023-02-07 15:20:02.849root 11241100x8000000000000000717117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96db6e3511c583952023-02-07 15:20:02.849root 11241100x8000000000000000717116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28ca15eb0938cae2023-02-07 15:20:02.849root 11241100x8000000000000000717124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4cbdf352e32082023-02-07 15:20:02.851root 11241100x8000000000000000717123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa308f704e5818462023-02-07 15:20:02.851root 11241100x8000000000000000717122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b34dbc37b728d2023-02-07 15:20:02.851root 11241100x8000000000000000717121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.851{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b53f89fb70f3122023-02-07 15:20:02.851root 11241100x8000000000000000717133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54fd6360151a1c92023-02-07 15:20:02.852root 11241100x8000000000000000717132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef07593a44a740d2023-02-07 15:20:02.852root 11241100x8000000000000000717131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74615ca0ba0abcfc2023-02-07 15:20:02.852root 11241100x8000000000000000717130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71780c51198871b62023-02-07 15:20:02.852root 11241100x8000000000000000717129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92610dc4199726542023-02-07 15:20:02.852root 11241100x8000000000000000717128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36466c5dffe009f2023-02-07 15:20:02.852root 11241100x8000000000000000717127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656b619d1b65968b2023-02-07 15:20:02.852root 11241100x8000000000000000717126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c6dd36b72bd5062023-02-07 15:20:02.852root 11241100x8000000000000000717125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:02.852{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5710c3a140b0937d2023-02-07 15:20:02.852root 11241100x8000000000000000717135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7989c70c8d67788a2023-02-07 15:20:03.345root 11241100x8000000000000000717134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18e9bd2d3ff34872023-02-07 15:20:03.345root 11241100x8000000000000000717146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa1776b31a6f9072023-02-07 15:20:03.346root 11241100x8000000000000000717145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb7c94ef86b0fdf2023-02-07 15:20:03.346root 11241100x8000000000000000717144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302b8bbc9524b3022023-02-07 15:20:03.346root 11241100x8000000000000000717143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3703aed4ca148e3b2023-02-07 15:20:03.346root 11241100x8000000000000000717142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb66223a373e1d72023-02-07 15:20:03.346root 11241100x8000000000000000717141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2c6b0e103f658e2023-02-07 15:20:03.346root 11241100x8000000000000000717140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5927534e67fffcee2023-02-07 15:20:03.346root 11241100x8000000000000000717139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f27a09c42bb0212023-02-07 15:20:03.346root 11241100x8000000000000000717138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68b4174429e8a202023-02-07 15:20:03.346root 11241100x8000000000000000717137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fce97ee8b5c18522023-02-07 15:20:03.346root 11241100x8000000000000000717136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fcf2cd349a60e02023-02-07 15:20:03.346root 11241100x8000000000000000717158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83157f7644a8e8462023-02-07 15:20:03.347root 11241100x8000000000000000717157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49f5ad3f28382162023-02-07 15:20:03.347root 11241100x8000000000000000717156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd54543e3afd3732023-02-07 15:20:03.347root 11241100x8000000000000000717155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9660b68d15154a8e2023-02-07 15:20:03.347root 11241100x8000000000000000717154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54797e7b11d87a362023-02-07 15:20:03.347root 11241100x8000000000000000717153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b0656918554ce82023-02-07 15:20:03.347root 11241100x8000000000000000717152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc6783fca37e79b2023-02-07 15:20:03.347root 11241100x8000000000000000717151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f27319bfa94c4f2023-02-07 15:20:03.347root 11241100x8000000000000000717150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f02522fabe18642023-02-07 15:20:03.347root 11241100x8000000000000000717149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30065aaf23a07a162023-02-07 15:20:03.347root 11241100x8000000000000000717148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda8db184c39c3392023-02-07 15:20:03.347root 11241100x8000000000000000717147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1587f440f086772e2023-02-07 15:20:03.347root 11241100x8000000000000000717167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3e5fd2285cf49f2023-02-07 15:20:03.348root 11241100x8000000000000000717166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0534685508a10fd2023-02-07 15:20:03.348root 11241100x8000000000000000717165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa950b4fd461bb62023-02-07 15:20:03.348root 11241100x8000000000000000717164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5ca97cfdf60cd02023-02-07 15:20:03.348root 11241100x8000000000000000717163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cbcc0e122de7d22023-02-07 15:20:03.348root 11241100x8000000000000000717162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7301dc7fd820262023-02-07 15:20:03.348root 11241100x8000000000000000717161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbf4282c02dfabe2023-02-07 15:20:03.348root 11241100x8000000000000000717160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad2ef3eacc8950b2023-02-07 15:20:03.348root 11241100x8000000000000000717159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c728cfba1b9813c2023-02-07 15:20:03.348root 11241100x8000000000000000717178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1730ad9f7eda30292023-02-07 15:20:03.846root 11241100x8000000000000000717177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6cf0b9d3e69e262023-02-07 15:20:03.846root 11241100x8000000000000000717176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9e74df8e014c222023-02-07 15:20:03.846root 11241100x8000000000000000717175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7bc80489e5a0532023-02-07 15:20:03.846root 11241100x8000000000000000717174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f59eb6b1bca97202023-02-07 15:20:03.846root 11241100x8000000000000000717173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8febb55b41e4da382023-02-07 15:20:03.846root 11241100x8000000000000000717172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4ec121f50ada0a2023-02-07 15:20:03.846root 11241100x8000000000000000717171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d7d4128bf12dd02023-02-07 15:20:03.846root 11241100x8000000000000000717170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e431abe1f41e472023-02-07 15:20:03.846root 11241100x8000000000000000717169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34396d79c4e603d12023-02-07 15:20:03.846root 11241100x8000000000000000717168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ffe02b3ab416de2023-02-07 15:20:03.846root 11241100x8000000000000000717189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39743f66c30108d62023-02-07 15:20:03.847root 11241100x8000000000000000717188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2cbe7d51be7c052023-02-07 15:20:03.847root 11241100x8000000000000000717187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6d0ef545abdced2023-02-07 15:20:03.847root 11241100x8000000000000000717186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc81f515e989e092023-02-07 15:20:03.847root 11241100x8000000000000000717185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dbc5c15346a3f92023-02-07 15:20:03.847root 11241100x8000000000000000717184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf48a2d2ebd88212023-02-07 15:20:03.847root 11241100x8000000000000000717183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eb4faf0518a0e42023-02-07 15:20:03.847root 11241100x8000000000000000717182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3ae19ae6952da62023-02-07 15:20:03.847root 11241100x8000000000000000717181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8942ca4f7bd3fa3d2023-02-07 15:20:03.847root 11241100x8000000000000000717180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c44dfe8d2db8192023-02-07 15:20:03.847root 11241100x8000000000000000717179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5959d7d4848c7e32023-02-07 15:20:03.847root 11241100x8000000000000000717199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b119491648d7222d2023-02-07 15:20:03.848root 11241100x8000000000000000717198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7488e88e6c7a20f82023-02-07 15:20:03.848root 11241100x8000000000000000717197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa57120ed25139bb2023-02-07 15:20:03.848root 11241100x8000000000000000717196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fd6b19deb503252023-02-07 15:20:03.848root 11241100x8000000000000000717195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21516e6b51d89d582023-02-07 15:20:03.848root 11241100x8000000000000000717194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c442cdba1f3bad02023-02-07 15:20:03.848root 11241100x8000000000000000717193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370c0c6113204de72023-02-07 15:20:03.848root 11241100x8000000000000000717192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ed2091f699451f2023-02-07 15:20:03.848root 11241100x8000000000000000717191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28579f3199ff06462023-02-07 15:20:03.848root 11241100x8000000000000000717190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:03.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279d509ca9d934592023-02-07 15:20:03.848root 11241100x8000000000000000717200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339a5727e0bc94402023-02-07 15:20:04.345root 11241100x8000000000000000717213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7332a79cf8b25eae2023-02-07 15:20:04.346root 11241100x8000000000000000717212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1705b59760ae05d2023-02-07 15:20:04.346root 11241100x8000000000000000717211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b358458d3279602023-02-07 15:20:04.346root 11241100x8000000000000000717210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a131d68ccfc2156c2023-02-07 15:20:04.346root 11241100x8000000000000000717209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4a8962c37bb23d2023-02-07 15:20:04.346root 11241100x8000000000000000717208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba019650df180c612023-02-07 15:20:04.346root 11241100x8000000000000000717207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7c98141befacaf2023-02-07 15:20:04.346root 11241100x8000000000000000717206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9208b0f7ca58f792023-02-07 15:20:04.346root 11241100x8000000000000000717205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce5b7ed26c9a7112023-02-07 15:20:04.346root 11241100x8000000000000000717204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac91d2fb446c63b42023-02-07 15:20:04.346root 11241100x8000000000000000717203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5087c2c7400d088f2023-02-07 15:20:04.346root 11241100x8000000000000000717202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd63dee5dde3ba492023-02-07 15:20:04.346root 11241100x8000000000000000717201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d2ca290dfeb7ae2023-02-07 15:20:04.346root 11241100x8000000000000000717226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cf37f18e9c97972023-02-07 15:20:04.347root 11241100x8000000000000000717225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12503fd48555fdb2023-02-07 15:20:04.347root 11241100x8000000000000000717224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199d9c92b9ea7df42023-02-07 15:20:04.347root 11241100x8000000000000000717223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7980be11e6d113312023-02-07 15:20:04.347root 11241100x8000000000000000717222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5bbaf4ec8eb9792023-02-07 15:20:04.347root 11241100x8000000000000000717221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d32a23f4ec893442023-02-07 15:20:04.347root 11241100x8000000000000000717220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106ddec62a627c742023-02-07 15:20:04.347root 11241100x8000000000000000717219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d75a67da011fd782023-02-07 15:20:04.347root 11241100x8000000000000000717218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a570d22aed3a7b472023-02-07 15:20:04.347root 11241100x8000000000000000717217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffeff617bce62c62023-02-07 15:20:04.347root 11241100x8000000000000000717216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fa83ea190a95482023-02-07 15:20:04.347root 11241100x8000000000000000717215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b481727dd4dca32023-02-07 15:20:04.347root 11241100x8000000000000000717214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e702b5bbe78c02023-02-07 15:20:04.347root 11241100x8000000000000000717231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a03601a75d65b312023-02-07 15:20:04.348root 11241100x8000000000000000717230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5da4b6541e4b392023-02-07 15:20:04.348root 11241100x8000000000000000717229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f463f3a2b00e632023-02-07 15:20:04.348root 11241100x8000000000000000717228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0462631c9fb46142023-02-07 15:20:04.348root 11241100x8000000000000000717227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810df5eb999593832023-02-07 15:20:04.348root 11241100x8000000000000000717235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9c98e8846ca4b2023-02-07 15:20:04.845root 11241100x8000000000000000717234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ddf6130f66e9c82023-02-07 15:20:04.845root 11241100x8000000000000000717233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34fc0094d341c602023-02-07 15:20:04.845root 11241100x8000000000000000717232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed82b6ea2cdddf72023-02-07 15:20:04.845root 11241100x8000000000000000717247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5643a8e670ef7b752023-02-07 15:20:04.846root 11241100x8000000000000000717246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be60afb8fd49cf272023-02-07 15:20:04.846root 11241100x8000000000000000717245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ef069291ba3cd22023-02-07 15:20:04.846root 11241100x8000000000000000717244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa12bab9d70682c2023-02-07 15:20:04.846root 11241100x8000000000000000717243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad40621b6ae175472023-02-07 15:20:04.846root 11241100x8000000000000000717242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a8d7c58f7e7c5a2023-02-07 15:20:04.846root 11241100x8000000000000000717241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb2775494e01f4a2023-02-07 15:20:04.846root 11241100x8000000000000000717240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a795718c64a777602023-02-07 15:20:04.846root 11241100x8000000000000000717239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a027bc2f23fa42ad2023-02-07 15:20:04.846root 11241100x8000000000000000717238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab458f7621119ff72023-02-07 15:20:04.846root 11241100x8000000000000000717237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2a04fd656346122023-02-07 15:20:04.846root 11241100x8000000000000000717236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808e6a6a54713f782023-02-07 15:20:04.846root 11241100x8000000000000000717253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4157eed21b719cf32023-02-07 15:20:04.847root 11241100x8000000000000000717252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a548db9a6ccdfa6a2023-02-07 15:20:04.847root 11241100x8000000000000000717251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede2923f6377e8842023-02-07 15:20:04.847root 11241100x8000000000000000717250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0979b43baf959342023-02-07 15:20:04.847root 11241100x8000000000000000717249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903a1faa5a17c2f72023-02-07 15:20:04.847root 11241100x8000000000000000717248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7f61947d0365b22023-02-07 15:20:04.847root 11241100x8000000000000000717262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fe84520119306d2023-02-07 15:20:04.848root 11241100x8000000000000000717261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223f867742972012023-02-07 15:20:04.848root 11241100x8000000000000000717260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b3dfb0670382032023-02-07 15:20:04.848root 11241100x8000000000000000717259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9343fb77ce08a5b32023-02-07 15:20:04.848root 11241100x8000000000000000717258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec5085e8a6529d2023-02-07 15:20:04.848root 11241100x8000000000000000717257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9b007db34b50f22023-02-07 15:20:04.848root 11241100x8000000000000000717256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05de74c6aef306af2023-02-07 15:20:04.848root 11241100x8000000000000000717255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1760d8411d72ae2023-02-07 15:20:04.848root 11241100x8000000000000000717254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f939e390f3ae72023-02-07 15:20:04.848root 11241100x8000000000000000717266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95be72109dde5742023-02-07 15:20:04.850root 11241100x8000000000000000717265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dc2670c6db580f2023-02-07 15:20:04.850root 11241100x8000000000000000717264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d28aa3a2c3b78ad2023-02-07 15:20:04.850root 11241100x8000000000000000717263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:04.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c83afd80d40b5b72023-02-07 15:20:04.850root 11241100x8000000000000000717268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11589425f89d9d02023-02-07 15:20:05.345root 11241100x8000000000000000717267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cabc3dd777c0be2023-02-07 15:20:05.345root 11241100x8000000000000000717277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45092b7a559c9c42023-02-07 15:20:05.346root 11241100x8000000000000000717276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b981791214054312023-02-07 15:20:05.346root 11241100x8000000000000000717275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec24909b88e37642023-02-07 15:20:05.346root 11241100x8000000000000000717274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b3d7f5d39b1adb2023-02-07 15:20:05.346root 11241100x8000000000000000717273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961f73053dc785932023-02-07 15:20:05.346root 11241100x8000000000000000717272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3513338e6dd86db02023-02-07 15:20:05.346root 11241100x8000000000000000717271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb6d1a5b04d39a2023-02-07 15:20:05.346root 11241100x8000000000000000717270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c170e810012a802023-02-07 15:20:05.346root 11241100x8000000000000000717269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bd7c70b3ffea912023-02-07 15:20:05.346root 11241100x8000000000000000717286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c071f3dad7232d2023-02-07 15:20:05.347root 11241100x8000000000000000717285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785817b7e41cc22c2023-02-07 15:20:05.347root 11241100x8000000000000000717284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8350788faea1126e2023-02-07 15:20:05.347root 11241100x8000000000000000717283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694c5fd4982a767f2023-02-07 15:20:05.347root 11241100x8000000000000000717282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f56a795a43a3da2023-02-07 15:20:05.347root 11241100x8000000000000000717281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d836597db1b09062023-02-07 15:20:05.347root 11241100x8000000000000000717280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b48b5fa16957b792023-02-07 15:20:05.347root 11241100x8000000000000000717279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555ae343c157865f2023-02-07 15:20:05.347root 11241100x8000000000000000717278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93d090f22f90b32023-02-07 15:20:05.347root 11241100x8000000000000000717299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc69c6a1e794ac82023-02-07 15:20:05.348root 11241100x8000000000000000717298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b478941b238a4422023-02-07 15:20:05.348root 11241100x8000000000000000717297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a685d7e50781382023-02-07 15:20:05.348root 11241100x8000000000000000717296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d21a954e3633f02023-02-07 15:20:05.348root 11241100x8000000000000000717295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac31c452a8a79992023-02-07 15:20:05.348root 11241100x8000000000000000717294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec7b9a4563d5c8a2023-02-07 15:20:05.348root 11241100x8000000000000000717293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8339939d82dc642023-02-07 15:20:05.348root 11241100x8000000000000000717292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44064a63c30c3f4a2023-02-07 15:20:05.348root 11241100x8000000000000000717291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91bd87bb3efddcf2023-02-07 15:20:05.348root 11241100x8000000000000000717290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ebafe0ef57862d2023-02-07 15:20:05.348root 11241100x8000000000000000717289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e37e28eb317e0d82023-02-07 15:20:05.348root 11241100x8000000000000000717288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11fbdb96bda3e0f2023-02-07 15:20:05.348root 11241100x8000000000000000717287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9facdd81437fb42023-02-07 15:20:05.348root 11241100x8000000000000000717305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8715c0afc0099852023-02-07 15:20:05.349root 11241100x8000000000000000717304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fad35b39427daf2023-02-07 15:20:05.349root 11241100x8000000000000000717303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae15a002a4e1d4ee2023-02-07 15:20:05.349root 11241100x8000000000000000717302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1769ce9b315b4d2023-02-07 15:20:05.349root 11241100x8000000000000000717301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef42f224b81fc5472023-02-07 15:20:05.349root 11241100x8000000000000000717300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7e3c5b9d37c7d02023-02-07 15:20:05.349root 11241100x8000000000000000717310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239fd0a2f8a1ce9d2023-02-07 15:20:05.846root 11241100x8000000000000000717309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ff9c2bfd0a6bfe2023-02-07 15:20:05.846root 11241100x8000000000000000717308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbb323a723100f12023-02-07 15:20:05.846root 11241100x8000000000000000717307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eded948871d812dd2023-02-07 15:20:05.846root 11241100x8000000000000000717306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8baad7c696976c92023-02-07 15:20:05.846root 11241100x8000000000000000717320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c17243a0ed55a02023-02-07 15:20:05.847root 11241100x8000000000000000717319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1932be6b7505387d2023-02-07 15:20:05.847root 11241100x8000000000000000717318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a114fc5db6ac02023-02-07 15:20:05.847root 11241100x8000000000000000717317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74392919746356232023-02-07 15:20:05.847root 11241100x8000000000000000717316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b2d07e614f4b3d2023-02-07 15:20:05.847root 11241100x8000000000000000717315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da701793c8c669e82023-02-07 15:20:05.847root 11241100x8000000000000000717314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247686f63a2a72c02023-02-07 15:20:05.847root 11241100x8000000000000000717313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79245b934cee7fef2023-02-07 15:20:05.847root 11241100x8000000000000000717312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932b68d72877456f2023-02-07 15:20:05.847root 11241100x8000000000000000717311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10df076c2a5690c62023-02-07 15:20:05.847root 11241100x8000000000000000717330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1947e93aec0f6c4f2023-02-07 15:20:05.848root 11241100x8000000000000000717329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdf22e9522820a82023-02-07 15:20:05.848root 11241100x8000000000000000717328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c48b91bed5a6b2023-02-07 15:20:05.848root 11241100x8000000000000000717327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa74b63a1101a172023-02-07 15:20:05.848root 11241100x8000000000000000717326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7294bf8964332a2023-02-07 15:20:05.848root 11241100x8000000000000000717325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d769de0f5c21492b2023-02-07 15:20:05.848root 11241100x8000000000000000717324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4f0f9a36d1ae8a2023-02-07 15:20:05.848root 11241100x8000000000000000717323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a2b39b9f9de3742023-02-07 15:20:05.848root 11241100x8000000000000000717322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce62b65845d2de52023-02-07 15:20:05.848root 11241100x8000000000000000717321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000c8a251de374a02023-02-07 15:20:05.848root 11241100x8000000000000000717337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f0cef35db6f3302023-02-07 15:20:05.849root 11241100x8000000000000000717336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ba4b33d4dd821c2023-02-07 15:20:05.849root 11241100x8000000000000000717335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cb1d5cf2fbe48e2023-02-07 15:20:05.849root 11241100x8000000000000000717334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56278a7229b29122023-02-07 15:20:05.849root 11241100x8000000000000000717333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7cf508e63fe60c2023-02-07 15:20:05.849root 11241100x8000000000000000717332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b3345c74c0727f2023-02-07 15:20:05.849root 11241100x8000000000000000717331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:05.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71a7a714f0c32e12023-02-07 15:20:05.849root 11241100x8000000000000000717341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540f6134f02befa32023-02-07 15:20:06.248root 11241100x8000000000000000717340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41d1bfd4638a0a2023-02-07 15:20:06.248root 11241100x8000000000000000717339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.248{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06254f03d2be6372023-02-07 15:20:06.248root 354300x8000000000000000717338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.248{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55132-false10.0.1.12-8000- 11241100x8000000000000000717349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327418ffb86ba8732023-02-07 15:20:06.249root 11241100x8000000000000000717348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235ae8ca6b65303e2023-02-07 15:20:06.249root 11241100x8000000000000000717347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616863c4fb00406b2023-02-07 15:20:06.249root 11241100x8000000000000000717346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228896daeea6c2c92023-02-07 15:20:06.249root 11241100x8000000000000000717345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e636df3a75bad48c2023-02-07 15:20:06.249root 11241100x8000000000000000717344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b921ee180f596d2023-02-07 15:20:06.249root 11241100x8000000000000000717343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36f12124241a1322023-02-07 15:20:06.249root 11241100x8000000000000000717342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.249{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeab5cb4009ffe812023-02-07 15:20:06.249root 11241100x8000000000000000717355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98fae21b1374342023-02-07 15:20:06.250root 11241100x8000000000000000717354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba8240e065719762023-02-07 15:20:06.250root 11241100x8000000000000000717353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac468828bd763452023-02-07 15:20:06.250root 11241100x8000000000000000717352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f387544dd65cc2023-02-07 15:20:06.250root 11241100x8000000000000000717351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa3b09c0dfb89522023-02-07 15:20:06.250root 11241100x8000000000000000717350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.250{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ee92405716af342023-02-07 15:20:06.250root 11241100x8000000000000000717358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3f9792cc66136f2023-02-07 15:20:06.251root 11241100x8000000000000000717357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f7b2972bc0079d2023-02-07 15:20:06.251root 11241100x8000000000000000717356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.251{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32603a1b810d5a7a2023-02-07 15:20:06.251root 11241100x8000000000000000717360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9b6880db5395702023-02-07 15:20:06.252root 11241100x8000000000000000717359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.252{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5f66c954a1a2d2023-02-07 15:20:06.252root 11241100x8000000000000000717366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2274044b9e31b3d2023-02-07 15:20:06.253root 11241100x8000000000000000717365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337b9586e0e6d5812023-02-07 15:20:06.253root 11241100x8000000000000000717364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365f5ae5888b23742023-02-07 15:20:06.253root 11241100x8000000000000000717363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2019fd1e17dc6b642023-02-07 15:20:06.253root 11241100x8000000000000000717362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3f992c45f200b42023-02-07 15:20:06.253root 11241100x8000000000000000717361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.253{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df6b3c45c8303a32023-02-07 15:20:06.253root 11241100x8000000000000000717371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cc66e1bf9431de2023-02-07 15:20:06.254root 11241100x8000000000000000717370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbddf1c9f7e12db72023-02-07 15:20:06.254root 11241100x8000000000000000717369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee77d8bf077ba1e82023-02-07 15:20:06.254root 11241100x8000000000000000717368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ca4f3ec4c2912e2023-02-07 15:20:06.254root 11241100x8000000000000000717367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.254{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e15f0273b9f8bb12023-02-07 15:20:06.254root 11241100x8000000000000000717372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.255{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2355efe01eee47f72023-02-07 15:20:06.255root 11241100x8000000000000000717378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aeff0f8cd97f282023-02-07 15:20:06.256root 11241100x8000000000000000717377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3210b65e98f0682023-02-07 15:20:06.256root 11241100x8000000000000000717376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92791ddbc16498462023-02-07 15:20:06.256root 11241100x8000000000000000717375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6890446875bb07292023-02-07 15:20:06.256root 11241100x8000000000000000717374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6685e2f4172d452023-02-07 15:20:06.256root 11241100x8000000000000000717373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.256{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845d50b95ea61d9b2023-02-07 15:20:06.256root 11241100x8000000000000000717381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6766c80b327d627b2023-02-07 15:20:06.257root 11241100x8000000000000000717380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadc84e54d1400932023-02-07 15:20:06.257root 11241100x8000000000000000717379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.257{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0689c8ee797ed0dd2023-02-07 15:20:06.257root 11241100x8000000000000000717386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a3219797bf2bda2023-02-07 15:20:06.258root 11241100x8000000000000000717385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ff7c060c9c03d52023-02-07 15:20:06.258root 11241100x8000000000000000717384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aab195ef59cca772023-02-07 15:20:06.258root 11241100x8000000000000000717383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5da863fb9517882023-02-07 15:20:06.258root 11241100x8000000000000000717382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.258{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e96d70f5939bdeb2023-02-07 15:20:06.258root 11241100x8000000000000000717391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b229d757e093fb82023-02-07 15:20:06.260root 11241100x8000000000000000717390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c79f196beee0c22023-02-07 15:20:06.260root 11241100x8000000000000000717389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9f71d3e6ce78262023-02-07 15:20:06.260root 11241100x8000000000000000717388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7929aa3716e71fc22023-02-07 15:20:06.260root 11241100x8000000000000000717387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.260{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9920035f7f2ce42e2023-02-07 15:20:06.260root 11241100x8000000000000000717393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5814d091af1dc852023-02-07 15:20:06.595root 11241100x8000000000000000717392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40543a41779a2e162023-02-07 15:20:06.595root 11241100x8000000000000000717398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddcf79cd0d93f5d2023-02-07 15:20:06.596root 11241100x8000000000000000717397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a2bd59d6d874822023-02-07 15:20:06.596root 11241100x8000000000000000717396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc297cee916992b62023-02-07 15:20:06.596root 11241100x8000000000000000717395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1ed8115d79c4432023-02-07 15:20:06.596root 11241100x8000000000000000717394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6268ad8f59dadb7c2023-02-07 15:20:06.596root 11241100x8000000000000000717405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1b715c855304d12023-02-07 15:20:06.597root 11241100x8000000000000000717404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca78b5de6a2b41f12023-02-07 15:20:06.597root 11241100x8000000000000000717403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74140418cdf5f5792023-02-07 15:20:06.597root 11241100x8000000000000000717402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe000306c46171802023-02-07 15:20:06.597root 11241100x8000000000000000717401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179c5953ed063f4b2023-02-07 15:20:06.597root 11241100x8000000000000000717400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b642d3f5e3142cf2023-02-07 15:20:06.597root 11241100x8000000000000000717399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849d5fa4844c0962023-02-07 15:20:06.597root 11241100x8000000000000000717409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81e5a15129473ba2023-02-07 15:20:06.598root 11241100x8000000000000000717408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df447e292b5a4242023-02-07 15:20:06.598root 11241100x8000000000000000717407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe961c5d1458f212023-02-07 15:20:06.598root 11241100x8000000000000000717406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3d689b0d6a02b2023-02-07 15:20:06.598root 11241100x8000000000000000717412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a518f188b1e62cde2023-02-07 15:20:06.599root 11241100x8000000000000000717411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02501e6a91eaf822023-02-07 15:20:06.599root 11241100x8000000000000000717410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cb8be174274ed72023-02-07 15:20:06.599root 11241100x8000000000000000717416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daaf92fd10512d82023-02-07 15:20:06.600root 11241100x8000000000000000717415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad6e38f182ce28a2023-02-07 15:20:06.600root 11241100x8000000000000000717414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab7d85a203d33662023-02-07 15:20:06.600root 11241100x8000000000000000717413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f59e7d2d45d5812023-02-07 15:20:06.600root 11241100x8000000000000000717418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0b5fc5f70bb1d72023-02-07 15:20:06.602root 11241100x8000000000000000717417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c740af4a2df373b2023-02-07 15:20:06.602root 11241100x8000000000000000717423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a770c5fdb3e272902023-02-07 15:20:06.603root 11241100x8000000000000000717422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23c580e0fcb422b2023-02-07 15:20:06.603root 11241100x8000000000000000717421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5e3bd75db476482023-02-07 15:20:06.603root 11241100x8000000000000000717420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5991e82dea0570af2023-02-07 15:20:06.603root 11241100x8000000000000000717419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.603{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88cf12cd2f170772023-02-07 15:20:06.603root 11241100x8000000000000000717426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fb2599fcd807572023-02-07 15:20:06.604root 11241100x8000000000000000717425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af587fd003aa3c62023-02-07 15:20:06.604root 11241100x8000000000000000717424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:06.604{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac69859fd1fd49672023-02-07 15:20:06.604root 11241100x8000000000000000717429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833fad0bec42a3f32023-02-07 15:20:07.095root 11241100x8000000000000000717428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be3f1eacbe47e502023-02-07 15:20:07.095root 11241100x8000000000000000717427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94bcdaf367997792023-02-07 15:20:07.095root 11241100x8000000000000000717438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c71762e530f9ec2023-02-07 15:20:07.096root 11241100x8000000000000000717437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95079abaf616fb562023-02-07 15:20:07.096root 11241100x8000000000000000717436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6de7ca7fd7dd54e2023-02-07 15:20:07.096root 11241100x8000000000000000717435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f4363ac0a021a2023-02-07 15:20:07.096root 11241100x8000000000000000717434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6c43c87e46ca5c2023-02-07 15:20:07.096root 11241100x8000000000000000717433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450f1533398f1fb92023-02-07 15:20:07.096root 11241100x8000000000000000717432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408276a5cf43ace62023-02-07 15:20:07.096root 11241100x8000000000000000717431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6891b9895f52db122023-02-07 15:20:07.096root 11241100x8000000000000000717430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2acce4f85cc31832023-02-07 15:20:07.096root 11241100x8000000000000000717442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0c93259688e8b52023-02-07 15:20:07.097root 11241100x8000000000000000717441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b64ba81d97bacb2023-02-07 15:20:07.097root 11241100x8000000000000000717440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297ef2433c5637272023-02-07 15:20:07.097root 11241100x8000000000000000717439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc73196f2d39d8432023-02-07 15:20:07.097root 11241100x8000000000000000717448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365602b82b0a81d2023-02-07 15:20:07.098root 11241100x8000000000000000717447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5226c64971f9b1e12023-02-07 15:20:07.098root 11241100x8000000000000000717446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa4f7df7189f7a12023-02-07 15:20:07.098root 11241100x8000000000000000717445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa3272dded90852023-02-07 15:20:07.098root 11241100x8000000000000000717444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addb2c37410419992023-02-07 15:20:07.098root 11241100x8000000000000000717443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa12949a02a95052023-02-07 15:20:07.098root 11241100x8000000000000000717451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81332460667fdbed2023-02-07 15:20:07.099root 11241100x8000000000000000717450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37454c294cf4d092023-02-07 15:20:07.099root 11241100x8000000000000000717449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbac7871c8b2f582023-02-07 15:20:07.099root 11241100x8000000000000000717456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03436541a0a5b3be2023-02-07 15:20:07.100root 11241100x8000000000000000717455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeacefdff4d00532023-02-07 15:20:07.100root 11241100x8000000000000000717454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d0239c6e1749d02023-02-07 15:20:07.100root 11241100x8000000000000000717453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fee4752fa2bfed2023-02-07 15:20:07.100root 11241100x8000000000000000717452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ab341eae586a0b2023-02-07 15:20:07.100root 11241100x8000000000000000717460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f9d365e543e1112023-02-07 15:20:07.101root 11241100x8000000000000000717459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ef51d489d01542023-02-07 15:20:07.101root 11241100x8000000000000000717458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802417d1aadab6222023-02-07 15:20:07.101root 11241100x8000000000000000717457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f38ee4c3016bf622023-02-07 15:20:07.101root 11241100x8000000000000000717467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89be0a0076d8e6802023-02-07 15:20:07.595root 11241100x8000000000000000717466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e058fb93f6441922023-02-07 15:20:07.595root 11241100x8000000000000000717465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06af00e2675abd862023-02-07 15:20:07.595root 11241100x8000000000000000717464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04dcdd7093eb3bf2023-02-07 15:20:07.595root 11241100x8000000000000000717463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0641e4fd284507df2023-02-07 15:20:07.595root 11241100x8000000000000000717462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a4fa2fcbdf2fc2023-02-07 15:20:07.595root 11241100x8000000000000000717461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5002f3d740dcf79e2023-02-07 15:20:07.595root 11241100x8000000000000000717475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce86d47b81a28b9d2023-02-07 15:20:07.596root 11241100x8000000000000000717474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18831d1e28f398df2023-02-07 15:20:07.596root 11241100x8000000000000000717473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d179bfeeb6099572023-02-07 15:20:07.596root 11241100x8000000000000000717472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f78dba5fc65af082023-02-07 15:20:07.596root 11241100x8000000000000000717471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f12535615ed23c12023-02-07 15:20:07.596root 11241100x8000000000000000717470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055bbe8edf4509e72023-02-07 15:20:07.596root 11241100x8000000000000000717469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1fee711b64c80a2023-02-07 15:20:07.596root 11241100x8000000000000000717468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b31360f8aa15b3d2023-02-07 15:20:07.596root 154100x8000000000000000717521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:25.989{ec244aba-6c39-63e2-e8a6-0d9485550000}6234/bin/ls-----ls --color=auto -l/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 534500x8000000000000000717522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:25.991{ec244aba-6c39-63e2-e8a6-0d9485550000}6234/bin/lsubuntu 11241100x8000000000000000717524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:26.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12905200ca40e48b2023-02-07 15:20:26.345root 11241100x8000000000000000717523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:26.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165501abe44e78882023-02-07 15:20:26.345root 11241100x8000000000000000717526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4de6fdd55b10ba02023-02-07 15:20:26.845root 11241100x8000000000000000717525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:26.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c7745e7a9f1442023-02-07 15:20:26.845root 11241100x8000000000000000717528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:27.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319a7f9a26e8d4ff2023-02-07 15:20:27.345root 11241100x8000000000000000717527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:27.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e091edffa15d2b472023-02-07 15:20:27.345root 23542300x8000000000000000717529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:27.729{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000717532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:27.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8f389e3b6093f22023-02-07 15:20:27.730root 11241100x8000000000000000717531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:27.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653a24478508f9e02023-02-07 15:20:27.730root 11241100x8000000000000000717530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:27.730{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464f5cf1806714bb2023-02-07 15:20:27.730root 11241100x8000000000000000717535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb604e10f136f7a2023-02-07 15:20:28.095root 11241100x8000000000000000717534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18043aef5b669f12023-02-07 15:20:28.095root 11241100x8000000000000000717533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3462af4cda3fde4a2023-02-07 15:20:28.095root 11241100x8000000000000000717538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4cff4c8f2d58c82023-02-07 15:20:28.595root 11241100x8000000000000000717537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b834028a235a34192023-02-07 15:20:28.595root 11241100x8000000000000000717536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb74632c88191b72023-02-07 15:20:28.595root 11241100x8000000000000000717540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e304ba8077891ab02023-02-07 15:20:29.095root 11241100x8000000000000000717539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021fdd4dc42b3f832023-02-07 15:20:29.095root 11241100x8000000000000000717541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bff339520c01fc2023-02-07 15:20:29.096root 354300x8000000000000000717542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.219{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38236-false10.0.1.12-8000- 11241100x8000000000000000717544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d336200ec7d00c2023-02-07 15:20:29.595root 11241100x8000000000000000717543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539232b6465a3f5c2023-02-07 15:20:29.595root 11241100x8000000000000000717546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d0fe056adc2802023-02-07 15:20:29.596root 11241100x8000000000000000717545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcde40c9be5294db2023-02-07 15:20:29.596root 11241100x8000000000000000717550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcdb6a261ea8c9f2023-02-07 15:20:30.095root 11241100x8000000000000000717549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e73c17897a3cfa22023-02-07 15:20:30.095root 11241100x8000000000000000717548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9323c1682c3beec2023-02-07 15:20:30.095root 11241100x8000000000000000717547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2538c3f9c39c22f42023-02-07 15:20:30.095root 11241100x8000000000000000717554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ed99688a843c982023-02-07 15:20:30.595root 11241100x8000000000000000717553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6caa09316d23012023-02-07 15:20:30.595root 11241100x8000000000000000717552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af09b3b87524af222023-02-07 15:20:30.595root 11241100x8000000000000000717551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55650b36fcbf6192023-02-07 15:20:30.595root 11241100x8000000000000000717558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb43a81778f82f92023-02-07 15:20:31.095root 11241100x8000000000000000717557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0692eb871c1136d2023-02-07 15:20:31.095root 11241100x8000000000000000717556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fa1d265db131b12023-02-07 15:20:31.095root 11241100x8000000000000000717555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bae7cdf7e96b542023-02-07 15:20:31.095root 11241100x8000000000000000717562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e8b131857778222023-02-07 15:20:31.595root 11241100x8000000000000000717561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e853bd079faff4102023-02-07 15:20:31.595root 11241100x8000000000000000717560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179d7573fc634cea2023-02-07 15:20:31.595root 11241100x8000000000000000717559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac90bdb4874916e02023-02-07 15:20:31.595root 11241100x8000000000000000717566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8a2bfc26e4d9102023-02-07 15:20:32.095root 11241100x8000000000000000717565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0857e657aa6a30a12023-02-07 15:20:32.095root 11241100x8000000000000000717564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fec0c9dd5f677762023-02-07 15:20:32.095root 11241100x8000000000000000717563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b13de84cdd21fe02023-02-07 15:20:32.095root 11241100x8000000000000000717570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a880e16e206681a2023-02-07 15:20:32.595root 11241100x8000000000000000717569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7972fbdc1e2b60af2023-02-07 15:20:32.595root 11241100x8000000000000000717568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b787d712e585c1012023-02-07 15:20:32.595root 11241100x8000000000000000717567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f33290bf21b38452023-02-07 15:20:32.595root 11241100x8000000000000000717574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd0021362435d072023-02-07 15:20:33.095root 11241100x8000000000000000717573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a8e7e985f1ce7a2023-02-07 15:20:33.095root 11241100x8000000000000000717572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0e08385691c6e42023-02-07 15:20:33.095root 11241100x8000000000000000717571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d30508c8e727712023-02-07 15:20:33.095root 11241100x8000000000000000717578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf1e7ac51acf13b2023-02-07 15:20:33.595root 11241100x8000000000000000717577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5383c069dd147a902023-02-07 15:20:33.595root 11241100x8000000000000000717576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06be9e2834fd702c2023-02-07 15:20:33.595root 11241100x8000000000000000717575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba72f1318ceb5e32023-02-07 15:20:33.595root 11241100x8000000000000000717582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75218ef2cd32f6b82023-02-07 15:20:34.095root 11241100x8000000000000000717581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f6d3ad5ddd4172023-02-07 15:20:34.095root 11241100x8000000000000000717580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324a7eb55fc2fe042023-02-07 15:20:34.095root 11241100x8000000000000000717579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ae87dfb0fedc7c2023-02-07 15:20:34.095root 11241100x8000000000000000717585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbb2ab5549aca322023-02-07 15:20:34.595root 11241100x8000000000000000717584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec442e26c40189582023-02-07 15:20:34.595root 11241100x8000000000000000717583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e0c3712bea2bd12023-02-07 15:20:34.595root 11241100x8000000000000000717586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72cb9fb316f8c3b2023-02-07 15:20:34.596root 11241100x8000000000000000717590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944f8a500d99eba42023-02-07 15:20:35.095root 11241100x8000000000000000717589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7038b9e228360d9b2023-02-07 15:20:35.095root 11241100x8000000000000000717588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4cd018d0b130ac2023-02-07 15:20:35.095root 11241100x8000000000000000717587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c21f587c83bed5c2023-02-07 15:20:35.095root 354300x8000000000000000717591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.164{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55152-false10.0.1.12-8000- 11241100x8000000000000000717595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd2dce508cdbfac2023-02-07 15:20:35.595root 11241100x8000000000000000717594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa98e2292a43a9a72023-02-07 15:20:35.595root 11241100x8000000000000000717593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00975cd34e32f5aa2023-02-07 15:20:35.595root 11241100x8000000000000000717592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25bfa70164cdb962023-02-07 15:20:35.595root 11241100x8000000000000000717596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be3d3a29b217f462023-02-07 15:20:35.596root 11241100x8000000000000000717600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee183b8e94234532023-02-07 15:20:36.095root 11241100x8000000000000000717599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3258b2dcddc6fd2023-02-07 15:20:36.095root 11241100x8000000000000000717598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b542f398dcb9fbec2023-02-07 15:20:36.095root 11241100x8000000000000000717597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b772000ee6b648a32023-02-07 15:20:36.095root 11241100x8000000000000000717601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e96887736da68ca2023-02-07 15:20:36.096root 11241100x8000000000000000717605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f349c2279fdcb5d02023-02-07 15:20:36.595root 11241100x8000000000000000717604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889edcc0ca7938882023-02-07 15:20:36.595root 11241100x8000000000000000717603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c817daa734c5cf2023-02-07 15:20:36.595root 11241100x8000000000000000717602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13aac7126592e12023-02-07 15:20:36.595root 11241100x8000000000000000717606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce659d895004d702023-02-07 15:20:36.596root 11241100x8000000000000000717610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa707d7fb5e643802023-02-07 15:20:37.095root 11241100x8000000000000000717609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e85c7ed7476b082023-02-07 15:20:37.095root 11241100x8000000000000000717608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73536244e4cfd7b2023-02-07 15:20:37.095root 11241100x8000000000000000717607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917ea91b9f264aee2023-02-07 15:20:37.095root 11241100x8000000000000000717611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2ba96c2b2ff33d2023-02-07 15:20:37.096root 11241100x8000000000000000717615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443a9c65cf487b7f2023-02-07 15:20:37.595root 11241100x8000000000000000717614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47d1af98c9570c92023-02-07 15:20:37.595root 11241100x8000000000000000717613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ee4d14caa5d89d2023-02-07 15:20:37.595root 11241100x8000000000000000717612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdb1f247198fd0a2023-02-07 15:20:37.595root 11241100x8000000000000000717616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad517ad0c33b4ce2023-02-07 15:20:37.596root 11241100x8000000000000000717620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84bcf06a3da56d32023-02-07 15:20:38.095root 11241100x8000000000000000717619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d21aff2e85794d82023-02-07 15:20:38.095root 11241100x8000000000000000717618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0a49af01a880a02023-02-07 15:20:38.095root 11241100x8000000000000000717617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d01b47a10a20842023-02-07 15:20:38.095root 11241100x8000000000000000717621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d61352413758812023-02-07 15:20:38.096root 11241100x8000000000000000717626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b628244acf6cd492023-02-07 15:20:38.595root 11241100x8000000000000000717625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c57dce730e76792023-02-07 15:20:38.595root 11241100x8000000000000000717624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2701d2ee44edf412023-02-07 15:20:38.595root 11241100x8000000000000000717623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f8d20aec29cbe62023-02-07 15:20:38.595root 11241100x8000000000000000717622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:38.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bce389214ec4112023-02-07 15:20:38.595root 11241100x8000000000000000717631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c7944c5cbe51ca2023-02-07 15:20:39.095root 11241100x8000000000000000717630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756b54ab96333fde2023-02-07 15:20:39.095root 11241100x8000000000000000717629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17df8a68c425740b2023-02-07 15:20:39.095root 11241100x8000000000000000717628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c5ea517d80ae9b2023-02-07 15:20:39.095root 11241100x8000000000000000717627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba7de4d157e15e12023-02-07 15:20:39.095root 11241100x8000000000000000717636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5055aab8c92d19312023-02-07 15:20:39.595root 11241100x8000000000000000717635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d766b2cb8ba8b28b2023-02-07 15:20:39.595root 11241100x8000000000000000717634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dd43cf90aa98dc2023-02-07 15:20:39.595root 11241100x8000000000000000717633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cec365522303fa22023-02-07 15:20:39.595root 11241100x8000000000000000717632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b219e54244b5bab2023-02-07 15:20:39.595root 11241100x8000000000000000717641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8ced4f222c094a2023-02-07 15:20:40.095root 11241100x8000000000000000717640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb07c7cf4c558472023-02-07 15:20:40.095root 11241100x8000000000000000717639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea8f4bc3a4708342023-02-07 15:20:40.095root 11241100x8000000000000000717638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f23f6f43ef091092023-02-07 15:20:40.095root 11241100x8000000000000000717637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fad3fa8af63ae22023-02-07 15:20:40.095root 354300x8000000000000000717642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.174{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55158-false10.0.1.12-8000- 11241100x8000000000000000717643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f666e72998e4130b2023-02-07 15:20:40.595root 11241100x8000000000000000717648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4217232a98f7182023-02-07 15:20:40.596root 11241100x8000000000000000717647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8376e78e503e76842023-02-07 15:20:40.596root 11241100x8000000000000000717646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc177fac2d2cd2c02023-02-07 15:20:40.596root 11241100x8000000000000000717645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88474b5422ceeee42023-02-07 15:20:40.596root 11241100x8000000000000000717644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7011a211e5e2e9f12023-02-07 15:20:40.596root 11241100x8000000000000000717650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff14d15da7883ef2023-02-07 15:20:41.095root 11241100x8000000000000000717649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce658a83d8ee936a2023-02-07 15:20:41.095root 11241100x8000000000000000717652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79845f2d0d76433f2023-02-07 15:20:41.096root 11241100x8000000000000000717651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620679e6ff9fb4492023-02-07 15:20:41.096root 11241100x8000000000000000717654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa0aff8805f95832023-02-07 15:20:41.097root 11241100x8000000000000000717653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281a71e7665796d92023-02-07 15:20:41.097root 11241100x8000000000000000717659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae77fbc17f8aff6b2023-02-07 15:20:41.595root 11241100x8000000000000000717658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6943b4a81911a92023-02-07 15:20:41.595root 11241100x8000000000000000717657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f8418af151fb342023-02-07 15:20:41.595root 11241100x8000000000000000717656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3687296b1b3809922023-02-07 15:20:41.595root 11241100x8000000000000000717655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127a271c11759c532023-02-07 15:20:41.595root 11241100x8000000000000000717660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7242839054bbf5cf2023-02-07 15:20:41.596root 11241100x8000000000000000717665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fadda85c1b5c062023-02-07 15:20:42.095root 11241100x8000000000000000717664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66285a6c2ce9bd122023-02-07 15:20:42.095root 11241100x8000000000000000717663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf57b4c9ea9e94c42023-02-07 15:20:42.095root 11241100x8000000000000000717662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e758a440494481c92023-02-07 15:20:42.095root 11241100x8000000000000000717661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d4b1613769e6252023-02-07 15:20:42.095root 11241100x8000000000000000717666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19979d1a47c559c82023-02-07 15:20:42.096root 11241100x8000000000000000717671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11226eb6fbd5bc5f2023-02-07 15:20:42.595root 11241100x8000000000000000717670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc872040c2346602023-02-07 15:20:42.595root 11241100x8000000000000000717669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5253502fc59ffa752023-02-07 15:20:42.595root 11241100x8000000000000000717668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bb5e37fd1061f82023-02-07 15:20:42.595root 11241100x8000000000000000717667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f5982b227b81842023-02-07 15:20:42.595root 11241100x8000000000000000717672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682a3ddff2f39d092023-02-07 15:20:42.596root 11241100x8000000000000000717674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7360ac8dd2e037e2023-02-07 15:20:43.095root 11241100x8000000000000000717673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4160e386042fc9c52023-02-07 15:20:43.095root 11241100x8000000000000000717678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e7b33db1838f652023-02-07 15:20:43.096root 11241100x8000000000000000717677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b14ccafb09f7a22023-02-07 15:20:43.096root 11241100x8000000000000000717676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bf6ebd168fc0392023-02-07 15:20:43.096root 11241100x8000000000000000717675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdd999b6121ac842023-02-07 15:20:43.096root 11241100x8000000000000000717683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfea9f02777cba52023-02-07 15:20:43.595root 11241100x8000000000000000717682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59c4735539fb7242023-02-07 15:20:43.595root 11241100x8000000000000000717681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8713e51161736cdb2023-02-07 15:20:43.595root 11241100x8000000000000000717680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d639addfb604362023-02-07 15:20:43.595root 11241100x8000000000000000717679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653ffa4b459b74bf2023-02-07 15:20:43.595root 11241100x8000000000000000717684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ff18116bdf5da02023-02-07 15:20:43.596root 11241100x8000000000000000717688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3b89c115006a102023-02-07 15:20:44.095root 11241100x8000000000000000717687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c603eb09fffc952023-02-07 15:20:44.095root 11241100x8000000000000000717686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56353589e5d8dc642023-02-07 15:20:44.095root 11241100x8000000000000000717685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd08b21412392612023-02-07 15:20:44.095root 11241100x8000000000000000717690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fbd9a6060c1e92023-02-07 15:20:44.096root 11241100x8000000000000000717689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c8eed5491630662023-02-07 15:20:44.096root 11241100x8000000000000000717692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77aa6e672187dc12023-02-07 15:20:44.595root 11241100x8000000000000000717691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d137e5db00c3ed2023-02-07 15:20:44.595root 11241100x8000000000000000717696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2777580d46e2f37a2023-02-07 15:20:44.596root 11241100x8000000000000000717695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e5517750e1e00b2023-02-07 15:20:44.596root 11241100x8000000000000000717694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cd363fb069e7de2023-02-07 15:20:44.596root 11241100x8000000000000000717693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89a6bf8aba295f82023-02-07 15:20:44.596root 11241100x8000000000000000717701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ad79ad7937d2922023-02-07 15:20:45.095root 11241100x8000000000000000717700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4700a8b759bba9462023-02-07 15:20:45.095root 11241100x8000000000000000717699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1113eeb7c1cf2ed2023-02-07 15:20:45.095root 11241100x8000000000000000717698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e92f797e0c3bab72023-02-07 15:20:45.095root 11241100x8000000000000000717697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0964c95bc09e7de62023-02-07 15:20:45.095root 11241100x8000000000000000717702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6f72d51c7efac92023-02-07 15:20:45.096root 11241100x8000000000000000717705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd47f45f61ef314f2023-02-07 15:20:45.596root 11241100x8000000000000000717704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3566544c37aa892023-02-07 15:20:45.596root 11241100x8000000000000000717703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c268e02f76583772023-02-07 15:20:45.596root 11241100x8000000000000000717708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4a242fd9c7a2242023-02-07 15:20:45.597root 11241100x8000000000000000717707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3c2031750e0ea82023-02-07 15:20:45.597root 11241100x8000000000000000717706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac4ee751e88bc472023-02-07 15:20:45.597root 354300x8000000000000000717709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.015{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59066-false10.0.1.12-8000- 11241100x8000000000000000717713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde25036439dc1152023-02-07 15:20:46.016root 11241100x8000000000000000717712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceeb97384ff74552023-02-07 15:20:46.016root 11241100x8000000000000000717711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be76e168e64dfbed2023-02-07 15:20:46.016root 11241100x8000000000000000717710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.016{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fb532f81b50a012023-02-07 15:20:46.016root 11241100x8000000000000000717716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84c3c6b7c3fb0852023-02-07 15:20:46.017root 11241100x8000000000000000717715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b20b1f30569e092023-02-07 15:20:46.017root 11241100x8000000000000000717714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.017{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b97425a57f344ce2023-02-07 15:20:46.017root 11241100x8000000000000000717723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607c6098b87a94422023-02-07 15:20:46.345root 11241100x8000000000000000717722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c301ecc02d86df92023-02-07 15:20:46.345root 11241100x8000000000000000717721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8239beb2f7256e2023-02-07 15:20:46.345root 11241100x8000000000000000717720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94ebbb6d19fa81a2023-02-07 15:20:46.345root 11241100x8000000000000000717719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7f5a405aac34b22023-02-07 15:20:46.345root 11241100x8000000000000000717718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4fc3d95e1c19752023-02-07 15:20:46.345root 11241100x8000000000000000717717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dedbab29fb628d2023-02-07 15:20:46.345root 11241100x8000000000000000717729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a931723a90a03f2023-02-07 15:20:46.845root 11241100x8000000000000000717728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c815d3267d165122023-02-07 15:20:46.845root 11241100x8000000000000000717727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fa59de535228592023-02-07 15:20:46.845root 11241100x8000000000000000717726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef5b9936b4273382023-02-07 15:20:46.845root 11241100x8000000000000000717725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d7b27e3e17de3b2023-02-07 15:20:46.845root 11241100x8000000000000000717724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41c0f04b75b39dd2023-02-07 15:20:46.845root 11241100x8000000000000000717730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:46.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4e271716e25e702023-02-07 15:20:46.846root 11241100x8000000000000000717735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf623b036fdab482023-02-07 15:20:47.345root 11241100x8000000000000000717734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb79fba296e92842023-02-07 15:20:47.345root 11241100x8000000000000000717733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09842328102474492023-02-07 15:20:47.345root 11241100x8000000000000000717732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a151c75e6c7cd752023-02-07 15:20:47.345root 11241100x8000000000000000717731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655a7cd7b6f32aa82023-02-07 15:20:47.345root 11241100x8000000000000000717737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6684df6e3ab5b7df2023-02-07 15:20:47.346root 11241100x8000000000000000717736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35da6543e4a90c1c2023-02-07 15:20:47.346root 11241100x8000000000000000717743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105580b5f47dcaf22023-02-07 15:20:47.845root 11241100x8000000000000000717742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a8c45ae22e34892023-02-07 15:20:47.845root 11241100x8000000000000000717741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a5948c0da5305d2023-02-07 15:20:47.845root 11241100x8000000000000000717740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa75f4c9d2c8aaa32023-02-07 15:20:47.845root 11241100x8000000000000000717739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61d9cd53d4ae5d72023-02-07 15:20:47.845root 11241100x8000000000000000717738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b2c533d3b467a62023-02-07 15:20:47.845root 11241100x8000000000000000717744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbd44c8313fcd5d2023-02-07 15:20:47.846root 11241100x8000000000000000717750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0112d49516590042023-02-07 15:20:48.345root 11241100x8000000000000000717749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a845ca5f88d516162023-02-07 15:20:48.345root 11241100x8000000000000000717748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cf6b5eb24c71f82023-02-07 15:20:48.345root 11241100x8000000000000000717747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33006c8f484171ae2023-02-07 15:20:48.345root 11241100x8000000000000000717746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210006c58493fa212023-02-07 15:20:48.345root 11241100x8000000000000000717745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390b4565bde197ac2023-02-07 15:20:48.345root 11241100x8000000000000000717751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe306d2060c37442023-02-07 15:20:48.346root 11241100x8000000000000000717755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b438de66275db6f2023-02-07 15:20:48.845root 11241100x8000000000000000717754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5236b8faf424d072023-02-07 15:20:48.845root 11241100x8000000000000000717753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2dad1f49d198392023-02-07 15:20:48.845root 11241100x8000000000000000717752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c29804038c020d2023-02-07 15:20:48.845root 11241100x8000000000000000717758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208804b82d05ce732023-02-07 15:20:48.846root 11241100x8000000000000000717757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56186ff115b14ed12023-02-07 15:20:48.846root 11241100x8000000000000000717756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2345cfa2b62bf72023-02-07 15:20:48.846root 11241100x8000000000000000717762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914f85f9517157732023-02-07 15:20:49.345root 11241100x8000000000000000717761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8ce98fe78780e42023-02-07 15:20:49.345root 11241100x8000000000000000717760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e25107a42c8881e2023-02-07 15:20:49.345root 11241100x8000000000000000717759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7705384b3a4b80522023-02-07 15:20:49.345root 11241100x8000000000000000717765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddc56c08151a84b2023-02-07 15:20:49.346root 11241100x8000000000000000717764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea6329e72f7b5062023-02-07 15:20:49.346root 11241100x8000000000000000717763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535a294e8ce4969a2023-02-07 15:20:49.346root 11241100x8000000000000000717769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541624756d08d3a02023-02-07 15:20:49.845root 11241100x8000000000000000717768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a90de49f6eeb52023-02-07 15:20:49.845root 11241100x8000000000000000717767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c6dd7f9827669d2023-02-07 15:20:49.845root 11241100x8000000000000000717766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e83f4cd482acb442023-02-07 15:20:49.845root 11241100x8000000000000000717772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90dd47aa104f3312023-02-07 15:20:49.846root 11241100x8000000000000000717771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eebf8c5af434752023-02-07 15:20:49.846root 11241100x8000000000000000717770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4b7aaac1a04ac2023-02-07 15:20:49.846root 11241100x8000000000000000717778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c207eef80aa82e7c2023-02-07 15:20:50.345root 11241100x8000000000000000717777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3413657c214167f2023-02-07 15:20:50.345root 11241100x8000000000000000717776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f75610f977eb3f22023-02-07 15:20:50.345root 11241100x8000000000000000717775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373f1ad0bc54f9622023-02-07 15:20:50.345root 11241100x8000000000000000717774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a42315e342722a02023-02-07 15:20:50.345root 11241100x8000000000000000717773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0130d85d4d3c6992023-02-07 15:20:50.345root 11241100x8000000000000000717779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a98860587677a92023-02-07 15:20:50.346root 11241100x8000000000000000717782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0184970f01a3725d2023-02-07 15:20:50.845root 11241100x8000000000000000717781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d367dc38316580262023-02-07 15:20:50.845root 11241100x8000000000000000717780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805415dd91cc2cbd2023-02-07 15:20:50.845root 11241100x8000000000000000717786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60bcfd4e4df5f622023-02-07 15:20:50.846root 11241100x8000000000000000717785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27e0b1b64edd44a2023-02-07 15:20:50.846root 11241100x8000000000000000717784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38e50b207e201d92023-02-07 15:20:50.846root 11241100x8000000000000000717783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ffe94499063132023-02-07 15:20:50.846root 354300x8000000000000000717787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.159{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59080-false10.0.1.12-8000- 11241100x8000000000000000717795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9105770afbd177a02023-02-07 15:20:51.160root 11241100x8000000000000000717794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc839347fc39cf712023-02-07 15:20:51.160root 11241100x8000000000000000717793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a256bd199037cc2023-02-07 15:20:51.160root 11241100x8000000000000000717792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff079bcf9f7489bf2023-02-07 15:20:51.160root 11241100x8000000000000000717791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c9a737afc568302023-02-07 15:20:51.160root 11241100x8000000000000000717790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6106842e65a0a142023-02-07 15:20:51.160root 11241100x8000000000000000717789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e47851c74c7f612023-02-07 15:20:51.160root 11241100x8000000000000000717788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.160{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997d5953738131782023-02-07 15:20:51.160root 11241100x8000000000000000717801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7d740a067d75e52023-02-07 15:20:51.595root 11241100x8000000000000000717800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b17a555ae2066a52023-02-07 15:20:51.595root 11241100x8000000000000000717799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c85bb71af8aa032023-02-07 15:20:51.595root 11241100x8000000000000000717798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27b7cea41ef0f742023-02-07 15:20:51.595root 11241100x8000000000000000717797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9a1b9e7b15cabc2023-02-07 15:20:51.595root 11241100x8000000000000000717796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592f6d2b129cc0eb2023-02-07 15:20:51.595root 11241100x8000000000000000717803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09457885abc345ca2023-02-07 15:20:51.596root 11241100x8000000000000000717802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:51.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a24cd21b50f3a92023-02-07 15:20:51.596root 11241100x8000000000000000717808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4085f13a0460f02023-02-07 15:20:52.095root 11241100x8000000000000000717807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3523bd2494c99a142023-02-07 15:20:52.095root 11241100x8000000000000000717806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6d92c99a82cb9e2023-02-07 15:20:52.095root 11241100x8000000000000000717805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dac73173b593702023-02-07 15:20:52.095root 11241100x8000000000000000717804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5605969ab63114f12023-02-07 15:20:52.095root 11241100x8000000000000000717811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa68b14480ccabc2023-02-07 15:20:52.096root 11241100x8000000000000000717810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e216f5092c77ecee2023-02-07 15:20:52.096root 11241100x8000000000000000717809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3e4c38d15852482023-02-07 15:20:52.096root 11241100x8000000000000000717819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcde00923b311702023-02-07 15:20:52.596root 11241100x8000000000000000717818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2eab12feed59342023-02-07 15:20:52.596root 11241100x8000000000000000717817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c86f0b5cd5504d2023-02-07 15:20:52.596root 11241100x8000000000000000717816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c8677e8eb0f0462023-02-07 15:20:52.596root 11241100x8000000000000000717815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66629673443474182023-02-07 15:20:52.596root 11241100x8000000000000000717814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b45676e5efc550a2023-02-07 15:20:52.596root 11241100x8000000000000000717813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659b4a646491e74a2023-02-07 15:20:52.596root 11241100x8000000000000000717812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:52.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fdaecfccff26cb2023-02-07 15:20:52.596root 11241100x8000000000000000717821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d0ef84fedbf5982023-02-07 15:20:53.095root 11241100x8000000000000000717820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10d924c3bb2c8272023-02-07 15:20:53.095root 11241100x8000000000000000717826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3e7870920967052023-02-07 15:20:53.096root 11241100x8000000000000000717825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb14b125167840c2023-02-07 15:20:53.096root 11241100x8000000000000000717824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9a6e663170be2d2023-02-07 15:20:53.096root 11241100x8000000000000000717823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2f22ba859737552023-02-07 15:20:53.096root 11241100x8000000000000000717822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbfd1de959c69382023-02-07 15:20:53.096root 11241100x8000000000000000717827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0fdb45638b7c252023-02-07 15:20:53.097root 11241100x8000000000000000717829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9546d3c80ce179272023-02-07 15:20:53.595root 11241100x8000000000000000717828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad358b571d273fa52023-02-07 15:20:53.595root 11241100x8000000000000000717833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dd367a562f67612023-02-07 15:20:53.596root 11241100x8000000000000000717832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3785af13c6ee0782023-02-07 15:20:53.596root 11241100x8000000000000000717831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fe203cbe7e50a22023-02-07 15:20:53.596root 11241100x8000000000000000717830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1238b2aaa1422012023-02-07 15:20:53.596root 11241100x8000000000000000717835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6740de0c29c731602023-02-07 15:20:53.597root 11241100x8000000000000000717834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:53.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3631a30fad35b3192023-02-07 15:20:53.597root 11241100x8000000000000000717838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f77acdfc26160e2023-02-07 15:20:54.095root 11241100x8000000000000000717837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485ac6033d3b08ee2023-02-07 15:20:54.095root 11241100x8000000000000000717836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d3debfd6eae96c2023-02-07 15:20:54.095root 11241100x8000000000000000717843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72b99ba15be48542023-02-07 15:20:54.096root 11241100x8000000000000000717842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7943eda85d1629292023-02-07 15:20:54.096root 11241100x8000000000000000717841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cdbafeaefbf61f2023-02-07 15:20:54.096root 11241100x8000000000000000717840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8bdd6fd65a90da2023-02-07 15:20:54.096root 11241100x8000000000000000717839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2a3a942336f6372023-02-07 15:20:54.096root 11241100x8000000000000000717845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca51d88662c0e6ec2023-02-07 15:20:54.595root 11241100x8000000000000000717844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fff2f56dfb4fca2023-02-07 15:20:54.595root 11241100x8000000000000000717850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35006fb249924552023-02-07 15:20:54.596root 11241100x8000000000000000717849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8d5bd2fca09d212023-02-07 15:20:54.596root 11241100x8000000000000000717848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c6b0d2bec34fbe2023-02-07 15:20:54.596root 11241100x8000000000000000717847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68110e73059ecc092023-02-07 15:20:54.596root 11241100x8000000000000000717846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6530c95d55e8eb902023-02-07 15:20:54.596root 11241100x8000000000000000717851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fc125b0bb72f9b2023-02-07 15:20:54.597root 11241100x8000000000000000717852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:54.727{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:20:54.727root 11241100x8000000000000000717854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da322213a98d3012023-02-07 15:20:55.095root 11241100x8000000000000000717853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54a8faafdacabb2023-02-07 15:20:55.095root 11241100x8000000000000000717858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbdddfe617545772023-02-07 15:20:55.096root 11241100x8000000000000000717857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821a0145932ba0632023-02-07 15:20:55.096root 11241100x8000000000000000717856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73a2a3f0e74b9d2023-02-07 15:20:55.096root 11241100x8000000000000000717855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b80deae3336b032023-02-07 15:20:55.096root 11241100x8000000000000000717861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea40860586081bb72023-02-07 15:20:55.097root 11241100x8000000000000000717860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71532b23c54ddef12023-02-07 15:20:55.097root 11241100x8000000000000000717859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bc630233713a8a2023-02-07 15:20:55.097root 11241100x8000000000000000717863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17bbe34621d3d932023-02-07 15:20:55.595root 11241100x8000000000000000717862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f051d941dff4b0c2023-02-07 15:20:55.595root 11241100x8000000000000000717867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032dab90f83b3f062023-02-07 15:20:55.596root 11241100x8000000000000000717866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e9f469570573b32023-02-07 15:20:55.596root 11241100x8000000000000000717865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9dbc8b3a618cb92023-02-07 15:20:55.596root 11241100x8000000000000000717864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2b2744447429e92023-02-07 15:20:55.596root 11241100x8000000000000000717870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30461af18416a2762023-02-07 15:20:55.597root 11241100x8000000000000000717869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b752eda17208f6b2023-02-07 15:20:55.597root 11241100x8000000000000000717868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c2cdeaf638613e2023-02-07 15:20:55.597root 11241100x8000000000000000717872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbbf141b6cf98c2023-02-07 15:20:56.095root 11241100x8000000000000000717871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b52b19261506e02023-02-07 15:20:56.095root 11241100x8000000000000000717877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b4e67de2235d582023-02-07 15:20:56.096root 11241100x8000000000000000717876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259ed26231a97ca42023-02-07 15:20:56.096root 11241100x8000000000000000717875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a7e563298974df2023-02-07 15:20:56.096root 11241100x8000000000000000717874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e876d6350dd44d42023-02-07 15:20:56.096root 11241100x8000000000000000717873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e66cb50ecae4f0e2023-02-07 15:20:56.096root 11241100x8000000000000000717879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f630ff7f0df89e042023-02-07 15:20:56.097root 11241100x8000000000000000717878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123b0eadbfa83f122023-02-07 15:20:56.097root 11241100x8000000000000000717881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b740dea0d6dc38042023-02-07 15:20:56.595root 11241100x8000000000000000717880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb21b9803f378b9d2023-02-07 15:20:56.595root 11241100x8000000000000000717885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78601e91b2856992023-02-07 15:20:56.596root 11241100x8000000000000000717884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf4acd2eef95a302023-02-07 15:20:56.596root 11241100x8000000000000000717883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726d374d2b3da892023-02-07 15:20:56.596root 11241100x8000000000000000717882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf84be4ac705f822023-02-07 15:20:56.596root 11241100x8000000000000000717888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94295b964ab29332023-02-07 15:20:56.597root 11241100x8000000000000000717887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dabe441d31557512023-02-07 15:20:56.597root 11241100x8000000000000000717886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780546d12d997df42023-02-07 15:20:56.597root 11241100x8000000000000000717890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8028db0224cda81e2023-02-07 15:20:57.095root 11241100x8000000000000000717889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d34f6fb93958ac2023-02-07 15:20:57.095root 11241100x8000000000000000717893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad8400c38af27f72023-02-07 15:20:57.096root 11241100x8000000000000000717892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7765bd7d6993be42023-02-07 15:20:57.096root 11241100x8000000000000000717891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395851e6b34a447a2023-02-07 15:20:57.096root 11241100x8000000000000000717896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e54449f9cf58502023-02-07 15:20:57.097root 11241100x8000000000000000717895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c346e6a674a38fcb2023-02-07 15:20:57.097root 11241100x8000000000000000717894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f063baa965a6f92023-02-07 15:20:57.097root 11241100x8000000000000000717897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd233e0d82f8cd672023-02-07 15:20:57.098root 354300x8000000000000000717898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.117{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34494-false10.0.1.12-8000- 11241100x8000000000000000717900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d3b0fbc57031932023-02-07 15:20:57.595root 11241100x8000000000000000717899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d930dcd0372683a72023-02-07 15:20:57.595root 11241100x8000000000000000717903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c418733a00e702023-02-07 15:20:57.596root 11241100x8000000000000000717902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed63e7ab97c9a842023-02-07 15:20:57.596root 11241100x8000000000000000717901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6741db968bcb6fa12023-02-07 15:20:57.596root 11241100x8000000000000000717907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db0ab8bd63abab22023-02-07 15:20:57.597root 11241100x8000000000000000717906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e07f4e5967c91d2023-02-07 15:20:57.597root 11241100x8000000000000000717905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1431691acdc24012023-02-07 15:20:57.597root 11241100x8000000000000000717904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76c2135f957e9962023-02-07 15:20:57.597root 11241100x8000000000000000717908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c27c665d3dc9dba2023-02-07 15:20:57.598root 23542300x8000000000000000717909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:57.728{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000717911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af472f1d7485e8692023-02-07 15:20:58.095root 11241100x8000000000000000717910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00eaa4c7f229c02023-02-07 15:20:58.095root 11241100x8000000000000000717918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6495c3b8a063a79e2023-02-07 15:20:58.096root 11241100x8000000000000000717917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8133e256b280bae2023-02-07 15:20:58.096root 11241100x8000000000000000717916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7118b124d888ac3d2023-02-07 15:20:58.096root 11241100x8000000000000000717915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef046e4ac001c7a2023-02-07 15:20:58.096root 11241100x8000000000000000717914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6a64d7ea253b022023-02-07 15:20:58.096root 11241100x8000000000000000717913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9726cf03198911772023-02-07 15:20:58.096root 11241100x8000000000000000717912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58032e1f161bef982023-02-07 15:20:58.096root 11241100x8000000000000000717920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7859ce36c00d22952023-02-07 15:20:58.097root 11241100x8000000000000000717919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942717347818b3192023-02-07 15:20:58.097root 11241100x8000000000000000717924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2f7e8fa5754a902023-02-07 15:20:58.595root 11241100x8000000000000000717923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9474ab07ad24b4042023-02-07 15:20:58.595root 11241100x8000000000000000717922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc53e19d308feac42023-02-07 15:20:58.595root 11241100x8000000000000000717921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beea6a23c5fc14f2023-02-07 15:20:58.595root 11241100x8000000000000000717930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ab1ccf586d32ea2023-02-07 15:20:58.596root 11241100x8000000000000000717929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6730e8255e7c70922023-02-07 15:20:58.596root 11241100x8000000000000000717928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7766c807227cf7f2023-02-07 15:20:58.596root 11241100x8000000000000000717927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73867851a8f850662023-02-07 15:20:58.596root 11241100x8000000000000000717926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4521b118821fe82023-02-07 15:20:58.596root 11241100x8000000000000000717925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6973c93a842dcb22023-02-07 15:20:58.596root 11241100x8000000000000000717931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19641f2ffaf5831c2023-02-07 15:20:58.597root 11241100x8000000000000000717933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d693f519aa2d542023-02-07 15:20:59.095root 11241100x8000000000000000717932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a833b26d69311ef2023-02-07 15:20:59.095root 11241100x8000000000000000717942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8bdf13606b13512023-02-07 15:20:59.096root 11241100x8000000000000000717941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1796f9843d366d22023-02-07 15:20:59.096root 11241100x8000000000000000717940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544867d4a78e83aa2023-02-07 15:20:59.096root 11241100x8000000000000000717939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d7eb3f6e8501d82023-02-07 15:20:59.096root 11241100x8000000000000000717938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971cb14d90f837782023-02-07 15:20:59.096root 11241100x8000000000000000717937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d8796b2019f75c2023-02-07 15:20:59.096root 11241100x8000000000000000717936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a7d89bdc75ed2d2023-02-07 15:20:59.096root 11241100x8000000000000000717935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f422bd3d5c9391452023-02-07 15:20:59.096root 11241100x8000000000000000717934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc26f1638dc876f42023-02-07 15:20:59.096root 154100x8000000000000000717943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.419{ec244aba-6c5b-63e2-68a4-22914e560000}6235/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 11241100x8000000000000000717945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.421{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de80e310c12c6c42023-02-07 15:20:59.421root 11241100x8000000000000000717944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.421{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d8179f68d997f82023-02-07 15:20:59.421root 11241100x8000000000000000717948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.422{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5a72ea95f61af62023-02-07 15:20:59.422root 11241100x8000000000000000717947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.422{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f63027c2dd5e3ec2023-02-07 15:20:59.422root 11241100x8000000000000000717946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.422{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69153d841c3995de2023-02-07 15:20:59.422root 11241100x8000000000000000717952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.423{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4565afa10c49c9c2023-02-07 15:20:59.423root 11241100x8000000000000000717951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.423{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaf7ec7181781f22023-02-07 15:20:59.423root 11241100x8000000000000000717950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.423{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bc29de67dda5232023-02-07 15:20:59.423root 11241100x8000000000000000717949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.423{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b9ebdc3e3132f72023-02-07 15:20:59.423root 11241100x8000000000000000717955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.424{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12e1d9c16b9b3c2023-02-07 15:20:59.424root 11241100x8000000000000000717954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.424{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302353113a0404492023-02-07 15:20:59.424root 11241100x8000000000000000717953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.424{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c22a10d3aff07422023-02-07 15:20:59.424root 534500x8000000000000000717956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.430{ec244aba-6c5b-63e2-68a4-22914e560000}6235/bin/psroot 11241100x8000000000000000717957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226196833e4d9d4b2023-02-07 15:20:59.845root 11241100x8000000000000000717961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27fc0ebb4b3b2512023-02-07 15:20:59.846root 11241100x8000000000000000717960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61ee9fde15af9082023-02-07 15:20:59.846root 11241100x8000000000000000717959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e759f37d0152cc2023-02-07 15:20:59.846root 11241100x8000000000000000717958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a776cdf46d4481bc2023-02-07 15:20:59.846root 11241100x8000000000000000717969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c39e986700c60a2023-02-07 15:20:59.847root 11241100x8000000000000000717968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa4c4b1d71333062023-02-07 15:20:59.847root 11241100x8000000000000000717967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171534233ad87a262023-02-07 15:20:59.847root 11241100x8000000000000000717966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b48b6c58403485e2023-02-07 15:20:59.847root 11241100x8000000000000000717965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e24e754fb32662023-02-07 15:20:59.847root 11241100x8000000000000000717964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb809daa93030d2023-02-07 15:20:59.847root 11241100x8000000000000000717963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedec972c8832ec12023-02-07 15:20:59.847root 11241100x8000000000000000717962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:20:59.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415e4e89a581c0fe2023-02-07 15:20:59.847root 11241100x8000000000000000717970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6360b325f6f6102023-02-07 15:21:00.345root 11241100x8000000000000000717972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab1471b1e02f3f32023-02-07 15:21:00.346root 11241100x8000000000000000717971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a3c85d63fb5c9b2023-02-07 15:21:00.346root 11241100x8000000000000000717982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972cbca5e71315222023-02-07 15:21:00.347root 11241100x8000000000000000717981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b466dae7362e782023-02-07 15:21:00.347root 11241100x8000000000000000717980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e10a166b873eb92023-02-07 15:21:00.347root 11241100x8000000000000000717979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca50f8ff8e94401e2023-02-07 15:21:00.347root 11241100x8000000000000000717978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daf561f0ca452ec2023-02-07 15:21:00.347root 11241100x8000000000000000717977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6dabfff9b03fbb2023-02-07 15:21:00.347root 11241100x8000000000000000717976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4492a0bb94f60d72023-02-07 15:21:00.347root 11241100x8000000000000000717975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2945b43938b0eadc2023-02-07 15:21:00.347root 11241100x8000000000000000717974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df36cccc332eb462023-02-07 15:21:00.347root 11241100x8000000000000000717973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec90cffc471baff82023-02-07 15:21:00.347root 11241100x8000000000000000717994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9e51c0a3efb1332023-02-07 15:21:00.846root 11241100x8000000000000000717993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c08f167428ab3a2023-02-07 15:21:00.846root 11241100x8000000000000000717992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb0102244768c5d2023-02-07 15:21:00.846root 11241100x8000000000000000717991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf070dae11279e72023-02-07 15:21:00.846root 11241100x8000000000000000717990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46bff15a233d9552023-02-07 15:21:00.846root 11241100x8000000000000000717989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26c6b39563ce70b2023-02-07 15:21:00.846root 11241100x8000000000000000717988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90b0ad047d539fe2023-02-07 15:21:00.846root 11241100x8000000000000000717987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3989ccbdcd2d99672023-02-07 15:21:00.846root 11241100x8000000000000000717986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3d590f94fda33e2023-02-07 15:21:00.846root 11241100x8000000000000000717985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cc77b7af9232ef2023-02-07 15:21:00.846root 11241100x8000000000000000717984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efb24bf6fee80ef2023-02-07 15:21:00.846root 11241100x8000000000000000717983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26cc489aa844f272023-02-07 15:21:00.846root 11241100x8000000000000000717995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:00.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6761296bb73e24e02023-02-07 15:21:00.847root 11241100x8000000000000000717997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bf40b771aedc762023-02-07 15:21:01.345root 11241100x8000000000000000717996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4107f13b55d0cb2023-02-07 15:21:01.345root 11241100x8000000000000000718007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41afe49ae4ba4cfa2023-02-07 15:21:01.346root 11241100x8000000000000000718006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef0b6420e750c2b2023-02-07 15:21:01.346root 11241100x8000000000000000718005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b636397b8e4e032023-02-07 15:21:01.346root 11241100x8000000000000000718004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb54627a1f3c85a2023-02-07 15:21:01.346root 11241100x8000000000000000718003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b59f532132569f2023-02-07 15:21:01.346root 11241100x8000000000000000718002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0e32b1e37b989b2023-02-07 15:21:01.346root 11241100x8000000000000000718001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7e30d231ef5a1d2023-02-07 15:21:01.346root 11241100x8000000000000000718000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc76e659c6ca17d2023-02-07 15:21:01.346root 11241100x8000000000000000717999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cb86af9266f5972023-02-07 15:21:01.346root 11241100x8000000000000000717998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebad737028bdcc762023-02-07 15:21:01.346root 11241100x8000000000000000718008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04feeb31648dd2582023-02-07 15:21:01.347root 11241100x8000000000000000718013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16728782d51d106c2023-02-07 15:21:01.846root 11241100x8000000000000000718012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69afbb8d1414f75c2023-02-07 15:21:01.846root 11241100x8000000000000000718011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c180c7734f87cc52023-02-07 15:21:01.846root 11241100x8000000000000000718010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7540258953cc017c2023-02-07 15:21:01.846root 11241100x8000000000000000718009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684de563537893a82023-02-07 15:21:01.846root 11241100x8000000000000000718019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9751fddd8f7ef12023-02-07 15:21:01.848root 11241100x8000000000000000718018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d50ca7285e4cd2023-02-07 15:21:01.848root 11241100x8000000000000000718017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c188bdecb682742023-02-07 15:21:01.848root 11241100x8000000000000000718016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f528e2bce93cee2023-02-07 15:21:01.848root 11241100x8000000000000000718015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f381574562a4552023-02-07 15:21:01.848root 11241100x8000000000000000718014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f03984364179a972023-02-07 15:21:01.848root 11241100x8000000000000000718021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36408830a691e9762023-02-07 15:21:01.849root 11241100x8000000000000000718020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:01.849{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8570f80d9b4e5422023-02-07 15:21:01.849root 11241100x8000000000000000718023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fabb7dfa22fe8212023-02-07 15:21:02.345root 11241100x8000000000000000718022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843ae855454f70cb2023-02-07 15:21:02.345root 11241100x8000000000000000718034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dc44c6c7ffdb172023-02-07 15:21:02.346root 11241100x8000000000000000718033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be2fceefe5da862023-02-07 15:21:02.346root 11241100x8000000000000000718032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f8dec5a41cb80b2023-02-07 15:21:02.346root 11241100x8000000000000000718031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16887f353ac8bd852023-02-07 15:21:02.346root 11241100x8000000000000000718030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907a0259d21b20052023-02-07 15:21:02.346root 11241100x8000000000000000718029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f29d6838bb751eb2023-02-07 15:21:02.346root 11241100x8000000000000000718028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2f520b8ffd4d6e2023-02-07 15:21:02.346root 11241100x8000000000000000718027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dbdffbb3ab3f0d2023-02-07 15:21:02.346root 11241100x8000000000000000718026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4700ec893f1e662023-02-07 15:21:02.346root 11241100x8000000000000000718025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b948867c32e3d532023-02-07 15:21:02.346root 11241100x8000000000000000718024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397f1546610849492023-02-07 15:21:02.346root 11241100x8000000000000000718035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85644a838a73aa992023-02-07 15:21:02.845root 11241100x8000000000000000718047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294a6c8e63ceb3ca2023-02-07 15:21:02.846root 11241100x8000000000000000718046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c3d04156cbde092023-02-07 15:21:02.846root 11241100x8000000000000000718045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438bc4415136d8da2023-02-07 15:21:02.846root 11241100x8000000000000000718044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063c76da4fce84d22023-02-07 15:21:02.846root 11241100x8000000000000000718043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba54c4aa631d0dab2023-02-07 15:21:02.846root 11241100x8000000000000000718042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234d02dfcf7b37f72023-02-07 15:21:02.846root 11241100x8000000000000000718041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30906b2cfaf616962023-02-07 15:21:02.846root 11241100x8000000000000000718040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f48334d47a55ce2023-02-07 15:21:02.846root 11241100x8000000000000000718039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd14dbfc1876d5a2023-02-07 15:21:02.846root 11241100x8000000000000000718038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac210669ba8f8b72023-02-07 15:21:02.846root 11241100x8000000000000000718037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72b783445b7be582023-02-07 15:21:02.846root 11241100x8000000000000000718036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ff461069029f912023-02-07 15:21:02.846root 354300x8000000000000000718048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.037{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34508-false10.0.1.12-8000- 11241100x8000000000000000718049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde28bfee826a6602023-02-07 15:21:03.345root 11241100x8000000000000000718059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d476a47c79d0e6d92023-02-07 15:21:03.346root 11241100x8000000000000000718058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed4ee0d6b1a62882023-02-07 15:21:03.346root 11241100x8000000000000000718057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7370a0ff5b22b2023-02-07 15:21:03.346root 11241100x8000000000000000718056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545f995e95e01652023-02-07 15:21:03.346root 11241100x8000000000000000718055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83462f421001a1f52023-02-07 15:21:03.346root 11241100x8000000000000000718054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed447f4b6b122e6c2023-02-07 15:21:03.346root 11241100x8000000000000000718053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10390e2f13225db02023-02-07 15:21:03.346root 11241100x8000000000000000718052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b66a1ee99af3db2023-02-07 15:21:03.346root 11241100x8000000000000000718051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01877447153d2b6d2023-02-07 15:21:03.346root 11241100x8000000000000000718050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bfe3ec7e6f49a22023-02-07 15:21:03.346root 11241100x8000000000000000718062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b84db289b3390f2023-02-07 15:21:03.347root 11241100x8000000000000000718061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63728bcd10b62d722023-02-07 15:21:03.347root 11241100x8000000000000000718060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d1f4e1e34df1642023-02-07 15:21:03.347root 11241100x8000000000000000718063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae581dda52408c932023-02-07 15:21:03.845root 11241100x8000000000000000718076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f170123aff6c772023-02-07 15:21:03.846root 11241100x8000000000000000718075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a9c45b049906512023-02-07 15:21:03.846root 11241100x8000000000000000718074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5b5d772c0274bd2023-02-07 15:21:03.846root 11241100x8000000000000000718073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90c2dbe53da01182023-02-07 15:21:03.846root 11241100x8000000000000000718072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a577bacc45f590b2023-02-07 15:21:03.846root 11241100x8000000000000000718071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908789a56989c2592023-02-07 15:21:03.846root 11241100x8000000000000000718070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712fbdfe7dda42362023-02-07 15:21:03.846root 11241100x8000000000000000718069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74867f001d9ebede2023-02-07 15:21:03.846root 11241100x8000000000000000718068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19115435a53109a2023-02-07 15:21:03.846root 11241100x8000000000000000718067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b0b9653e0d197c2023-02-07 15:21:03.846root 11241100x8000000000000000718066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326ae0ad4f87aaf2023-02-07 15:21:03.846root 11241100x8000000000000000718065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66857d9372f5b1772023-02-07 15:21:03.846root 11241100x8000000000000000718064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e2511f5c3840432023-02-07 15:21:03.846root 11241100x8000000000000000718077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ac92a9d6d961122023-02-07 15:21:04.345root 11241100x8000000000000000718086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e43d0c7165a0642023-02-07 15:21:04.346root 11241100x8000000000000000718085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e42ad4137f1c9b32023-02-07 15:21:04.346root 11241100x8000000000000000718084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f54001f875b1512023-02-07 15:21:04.346root 11241100x8000000000000000718083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b4d089181ffd2e2023-02-07 15:21:04.346root 11241100x8000000000000000718082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31444ab9e2c9f402023-02-07 15:21:04.346root 11241100x8000000000000000718081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c35a2d9400c59f32023-02-07 15:21:04.346root 11241100x8000000000000000718080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d769139ce288d92023-02-07 15:21:04.346root 11241100x8000000000000000718079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e9c62a76f169ac2023-02-07 15:21:04.346root 11241100x8000000000000000718078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a35d3c29a9b728e2023-02-07 15:21:04.346root 11241100x8000000000000000718090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a996cdf220256ad42023-02-07 15:21:04.347root 11241100x8000000000000000718089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a1dbc38a0d253e2023-02-07 15:21:04.347root 11241100x8000000000000000718088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a2b03b123a695b2023-02-07 15:21:04.347root 11241100x8000000000000000718087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b57091997ca0a572023-02-07 15:21:04.347root 11241100x8000000000000000718091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193081bcdf07758c2023-02-07 15:21:04.845root 11241100x8000000000000000718101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50163fb17fadabec2023-02-07 15:21:04.846root 11241100x8000000000000000718100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b3be96dd6eeb072023-02-07 15:21:04.846root 11241100x8000000000000000718099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c195aa5aaca09b2023-02-07 15:21:04.846root 11241100x8000000000000000718098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524c432a35e7c7df2023-02-07 15:21:04.846root 11241100x8000000000000000718097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad134a869ef32822023-02-07 15:21:04.846root 11241100x8000000000000000718096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642c5efba66a13422023-02-07 15:21:04.846root 11241100x8000000000000000718095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fd3e398e70a2392023-02-07 15:21:04.846root 11241100x8000000000000000718094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2368378d821336542023-02-07 15:21:04.846root 11241100x8000000000000000718093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0ea633cd10cf252023-02-07 15:21:04.846root 11241100x8000000000000000718092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5649c98ff3a31e072023-02-07 15:21:04.846root 11241100x8000000000000000718104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea31f297dba386102023-02-07 15:21:04.847root 11241100x8000000000000000718103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da28feec05abe46c2023-02-07 15:21:04.847root 11241100x8000000000000000718102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:04.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38191b72b0a65b0e2023-02-07 15:21:04.847root 11241100x8000000000000000718106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3765853917656c4e2023-02-07 15:21:05.345root 11241100x8000000000000000718105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751dd704bcc614852023-02-07 15:21:05.345root 11241100x8000000000000000718118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7202872520c1766b2023-02-07 15:21:05.346root 11241100x8000000000000000718117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d802f3fa37216422023-02-07 15:21:05.346root 11241100x8000000000000000718116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2057c683dc57b222023-02-07 15:21:05.346root 11241100x8000000000000000718115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b447ed2c2877075b2023-02-07 15:21:05.346root 11241100x8000000000000000718114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efc8612cc07e9b32023-02-07 15:21:05.346root 11241100x8000000000000000718113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d0daae4dc6797f2023-02-07 15:21:05.346root 11241100x8000000000000000718112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2519d9441f8f9d2023-02-07 15:21:05.346root 11241100x8000000000000000718111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b7e2584dc63b8b2023-02-07 15:21:05.346root 11241100x8000000000000000718110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c23e2526799ec512023-02-07 15:21:05.346root 11241100x8000000000000000718109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945a4d75e2866c202023-02-07 15:21:05.346root 11241100x8000000000000000718108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a73388d6700bc2023-02-07 15:21:05.346root 11241100x8000000000000000718107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2d54f522b35d082023-02-07 15:21:05.346root 11241100x8000000000000000718131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc20deb461f5b412023-02-07 15:21:05.846root 11241100x8000000000000000718130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802e44580b6f38402023-02-07 15:21:05.846root 11241100x8000000000000000718129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a86e0258808ea8e2023-02-07 15:21:05.846root 11241100x8000000000000000718128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa497061b801dd132023-02-07 15:21:05.846root 11241100x8000000000000000718127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b422f18f0b3ec922023-02-07 15:21:05.846root 11241100x8000000000000000718126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5981ac5f0c679f2023-02-07 15:21:05.846root 11241100x8000000000000000718125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55f531a19500ed62023-02-07 15:21:05.846root 11241100x8000000000000000718124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c58559133ba2ebd2023-02-07 15:21:05.846root 11241100x8000000000000000718123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1922142e88a63a2c2023-02-07 15:21:05.846root 11241100x8000000000000000718122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e712d60d9e16e7b2023-02-07 15:21:05.846root 11241100x8000000000000000718121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c114bf6f7ce86a52023-02-07 15:21:05.846root 11241100x8000000000000000718120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7c1f2ca26ba8af2023-02-07 15:21:05.846root 11241100x8000000000000000718119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ca2e054c3c7982023-02-07 15:21:05.846root 11241100x8000000000000000718132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:05.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfce6db5038d39382023-02-07 15:21:05.847root 11241100x8000000000000000718134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c6a8ce696f228f2023-02-07 15:21:06.345root 11241100x8000000000000000718133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02689921a65b3c8a2023-02-07 15:21:06.345root 11241100x8000000000000000718146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d36a60fa610646d2023-02-07 15:21:06.346root 11241100x8000000000000000718145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20805fbf0bc3d9092023-02-07 15:21:06.346root 11241100x8000000000000000718144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c06c1a089d624722023-02-07 15:21:06.346root 11241100x8000000000000000718143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff77a50db0b105e12023-02-07 15:21:06.346root 11241100x8000000000000000718142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe73ee3a3889c6a2023-02-07 15:21:06.346root 11241100x8000000000000000718141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6c0c2a2f06dfdf2023-02-07 15:21:06.346root 11241100x8000000000000000718140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fb4c37f1443f7d2023-02-07 15:21:06.346root 11241100x8000000000000000718139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e98bdf44e7b1852023-02-07 15:21:06.346root 11241100x8000000000000000718138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e0877a22e8ef4b2023-02-07 15:21:06.346root 11241100x8000000000000000718137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1648c23bf0b443a62023-02-07 15:21:06.346root 11241100x8000000000000000718136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac1f9164d26b4ff2023-02-07 15:21:06.346root 11241100x8000000000000000718135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a95341695d66ed2023-02-07 15:21:06.346root 11241100x8000000000000000718148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abc70e0c5e061c12023-02-07 15:21:06.845root 11241100x8000000000000000718147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e198d2c4d1548652023-02-07 15:21:06.845root 11241100x8000000000000000718160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d910d88242d9e4a2023-02-07 15:21:06.846root 11241100x8000000000000000718159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b7742b406152842023-02-07 15:21:06.846root 11241100x8000000000000000718158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaea0493fc447c12023-02-07 15:21:06.846root 11241100x8000000000000000718157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a87a2e0488214d2023-02-07 15:21:06.846root 11241100x8000000000000000718156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471f23db48e8aaa2023-02-07 15:21:06.846root 11241100x8000000000000000718155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6998ec89ba16582023-02-07 15:21:06.846root 11241100x8000000000000000718154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae25e327785ea5212023-02-07 15:21:06.846root 11241100x8000000000000000718153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a489adfd51f119a42023-02-07 15:21:06.846root 11241100x8000000000000000718152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e804ee0e59ab04fc2023-02-07 15:21:06.846root 11241100x8000000000000000718151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a60ad48f8caaac2023-02-07 15:21:06.846root 11241100x8000000000000000718150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffccd189468c21c2023-02-07 15:21:06.846root 11241100x8000000000000000718149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:06.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec2a9acc9a829fc2023-02-07 15:21:06.846root 11241100x8000000000000000718161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e564430a135b93522023-02-07 15:21:07.345root 11241100x8000000000000000718171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68e29befb589e052023-02-07 15:21:07.346root 11241100x8000000000000000718170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2ee0658b2cadac2023-02-07 15:21:07.346root 11241100x8000000000000000718169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8c30a816c990b82023-02-07 15:21:07.346root 11241100x8000000000000000718168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d4a184f8e999b82023-02-07 15:21:07.346root 11241100x8000000000000000718167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa9686c8ff5cc42023-02-07 15:21:07.346root 11241100x8000000000000000718166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c75ecac92ced0a52023-02-07 15:21:07.346root 11241100x8000000000000000718165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035e47245d323ece2023-02-07 15:21:07.346root 11241100x8000000000000000718164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729aaace13c7c242023-02-07 15:21:07.346root 11241100x8000000000000000718163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786df8982a2492c22023-02-07 15:21:07.346root 11241100x8000000000000000718162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f22bfbbce265d02023-02-07 15:21:07.346root 11241100x8000000000000000718174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68e6e571ee4e5f62023-02-07 15:21:07.347root 11241100x8000000000000000718173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97a8bf047c9b66d2023-02-07 15:21:07.347root 11241100x8000000000000000718172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fc4c0188a2cddd2023-02-07 15:21:07.347root 11241100x8000000000000000718176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab893b24ec340772023-02-07 15:21:07.845root 11241100x8000000000000000718175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f97ab8deb808d622023-02-07 15:21:07.845root 11241100x8000000000000000718185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a56180a2deddced2023-02-07 15:21:07.846root 11241100x8000000000000000718184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b38af408c23aced2023-02-07 15:21:07.846root 11241100x8000000000000000718183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7d5e328d4cc6ce2023-02-07 15:21:07.846root 11241100x8000000000000000718182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac375bec36cc9f12023-02-07 15:21:07.846root 11241100x8000000000000000718181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654a3d0ac9b5d01e2023-02-07 15:21:07.846root 11241100x8000000000000000718180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39a75f8d9c4cbb72023-02-07 15:21:07.846root 11241100x8000000000000000718179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc34393922576652023-02-07 15:21:07.846root 11241100x8000000000000000718178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b005af26247926372023-02-07 15:21:07.846root 11241100x8000000000000000718177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487aa1694e228ea62023-02-07 15:21:07.846root 11241100x8000000000000000718188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafc7f9698462c342023-02-07 15:21:07.847root 11241100x8000000000000000718187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea61e6d56929a88f2023-02-07 15:21:07.847root 11241100x8000000000000000718186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:07.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d18fe63f16780702023-02-07 15:21:07.847root 354300x8000000000000000718189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.207{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56914-false10.0.1.12-8000- 11241100x8000000000000000718193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.208{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c3c3a1f58698512023-02-07 15:21:08.208root 11241100x8000000000000000718192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.208{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e39ec737fbfa212023-02-07 15:21:08.208root 11241100x8000000000000000718191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.208{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca07437e6cf782d2023-02-07 15:21:08.208root 11241100x8000000000000000718190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.208{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a496e217c4da1b72023-02-07 15:21:08.208root 11241100x8000000000000000718202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b5210afe4db9fb2023-02-07 15:21:08.209root 11241100x8000000000000000718201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e13fb6df637e8dc2023-02-07 15:21:08.209root 11241100x8000000000000000718200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfa710c165a8d622023-02-07 15:21:08.209root 11241100x8000000000000000718199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df03801efb29e4bb2023-02-07 15:21:08.209root 11241100x8000000000000000718198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30208230456a55c82023-02-07 15:21:08.209root 11241100x8000000000000000718197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbc733635c9016b2023-02-07 15:21:08.209root 11241100x8000000000000000718196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac98c9713127b9ab2023-02-07 15:21:08.209root 11241100x8000000000000000718195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0b8d6c1fcdecb2023-02-07 15:21:08.209root 11241100x8000000000000000718194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.209{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184edac03367043f2023-02-07 15:21:08.209root 11241100x8000000000000000718204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.210{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5e47e242f0fd242023-02-07 15:21:08.210root 11241100x8000000000000000718203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.210{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f838de6d9a4a2e42023-02-07 15:21:08.210root 11241100x8000000000000000718208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7839ee231e7995b72023-02-07 15:21:08.595root 11241100x8000000000000000718207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6f4ae49a1c77902023-02-07 15:21:08.595root 11241100x8000000000000000718206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4319d82a9978840f2023-02-07 15:21:08.595root 11241100x8000000000000000718205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8904ff493eddacfc2023-02-07 15:21:08.595root 11241100x8000000000000000718215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfd6b71d8ead6ed2023-02-07 15:21:08.596root 11241100x8000000000000000718214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496e8ef3c33e1c02023-02-07 15:21:08.596root 11241100x8000000000000000718213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae241383299081292023-02-07 15:21:08.596root 11241100x8000000000000000718212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e945cb79fd22478c2023-02-07 15:21:08.596root 11241100x8000000000000000718211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0507ffd7ba8e402023-02-07 15:21:08.596root 11241100x8000000000000000718210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf05e0d3982f42432023-02-07 15:21:08.596root 11241100x8000000000000000718209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9265e55c368abe2023-02-07 15:21:08.596root 11241100x8000000000000000718219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0233311572cc44c2023-02-07 15:21:08.597root 11241100x8000000000000000718218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85de49b4a0d85b172023-02-07 15:21:08.597root 11241100x8000000000000000718217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef86ad68c9ae2962023-02-07 15:21:08.597root 11241100x8000000000000000718216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181d3ed8619ce8eb2023-02-07 15:21:08.597root 11241100x8000000000000000718222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4712489b3ca44d692023-02-07 15:21:09.095root 11241100x8000000000000000718221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdbe3b3286f82832023-02-07 15:21:09.095root 11241100x8000000000000000718220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b069bb3b40d611072023-02-07 15:21:09.095root 11241100x8000000000000000718224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7572d9801812f12023-02-07 15:21:09.096root 11241100x8000000000000000718223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c246be2ca7bf7d2023-02-07 15:21:09.096root 11241100x8000000000000000718225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf689c65a4797192023-02-07 15:21:09.097root 11241100x8000000000000000718228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13eea3691d6cebb2023-02-07 15:21:09.098root 11241100x8000000000000000718227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36f6fad1c366ffa2023-02-07 15:21:09.098root 11241100x8000000000000000718226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110df5f0aae0be732023-02-07 15:21:09.098root 11241100x8000000000000000718232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede96620ced656362023-02-07 15:21:09.099root 11241100x8000000000000000718231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d08cb9533118492023-02-07 15:21:09.099root 11241100x8000000000000000718230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee08186d92165f42023-02-07 15:21:09.099root 11241100x8000000000000000718229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b628f4fb6f1ec00a2023-02-07 15:21:09.099root 11241100x8000000000000000718234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f036bda397c7df2023-02-07 15:21:09.100root 11241100x8000000000000000718233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95fe241f17fd1432023-02-07 15:21:09.100root 11241100x8000000000000000718236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fa43d6e9598c8c2023-02-07 15:21:09.595root 11241100x8000000000000000718235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71f6308d0cceb512023-02-07 15:21:09.595root 11241100x8000000000000000718240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e672dbc7dece732023-02-07 15:21:09.596root 11241100x8000000000000000718239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c4fedcb64d2b5c2023-02-07 15:21:09.596root 11241100x8000000000000000718238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b64299903f90522023-02-07 15:21:09.596root 11241100x8000000000000000718237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c424cd0efa679e272023-02-07 15:21:09.596root 11241100x8000000000000000718246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354f4c876006e5872023-02-07 15:21:09.597root 11241100x8000000000000000718245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740a5505a488d93d2023-02-07 15:21:09.597root 11241100x8000000000000000718244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1b291852e4536b2023-02-07 15:21:09.597root 11241100x8000000000000000718243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5dd667fba6b2052023-02-07 15:21:09.597root 11241100x8000000000000000718242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dc3b40b9be7dbc2023-02-07 15:21:09.597root 11241100x8000000000000000718241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2454f2ee6f0a9d2023-02-07 15:21:09.597root 11241100x8000000000000000718249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83656175784561482023-02-07 15:21:09.598root 11241100x8000000000000000718248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dfddf6f8cfc0512023-02-07 15:21:09.598root 11241100x8000000000000000718247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f2489152392df2023-02-07 15:21:09.598root 11241100x8000000000000000718251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0396cbc44fd5caad2023-02-07 15:21:10.095root 11241100x8000000000000000718250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daa21431c59f06d2023-02-07 15:21:10.095root 11241100x8000000000000000718254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46b8013e61ea92d2023-02-07 15:21:10.096root 11241100x8000000000000000718253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a244c1e311b6ad2023-02-07 15:21:10.096root 11241100x8000000000000000718252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27f354cc32a3e8c2023-02-07 15:21:10.096root 11241100x8000000000000000718260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169985b7434008442023-02-07 15:21:10.097root 11241100x8000000000000000718259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736b4c52e20821dc2023-02-07 15:21:10.097root 11241100x8000000000000000718258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7b57a34dee2fbf2023-02-07 15:21:10.097root 11241100x8000000000000000718257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b94bc27d44d38c62023-02-07 15:21:10.097root 11241100x8000000000000000718256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be009a0f359a7c02023-02-07 15:21:10.097root 11241100x8000000000000000718255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eecb601f87195be2023-02-07 15:21:10.097root 11241100x8000000000000000718264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3222c641f62b562023-02-07 15:21:10.098root 11241100x8000000000000000718263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16d6cc2df72ac9a2023-02-07 15:21:10.098root 11241100x8000000000000000718262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0880663d4982c7052023-02-07 15:21:10.098root 11241100x8000000000000000718261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5276a2aedaf8cc2023-02-07 15:21:10.098root 11241100x8000000000000000718266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4837fd796203b292023-02-07 15:21:10.595root 11241100x8000000000000000718265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2dadd5694d631e2023-02-07 15:21:10.595root 11241100x8000000000000000718270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42df9174877ead92023-02-07 15:21:10.596root 11241100x8000000000000000718269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cc8e12b23976652023-02-07 15:21:10.596root 11241100x8000000000000000718268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4470c05258dad52023-02-07 15:21:10.596root 11241100x8000000000000000718267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfaa0b44680d3f32023-02-07 15:21:10.596root 11241100x8000000000000000718274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66522cfc9df2f4632023-02-07 15:21:10.597root 11241100x8000000000000000718273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8352471a93a2ecbb2023-02-07 15:21:10.597root 11241100x8000000000000000718272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e75752462085f1c2023-02-07 15:21:10.597root 11241100x8000000000000000718271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7d4f82c4e66d112023-02-07 15:21:10.597root 11241100x8000000000000000718278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a897a448fc2a85a2023-02-07 15:21:10.598root 11241100x8000000000000000718277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0adbf61a1d43c632023-02-07 15:21:10.598root 11241100x8000000000000000718276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20470d9d8a9c54832023-02-07 15:21:10.598root 11241100x8000000000000000718275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df8fcd2f06e05c02023-02-07 15:21:10.598root 11241100x8000000000000000718279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:10.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6fa4f4692999072023-02-07 15:21:10.599root 11241100x8000000000000000718281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f35aaafb91f7cb2023-02-07 15:21:11.095root 11241100x8000000000000000718280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b92eaa953482e6d2023-02-07 15:21:11.095root 11241100x8000000000000000718288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df886ef563c4c81b2023-02-07 15:21:11.096root 11241100x8000000000000000718287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34877e559739dc732023-02-07 15:21:11.096root 11241100x8000000000000000718286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985298088b28a6ca2023-02-07 15:21:11.096root 11241100x8000000000000000718285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a1bb2aea7ac7592023-02-07 15:21:11.096root 11241100x8000000000000000718284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac9e1c83286c2a72023-02-07 15:21:11.096root 11241100x8000000000000000718283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0489bad69bca5b2023-02-07 15:21:11.096root 11241100x8000000000000000718282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cd90855c244cc92023-02-07 15:21:11.096root 11241100x8000000000000000718294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697a5c28f9f3a15d2023-02-07 15:21:11.097root 11241100x8000000000000000718293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9416ac36125aea2023-02-07 15:21:11.097root 11241100x8000000000000000718292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6628a499aac49f2023-02-07 15:21:11.097root 11241100x8000000000000000718291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9eaae3381d9b752023-02-07 15:21:11.097root 11241100x8000000000000000718290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8660fc6ec97386d42023-02-07 15:21:11.097root 11241100x8000000000000000718289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b42cccfd63a92e82023-02-07 15:21:11.097root 11241100x8000000000000000718298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fda060f612ada92023-02-07 15:21:11.595root 11241100x8000000000000000718297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb827af11c8212632023-02-07 15:21:11.595root 11241100x8000000000000000718296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5b13fbd6c5f32a2023-02-07 15:21:11.595root 11241100x8000000000000000718295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697fa64cd2a4351f2023-02-07 15:21:11.595root 11241100x8000000000000000718305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0777c57bbc6dae802023-02-07 15:21:11.596root 11241100x8000000000000000718304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a5ea5bd146c5932023-02-07 15:21:11.596root 11241100x8000000000000000718303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912d9aa6eeacc0552023-02-07 15:21:11.596root 11241100x8000000000000000718302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9993a2c6645df2c2023-02-07 15:21:11.596root 11241100x8000000000000000718301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31787f7385de00472023-02-07 15:21:11.596root 11241100x8000000000000000718300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9d51ab07f9904c2023-02-07 15:21:11.596root 11241100x8000000000000000718299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c159a3f62e60d84f2023-02-07 15:21:11.596root 11241100x8000000000000000718309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26ff53a3c57b1302023-02-07 15:21:11.597root 11241100x8000000000000000718308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba00b46441fe5ab42023-02-07 15:21:11.597root 11241100x8000000000000000718307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899799e1fb78529d2023-02-07 15:21:11.597root 11241100x8000000000000000718306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:11.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fd1c796641e0d42023-02-07 15:21:11.597root 11241100x8000000000000000718313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cdd9a6c23dfc162023-02-07 15:21:12.095root 11241100x8000000000000000718312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bad20bb402fbf7e2023-02-07 15:21:12.095root 11241100x8000000000000000718311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7442d5d511ad7d2023-02-07 15:21:12.095root 11241100x8000000000000000718310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8320b70fe0e7f6db2023-02-07 15:21:12.095root 11241100x8000000000000000718319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc809946227204fa2023-02-07 15:21:12.096root 11241100x8000000000000000718318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476f6394c2f12add2023-02-07 15:21:12.096root 11241100x8000000000000000718317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add5a3eb7e3679952023-02-07 15:21:12.096root 11241100x8000000000000000718316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4850db1df4bf5afc2023-02-07 15:21:12.096root 11241100x8000000000000000718315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f04176c2f3f53ea2023-02-07 15:21:12.096root 11241100x8000000000000000718314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865564aa195faa882023-02-07 15:21:12.096root 11241100x8000000000000000718324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70e98cb0dce587a2023-02-07 15:21:12.097root 11241100x8000000000000000718323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e245e5651737df12023-02-07 15:21:12.097root 11241100x8000000000000000718322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cd861921db840e2023-02-07 15:21:12.097root 11241100x8000000000000000718321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514fd2923e4113182023-02-07 15:21:12.097root 11241100x8000000000000000718320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678f5a844698ef2a2023-02-07 15:21:12.097root 11241100x8000000000000000718328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347d7acd2a51aab62023-02-07 15:21:12.595root 11241100x8000000000000000718327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b38a11093808ef2023-02-07 15:21:12.595root 11241100x8000000000000000718326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2517ab23499fc42023-02-07 15:21:12.595root 11241100x8000000000000000718325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7184294dd3161df2023-02-07 15:21:12.595root 11241100x8000000000000000718336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf75628e0654332023-02-07 15:21:12.596root 11241100x8000000000000000718335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d2233addc71b82023-02-07 15:21:12.596root 11241100x8000000000000000718334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e565983bfc61ebaa2023-02-07 15:21:12.596root 11241100x8000000000000000718333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf98b7bb1c0ac492023-02-07 15:21:12.596root 11241100x8000000000000000718332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e63e08c36521bee2023-02-07 15:21:12.596root 11241100x8000000000000000718331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd3a1f0b37836062023-02-07 15:21:12.596root 11241100x8000000000000000718330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d16c77d7acd9902023-02-07 15:21:12.596root 11241100x8000000000000000718329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90f0ff6366e4dfb2023-02-07 15:21:12.596root 11241100x8000000000000000718339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3fcf60f8bd74d32023-02-07 15:21:12.597root 11241100x8000000000000000718338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9897a8e2f450032023-02-07 15:21:12.597root 11241100x8000000000000000718337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:12.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e5d4aefb3730c02023-02-07 15:21:12.597root 11241100x8000000000000000718348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133c5572ba1565a22023-02-07 15:21:13.096root 11241100x8000000000000000718347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c57a0c83be972ac2023-02-07 15:21:13.096root 11241100x8000000000000000718346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9fcfa9cbcca4252023-02-07 15:21:13.096root 11241100x8000000000000000718345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965e5202a71cec972023-02-07 15:21:13.096root 11241100x8000000000000000718344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a305725cf17ab5542023-02-07 15:21:13.096root 11241100x8000000000000000718343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15b713fcec7c1382023-02-07 15:21:13.096root 11241100x8000000000000000718342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ccfa4d90d35be2023-02-07 15:21:13.096root 11241100x8000000000000000718341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c23b33412d33582023-02-07 15:21:13.096root 11241100x8000000000000000718340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf049a08f8329432023-02-07 15:21:13.096root 11241100x8000000000000000718354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d6658a9eaae8cf2023-02-07 15:21:13.097root 11241100x8000000000000000718353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433e06a09f5587d02023-02-07 15:21:13.097root 11241100x8000000000000000718352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1ffe60968690de2023-02-07 15:21:13.097root 11241100x8000000000000000718351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac17b3d978b09d5a2023-02-07 15:21:13.097root 11241100x8000000000000000718350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074e686aa9b28f742023-02-07 15:21:13.097root 11241100x8000000000000000718349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ec3a36923e7f62023-02-07 15:21:13.097root 11241100x8000000000000000718359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600b8a0fa09fc7642023-02-07 15:21:13.595root 11241100x8000000000000000718358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604e380afc53b0482023-02-07 15:21:13.595root 11241100x8000000000000000718357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1dce3915960f082023-02-07 15:21:13.595root 11241100x8000000000000000718356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1989d229e4d89aa2023-02-07 15:21:13.595root 11241100x8000000000000000718355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e2c61d52a9a80d2023-02-07 15:21:13.595root 11241100x8000000000000000718366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8714c55f0b2d4a2023-02-07 15:21:13.596root 11241100x8000000000000000718365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61423174269e5362023-02-07 15:21:13.596root 11241100x8000000000000000718364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbc2040454f80402023-02-07 15:21:13.596root 11241100x8000000000000000718363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef27a310eb9ae162023-02-07 15:21:13.596root 11241100x8000000000000000718362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4027b45e5162170e2023-02-07 15:21:13.596root 11241100x8000000000000000718361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d544da8b22bcfbfa2023-02-07 15:21:13.596root 11241100x8000000000000000718360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b000f8e20542ef32023-02-07 15:21:13.596root 11241100x8000000000000000718369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54f5b68df6a85ea2023-02-07 15:21:13.597root 11241100x8000000000000000718368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641bfd73c86bcfc2023-02-07 15:21:13.597root 11241100x8000000000000000718367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:13.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af27d469bb0db11a2023-02-07 15:21:13.597root 354300x8000000000000000718370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.025{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56928-false10.0.1.12-8000- 11241100x8000000000000000718378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79eaaf67233b7302023-02-07 15:21:14.026root 11241100x8000000000000000718377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cd782802897b462023-02-07 15:21:14.026root 11241100x8000000000000000718376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a315519a7a19ff2023-02-07 15:21:14.026root 11241100x8000000000000000718375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bffe2c4226c0892023-02-07 15:21:14.026root 11241100x8000000000000000718374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a038885e291dcd02023-02-07 15:21:14.026root 11241100x8000000000000000718373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6d6fd19e3d877a2023-02-07 15:21:14.026root 11241100x8000000000000000718372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105ee37b6128dd782023-02-07 15:21:14.026root 11241100x8000000000000000718371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.026{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd031307cb6cb1a2023-02-07 15:21:14.026root 11241100x8000000000000000718386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668f5353d61741982023-02-07 15:21:14.027root 11241100x8000000000000000718385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469b810dda54ca772023-02-07 15:21:14.027root 11241100x8000000000000000718384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4d9ecdb6be46072023-02-07 15:21:14.027root 11241100x8000000000000000718383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73909b1722a6e3c12023-02-07 15:21:14.027root 11241100x8000000000000000718382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c94091e99eff192023-02-07 15:21:14.027root 11241100x8000000000000000718381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69da08ec5ebcc1772023-02-07 15:21:14.027root 11241100x8000000000000000718380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7facc719bcd9b8d2023-02-07 15:21:14.027root 11241100x8000000000000000718379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.027{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90907100d1621af2023-02-07 15:21:14.027root 11241100x8000000000000000718394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378632b9b1b453762023-02-07 15:21:14.346root 11241100x8000000000000000718393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e832e18a40e9998b2023-02-07 15:21:14.346root 11241100x8000000000000000718392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cab739184c69782023-02-07 15:21:14.346root 11241100x8000000000000000718391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a7cdd3a97307292023-02-07 15:21:14.346root 11241100x8000000000000000718390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ac2e940d48e732023-02-07 15:21:14.346root 11241100x8000000000000000718389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfde9d7890be7162023-02-07 15:21:14.346root 11241100x8000000000000000718388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b1fd6aea4f5d402023-02-07 15:21:14.346root 11241100x8000000000000000718387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f97d547aa771282023-02-07 15:21:14.346root 11241100x8000000000000000718402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42307cb6d76644612023-02-07 15:21:14.347root 11241100x8000000000000000718401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac47fd6d77870cc2023-02-07 15:21:14.347root 11241100x8000000000000000718400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f7858a80a0bdc62023-02-07 15:21:14.347root 11241100x8000000000000000718399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6e52e2bbb1e7362023-02-07 15:21:14.347root 11241100x8000000000000000718398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aed24a8de1508912023-02-07 15:21:14.347root 11241100x8000000000000000718397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6211646ce08032552023-02-07 15:21:14.347root 11241100x8000000000000000718396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65ec6d6205ac2f92023-02-07 15:21:14.347root 11241100x8000000000000000718395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b404075dff72bd3f2023-02-07 15:21:14.347root 354300x8000000000000000718403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.590{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-56836-false10.0.1.12-8089- 11241100x8000000000000000718404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903a66c7dc604a692023-02-07 15:21:14.845root 11241100x8000000000000000718412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae343bc97486b472023-02-07 15:21:14.846root 11241100x8000000000000000718411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d97e10d6e4ac172023-02-07 15:21:14.846root 11241100x8000000000000000718410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e867c2ca88417982023-02-07 15:21:14.846root 11241100x8000000000000000718409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82587cc4b2c785372023-02-07 15:21:14.846root 11241100x8000000000000000718408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5790415b072ddd2023-02-07 15:21:14.846root 11241100x8000000000000000718407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900f43a7d072a2f42023-02-07 15:21:14.846root 11241100x8000000000000000718406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4532a71f87389f62023-02-07 15:21:14.846root 11241100x8000000000000000718405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b076b9944b05a42023-02-07 15:21:14.846root 11241100x8000000000000000718418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f4f981955a61a12023-02-07 15:21:14.847root 11241100x8000000000000000718417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09142f990a761e72023-02-07 15:21:14.847root 11241100x8000000000000000718416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d1ea05cd3bcfd2023-02-07 15:21:14.847root 11241100x8000000000000000718415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb9a67c23c70ce02023-02-07 15:21:14.847root 11241100x8000000000000000718414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4cae02fc3993d82023-02-07 15:21:14.847root 11241100x8000000000000000718413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec92d0b90263e9eb2023-02-07 15:21:14.847root 11241100x8000000000000000718420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc31206e9eb961ad2023-02-07 15:21:14.848root 11241100x8000000000000000718419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:14.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b7c18f9694d93d2023-02-07 15:21:14.848root 11241100x8000000000000000718429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab757757ccb5c132023-02-07 15:21:15.346root 11241100x8000000000000000718428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde6a307f20e90bb2023-02-07 15:21:15.346root 11241100x8000000000000000718427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe68a001fcc49f22023-02-07 15:21:15.346root 11241100x8000000000000000718426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e9aa35bd37b35f2023-02-07 15:21:15.346root 11241100x8000000000000000718425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea168de7c4a100c2023-02-07 15:21:15.346root 11241100x8000000000000000718424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dcbf9c34085a932023-02-07 15:21:15.346root 11241100x8000000000000000718423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510ee31ca116a14f2023-02-07 15:21:15.346root 11241100x8000000000000000718422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb390fb1fc018f32023-02-07 15:21:15.346root 11241100x8000000000000000718421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61092112ffe576a72023-02-07 15:21:15.346root 11241100x8000000000000000718433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba78da164f88c5322023-02-07 15:21:15.347root 11241100x8000000000000000718432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed34afc838b0626e2023-02-07 15:21:15.347root 11241100x8000000000000000718431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d7acae2616876a2023-02-07 15:21:15.347root 11241100x8000000000000000718430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942023b9b5bc55562023-02-07 15:21:15.347root 11241100x8000000000000000718437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacbf527797cb6932023-02-07 15:21:15.348root 11241100x8000000000000000718436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d287bf839709462023-02-07 15:21:15.348root 11241100x8000000000000000718435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31813d637a0a2ac32023-02-07 15:21:15.348root 11241100x8000000000000000718434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee092ff616135262023-02-07 15:21:15.348root 11241100x8000000000000000718438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e131bbae6d4d122023-02-07 15:21:15.845root 11241100x8000000000000000718446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7699241cbdd4d32023-02-07 15:21:15.846root 11241100x8000000000000000718445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e7132dc49296ba2023-02-07 15:21:15.846root 11241100x8000000000000000718444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4a2e8f2ed537732023-02-07 15:21:15.846root 11241100x8000000000000000718443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1bf4ab9ce24a492023-02-07 15:21:15.846root 11241100x8000000000000000718442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d382b3dcb78dbce2023-02-07 15:21:15.846root 11241100x8000000000000000718441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf430fd2c6c951c2023-02-07 15:21:15.846root 11241100x8000000000000000718440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0cc0793278c9992023-02-07 15:21:15.846root 11241100x8000000000000000718439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aff3891cf4930082023-02-07 15:21:15.846root 11241100x8000000000000000718452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b632e2a8d079d9f2023-02-07 15:21:15.847root 11241100x8000000000000000718451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edddda070d2d2322023-02-07 15:21:15.847root 11241100x8000000000000000718450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b896385214f96d2023-02-07 15:21:15.847root 11241100x8000000000000000718449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6647d5906e468f92023-02-07 15:21:15.847root 11241100x8000000000000000718448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838f72efa754fafd2023-02-07 15:21:15.847root 11241100x8000000000000000718447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fdfe916bb9c5132023-02-07 15:21:15.847root 11241100x8000000000000000718454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de28c4be50c6f8f2023-02-07 15:21:15.848root 11241100x8000000000000000718453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30bcce6a41b6ede2023-02-07 15:21:15.848root 11241100x8000000000000000718463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5a8e473bd926d42023-02-07 15:21:16.346root 11241100x8000000000000000718462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257ee17c3397a1822023-02-07 15:21:16.346root 11241100x8000000000000000718461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8932f1076c0e6aa52023-02-07 15:21:16.346root 11241100x8000000000000000718460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee94e0176adced32023-02-07 15:21:16.346root 11241100x8000000000000000718459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdf961613865dec2023-02-07 15:21:16.346root 11241100x8000000000000000718458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7f37dabea546452023-02-07 15:21:16.346root 11241100x8000000000000000718457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4819df2445cc3f7d2023-02-07 15:21:16.346root 11241100x8000000000000000718456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615683e33ecc24862023-02-07 15:21:16.346root 11241100x8000000000000000718455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4a7bc37609b2b92023-02-07 15:21:16.346root 11241100x8000000000000000718471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a73578764b045d2023-02-07 15:21:16.347root 11241100x8000000000000000718470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7469fedfea1ff32023-02-07 15:21:16.347root 11241100x8000000000000000718469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18e10c08090633e2023-02-07 15:21:16.347root 11241100x8000000000000000718468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f031aa06753ebf2023-02-07 15:21:16.347root 11241100x8000000000000000718467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91191627163440b2023-02-07 15:21:16.347root 11241100x8000000000000000718466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2017d1845b7e12862023-02-07 15:21:16.347root 11241100x8000000000000000718465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dd6d9f22d2e3832023-02-07 15:21:16.347root 11241100x8000000000000000718464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98352c8edb4ec93d2023-02-07 15:21:16.347root 11241100x8000000000000000718483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eea2925862fccc2023-02-07 15:21:16.846root 11241100x8000000000000000718482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823111736a110bfb2023-02-07 15:21:16.846root 11241100x8000000000000000718481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09574d5d09e620e2023-02-07 15:21:16.846root 11241100x8000000000000000718480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7b00c43a02dc352023-02-07 15:21:16.846root 11241100x8000000000000000718479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303178db949d380e2023-02-07 15:21:16.846root 11241100x8000000000000000718478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d2dbac91799de32023-02-07 15:21:16.846root 11241100x8000000000000000718477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6005c034c9833db2023-02-07 15:21:16.846root 11241100x8000000000000000718476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5230b953e561e7442023-02-07 15:21:16.846root 11241100x8000000000000000718475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea17dcc8e13fef02023-02-07 15:21:16.846root 11241100x8000000000000000718474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37320851762e3fae2023-02-07 15:21:16.846root 11241100x8000000000000000718473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1812f7556e087c42023-02-07 15:21:16.846root 11241100x8000000000000000718472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aeffa12a237e3012023-02-07 15:21:16.846root 11241100x8000000000000000718488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85487fef096d9902023-02-07 15:21:16.847root 11241100x8000000000000000718487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973856b795f217002023-02-07 15:21:16.847root 11241100x8000000000000000718486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f698423922a53592023-02-07 15:21:16.847root 11241100x8000000000000000718485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc23c5f8fb14a4d12023-02-07 15:21:16.847root 11241100x8000000000000000718484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e8c05f472e5c9c2023-02-07 15:21:16.847root 11241100x8000000000000000718489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fbb26e0eb5594e2023-02-07 15:21:17.345root 11241100x8000000000000000718497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcdfe4d866d18852023-02-07 15:21:17.346root 11241100x8000000000000000718496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2ca7d166c4723d2023-02-07 15:21:17.346root 11241100x8000000000000000718495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099db374a7c586912023-02-07 15:21:17.346root 11241100x8000000000000000718494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e2dd6a0bc451252023-02-07 15:21:17.346root 11241100x8000000000000000718493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a35cd9e380828452023-02-07 15:21:17.346root 11241100x8000000000000000718492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872b0cc1d43f1c852023-02-07 15:21:17.346root 11241100x8000000000000000718491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1cb168851bdecf2023-02-07 15:21:17.346root 11241100x8000000000000000718490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db68c893ef59a02023-02-07 15:21:17.346root 11241100x8000000000000000718505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9f72a54fe9f8952023-02-07 15:21:17.347root 11241100x8000000000000000718504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad11265b669dcc92023-02-07 15:21:17.347root 11241100x8000000000000000718503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18982072984e263f2023-02-07 15:21:17.347root 11241100x8000000000000000718502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0ea5f1af0804a42023-02-07 15:21:17.347root 11241100x8000000000000000718501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f389165d1ded68472023-02-07 15:21:17.347root 11241100x8000000000000000718500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05e7910ce6287f62023-02-07 15:21:17.347root 11241100x8000000000000000718499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012f22b23c02e8952023-02-07 15:21:17.347root 11241100x8000000000000000718498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85529b2c3b582e0c2023-02-07 15:21:17.347root 11241100x8000000000000000718506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142ce3217b63663c2023-02-07 15:21:17.845root 11241100x8000000000000000718519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533b809f2c470cb2023-02-07 15:21:17.846root 11241100x8000000000000000718518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ff5fbe662ec8fc2023-02-07 15:21:17.846root 11241100x8000000000000000718517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afc853bd4870b922023-02-07 15:21:17.846root 11241100x8000000000000000718516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2f33b85126d98c2023-02-07 15:21:17.846root 11241100x8000000000000000718515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec5bce5841848b92023-02-07 15:21:17.846root 11241100x8000000000000000718514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88b86676d36aafc2023-02-07 15:21:17.846root 11241100x8000000000000000718513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94897e4f59dbd4f92023-02-07 15:21:17.846root 11241100x8000000000000000718512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2129c9ffd99ed432023-02-07 15:21:17.846root 11241100x8000000000000000718511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9542325ecdd604532023-02-07 15:21:17.846root 11241100x8000000000000000718510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d906735a6c9f5082023-02-07 15:21:17.846root 11241100x8000000000000000718509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a56f56b6c5f36852023-02-07 15:21:17.846root 11241100x8000000000000000718508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c30a46ed9e343f32023-02-07 15:21:17.846root 11241100x8000000000000000718507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6722c13ca19761aa2023-02-07 15:21:17.846root 11241100x8000000000000000718522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4409521e39368c2023-02-07 15:21:17.847root 11241100x8000000000000000718521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581e0e81ac92883a2023-02-07 15:21:17.847root 11241100x8000000000000000718520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c072c3d61767e9042023-02-07 15:21:17.847root 11241100x8000000000000000718523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79a91880f3b3c1c2023-02-07 15:21:18.345root 11241100x8000000000000000718535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5b3980f9af181b2023-02-07 15:21:18.346root 11241100x8000000000000000718534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86806329bfb86e852023-02-07 15:21:18.346root 11241100x8000000000000000718533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ce8cd3ed29ad02023-02-07 15:21:18.346root 11241100x8000000000000000718532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccb5563828889fd2023-02-07 15:21:18.346root 11241100x8000000000000000718531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4382185c89d4db12023-02-07 15:21:18.346root 11241100x8000000000000000718530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba96b96340fe90732023-02-07 15:21:18.346root 11241100x8000000000000000718529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b4103d68b7eab2023-02-07 15:21:18.346root 11241100x8000000000000000718528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a141ba3d37cc5e62023-02-07 15:21:18.346root 11241100x8000000000000000718527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f833f5f8d98ce812023-02-07 15:21:18.346root 11241100x8000000000000000718526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f2c260f3ea8b0d2023-02-07 15:21:18.346root 11241100x8000000000000000718525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8452d6efd518a52023-02-07 15:21:18.346root 11241100x8000000000000000718524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85930da7f69025012023-02-07 15:21:18.346root 11241100x8000000000000000718539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b21f08b22c83d2023-02-07 15:21:18.347root 11241100x8000000000000000718538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118a133a4114348e2023-02-07 15:21:18.347root 11241100x8000000000000000718537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944ef90710d42f2c2023-02-07 15:21:18.347root 11241100x8000000000000000718536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e3b446bb5896032023-02-07 15:21:18.347root 11241100x8000000000000000718553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11957f50d208250c2023-02-07 15:21:18.846root 11241100x8000000000000000718552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5604aa0d90582ee2023-02-07 15:21:18.846root 11241100x8000000000000000718551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028a8dbe6090f4292023-02-07 15:21:18.846root 11241100x8000000000000000718550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19f4c8134b10a7b2023-02-07 15:21:18.846root 11241100x8000000000000000718549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66009210872e9ce02023-02-07 15:21:18.846root 11241100x8000000000000000718548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e79b4c77f4f0c32023-02-07 15:21:18.846root 11241100x8000000000000000718547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ee95c3b60011622023-02-07 15:21:18.846root 11241100x8000000000000000718546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e54d36ee2412ae72023-02-07 15:21:18.846root 11241100x8000000000000000718545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aade010bfe9e6b02023-02-07 15:21:18.846root 11241100x8000000000000000718544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27006df01d59df062023-02-07 15:21:18.846root 11241100x8000000000000000718543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd1f83309efc17f2023-02-07 15:21:18.846root 11241100x8000000000000000718542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8d2838ef78e3792023-02-07 15:21:18.846root 11241100x8000000000000000718541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e0b8849b2f76332023-02-07 15:21:18.846root 11241100x8000000000000000718540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0478334302ac6452023-02-07 15:21:18.846root 11241100x8000000000000000718556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c92d07b8ba3c832023-02-07 15:21:18.847root 11241100x8000000000000000718555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee1e60cc715b9442023-02-07 15:21:18.847root 11241100x8000000000000000718554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f71232609712d392023-02-07 15:21:18.847root 354300x8000000000000000718557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.241{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52082-false10.0.1.12-8000- 11241100x8000000000000000718559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.242{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd9d4bf2bac5a32023-02-07 15:21:19.242root 11241100x8000000000000000718558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.242{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778845fd04ad8dfc2023-02-07 15:21:19.242root 11241100x8000000000000000718564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.243{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959fefcb715052302023-02-07 15:21:19.243root 11241100x8000000000000000718563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.243{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f70919843aca1f12023-02-07 15:21:19.243root 11241100x8000000000000000718562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.243{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fe2dba8ad98ebe2023-02-07 15:21:19.243root 11241100x8000000000000000718561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.243{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ed34ac031c55b2023-02-07 15:21:19.243root 11241100x8000000000000000718560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.243{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe05af85b2dba5f2023-02-07 15:21:19.243root 11241100x8000000000000000718569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.244{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89a1507af6d4e0b2023-02-07 15:21:19.244root 11241100x8000000000000000718568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.244{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40407bfba32328cd2023-02-07 15:21:19.244root 11241100x8000000000000000718567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.244{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32753f08ffcb234a2023-02-07 15:21:19.244root 11241100x8000000000000000718566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.244{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771425529450dfe92023-02-07 15:21:19.244root 11241100x8000000000000000718565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.244{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b8292c748a15ed2023-02-07 15:21:19.244root 11241100x8000000000000000718574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb720a1b045d2b32023-02-07 15:21:19.245root 11241100x8000000000000000718573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b6b77de9af876f2023-02-07 15:21:19.245root 11241100x8000000000000000718572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea07fa3cbd037552023-02-07 15:21:19.245root 11241100x8000000000000000718571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12e6ddda52043fa2023-02-07 15:21:19.245root 11241100x8000000000000000718570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.245{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9029d2111aa6fe2023-02-07 15:21:19.245root 11241100x8000000000000000718575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8ddd767ef669d52023-02-07 15:21:19.596root 11241100x8000000000000000718579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b656bdba67049ac2023-02-07 15:21:19.597root 11241100x8000000000000000718578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e926342652136c2023-02-07 15:21:19.597root 11241100x8000000000000000718577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac95234867716be2023-02-07 15:21:19.597root 11241100x8000000000000000718576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60902ee3c1fc5d4e2023-02-07 15:21:19.597root 11241100x8000000000000000718581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be06cdf1b1fae012023-02-07 15:21:19.598root 11241100x8000000000000000718580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb8eb6d55ff24cd2023-02-07 15:21:19.598root 11241100x8000000000000000718586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66c0d5dfe1be5c02023-02-07 15:21:19.599root 11241100x8000000000000000718585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b71580896c76b62023-02-07 15:21:19.599root 11241100x8000000000000000718584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477471a39ad6150d2023-02-07 15:21:19.599root 11241100x8000000000000000718583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb5c526b71f40ba2023-02-07 15:21:19.599root 11241100x8000000000000000718582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad9524466d5a39f2023-02-07 15:21:19.599root 11241100x8000000000000000718588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643d26b70c228ff82023-02-07 15:21:19.600root 11241100x8000000000000000718587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcaefb4ea91e4062023-02-07 15:21:19.600root 11241100x8000000000000000718592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3f46c33f8a6fe42023-02-07 15:21:19.601root 11241100x8000000000000000718591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155f68b8a025a8562023-02-07 15:21:19.601root 11241100x8000000000000000718590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffe22091ab4f1822023-02-07 15:21:19.601root 11241100x8000000000000000718589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:19.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032d36f9d428a53d2023-02-07 15:21:19.601root 11241100x8000000000000000718597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bf4a53760ba6772023-02-07 15:21:20.095root 11241100x8000000000000000718596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fdca9a0066c39b2023-02-07 15:21:20.095root 11241100x8000000000000000718595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3e974476c076b92023-02-07 15:21:20.095root 11241100x8000000000000000718594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470c2c3cd19d7faf2023-02-07 15:21:20.095root 11241100x8000000000000000718593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c79eeae19544da2023-02-07 15:21:20.095root 11241100x8000000000000000718602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7841f58eae1004872023-02-07 15:21:20.096root 11241100x8000000000000000718601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033ea12afdc287dd2023-02-07 15:21:20.096root 11241100x8000000000000000718600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345aa6946c11a3ba2023-02-07 15:21:20.096root 11241100x8000000000000000718599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a770184ed4636a62023-02-07 15:21:20.096root 11241100x8000000000000000718598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683bbe04539e41272023-02-07 15:21:20.096root 11241100x8000000000000000718610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e912b6c056b0302023-02-07 15:21:20.097root 11241100x8000000000000000718609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73bdcd2941f426f2023-02-07 15:21:20.097root 11241100x8000000000000000718608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4195f07c1c038c002023-02-07 15:21:20.097root 11241100x8000000000000000718607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be4e2fd478b9e6c2023-02-07 15:21:20.097root 11241100x8000000000000000718606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9403029e803d8142023-02-07 15:21:20.097root 11241100x8000000000000000718605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9561979610b90e02023-02-07 15:21:20.097root 11241100x8000000000000000718604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa28d8b1df7840c2023-02-07 15:21:20.097root 11241100x8000000000000000718603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778ca75bc26e9cf82023-02-07 15:21:20.097root 11241100x8000000000000000718615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c64515c70b1ed1e2023-02-07 15:21:20.595root 11241100x8000000000000000718614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94e70c5cf986ea72023-02-07 15:21:20.595root 11241100x8000000000000000718613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d59d714179ee0e92023-02-07 15:21:20.595root 11241100x8000000000000000718612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c3f3225a9d7e1c2023-02-07 15:21:20.595root 11241100x8000000000000000718611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280fc1c5f8845c42023-02-07 15:21:20.595root 11241100x8000000000000000718622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0db0158021aedd02023-02-07 15:21:20.596root 11241100x8000000000000000718621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe181c24fae44eca2023-02-07 15:21:20.596root 11241100x8000000000000000718620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0add15aa4acb3aa92023-02-07 15:21:20.596root 11241100x8000000000000000718619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c2c61b679dca1f2023-02-07 15:21:20.596root 11241100x8000000000000000718618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fd8f02a13521ef2023-02-07 15:21:20.596root 11241100x8000000000000000718617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b57debf200dd82a2023-02-07 15:21:20.596root 11241100x8000000000000000718616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7d73c8af68a502023-02-07 15:21:20.596root 11241100x8000000000000000718627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526b7ed6c67e199f2023-02-07 15:21:20.597root 11241100x8000000000000000718626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f41598485fe68412023-02-07 15:21:20.597root 11241100x8000000000000000718625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8576b9ac13d36882023-02-07 15:21:20.597root 11241100x8000000000000000718624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1de40a26ee5e282023-02-07 15:21:20.597root 11241100x8000000000000000718623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dab595ab0dc6d732023-02-07 15:21:20.597root 11241100x8000000000000000718633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6837314a50e334e2023-02-07 15:21:20.598root 11241100x8000000000000000718632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d5b58c822d742c2023-02-07 15:21:20.598root 11241100x8000000000000000718631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bad64e4fec5f512023-02-07 15:21:20.598root 11241100x8000000000000000718630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92cd7ee84ff4fd82023-02-07 15:21:20.598root 11241100x8000000000000000718629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4120853a353a58bf2023-02-07 15:21:20.598root 11241100x8000000000000000718628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e036d1176c3a25da2023-02-07 15:21:20.598root 11241100x8000000000000000718635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61660d85e6c86eb62023-02-07 15:21:20.599root 11241100x8000000000000000718634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:20.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06b60f4f0c347822023-02-07 15:21:20.599root 11241100x8000000000000000718639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11246a70fd5d6642023-02-07 15:21:21.095root 11241100x8000000000000000718638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0af75a8a749bd132023-02-07 15:21:21.095root 11241100x8000000000000000718637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3015f076833a5a2023-02-07 15:21:21.095root 11241100x8000000000000000718636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40feeb7c5a9a44062023-02-07 15:21:21.095root 11241100x8000000000000000718645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33eebb5e00a901f2023-02-07 15:21:21.096root 11241100x8000000000000000718644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644dba5e69b39a6e2023-02-07 15:21:21.096root 11241100x8000000000000000718643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1001ea2edb2f3b2023-02-07 15:21:21.096root 11241100x8000000000000000718642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a1b534b84a9d7e2023-02-07 15:21:21.096root 11241100x8000000000000000718641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d353bada869aa7e2023-02-07 15:21:21.096root 11241100x8000000000000000718640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d37d240429287d92023-02-07 15:21:21.096root 11241100x8000000000000000718651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd41496081ac48f02023-02-07 15:21:21.097root 11241100x8000000000000000718650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95eff25ab60976f2023-02-07 15:21:21.097root 11241100x8000000000000000718649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366401acdeac84b62023-02-07 15:21:21.097root 11241100x8000000000000000718648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f72ecfebc55e82023-02-07 15:21:21.097root 11241100x8000000000000000718647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5424247793cb96a2023-02-07 15:21:21.097root 11241100x8000000000000000718646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18b25ec9a4edabf2023-02-07 15:21:21.097root 11241100x8000000000000000718653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b512ac701dbbb12023-02-07 15:21:21.098root 11241100x8000000000000000718652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46422d4d07f528102023-02-07 15:21:21.098root 11241100x8000000000000000718656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae60396766c031c42023-02-07 15:21:21.595root 11241100x8000000000000000718655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b35f3c188f5e9682023-02-07 15:21:21.595root 11241100x8000000000000000718654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e95489c3a53df52023-02-07 15:21:21.595root 11241100x8000000000000000718662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564e63a2aa2b3aa72023-02-07 15:21:21.596root 11241100x8000000000000000718661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e989f5e0dff97b9c2023-02-07 15:21:21.596root 11241100x8000000000000000718660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d9249bad265412023-02-07 15:21:21.596root 11241100x8000000000000000718659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8302d7873b29792023-02-07 15:21:21.596root 11241100x8000000000000000718658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b784ae321cea604c2023-02-07 15:21:21.596root 11241100x8000000000000000718657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c45be87f14b5002023-02-07 15:21:21.596root 11241100x8000000000000000718668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47033f10f097bea02023-02-07 15:21:21.597root 11241100x8000000000000000718667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fd52c9e84fa6ff2023-02-07 15:21:21.597root 11241100x8000000000000000718666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53014498553aaf592023-02-07 15:21:21.597root 11241100x8000000000000000718665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96d4128beda90db2023-02-07 15:21:21.597root 11241100x8000000000000000718664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e286a898a140006c2023-02-07 15:21:21.597root 11241100x8000000000000000718663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b43637c8d609a672023-02-07 15:21:21.597root 11241100x8000000000000000718671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8300363bdc1bd8022023-02-07 15:21:21.598root 11241100x8000000000000000718670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610bafb27f7e4b2a2023-02-07 15:21:21.598root 11241100x8000000000000000718669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:21.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77cdc416e8980742023-02-07 15:21:21.598root 11241100x8000000000000000718683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00166daf983767d82023-02-07 15:21:22.096root 11241100x8000000000000000718682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2059b701bfe2a55b2023-02-07 15:21:22.096root 11241100x8000000000000000718681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da36c28a49370af52023-02-07 15:21:22.096root 11241100x8000000000000000718680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039e52a83b8c80442023-02-07 15:21:22.096root 11241100x8000000000000000718679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00a456e7ebc43f52023-02-07 15:21:22.096root 11241100x8000000000000000718678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cae7af63a7307a62023-02-07 15:21:22.096root 11241100x8000000000000000718677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951ccefee6c49af02023-02-07 15:21:22.096root 11241100x8000000000000000718676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9e8b19fc27e3272023-02-07 15:21:22.096root 11241100x8000000000000000718675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fba03ea9bb344d2023-02-07 15:21:22.096root 11241100x8000000000000000718674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b9b75655671f062023-02-07 15:21:22.096root 11241100x8000000000000000718673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8bb37198d7c52d2023-02-07 15:21:22.096root 11241100x8000000000000000718672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14396202ec2b86742023-02-07 15:21:22.096root 11241100x8000000000000000718689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d4e2d27d624442023-02-07 15:21:22.097root 11241100x8000000000000000718688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09f3a3021ac0c622023-02-07 15:21:22.097root 11241100x8000000000000000718687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9107eede178df4102023-02-07 15:21:22.097root 11241100x8000000000000000718686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2325a2c8578aa02023-02-07 15:21:22.097root 11241100x8000000000000000718685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4693fcc9a6856012023-02-07 15:21:22.097root 11241100x8000000000000000718684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e29c3869ce0db2023-02-07 15:21:22.097root 11241100x8000000000000000718690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200e19e1630b30632023-02-07 15:21:22.595root 11241100x8000000000000000718699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a7f25a8933ca662023-02-07 15:21:22.597root 11241100x8000000000000000718698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210dc97f225cf3f22023-02-07 15:21:22.597root 11241100x8000000000000000718697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3a2e0b1274582d2023-02-07 15:21:22.597root 11241100x8000000000000000718696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a86f034eff15c72023-02-07 15:21:22.597root 11241100x8000000000000000718695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7f0dc1cd0add262023-02-07 15:21:22.597root 11241100x8000000000000000718694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d516d91f2333c4d02023-02-07 15:21:22.597root 11241100x8000000000000000718693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4513439d0902882023-02-07 15:21:22.597root 11241100x8000000000000000718692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594b01a87a9196a22023-02-07 15:21:22.597root 11241100x8000000000000000718691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e2271c97a7dbf92023-02-07 15:21:22.597root 11241100x8000000000000000718705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43659e06116d45e22023-02-07 15:21:22.598root 11241100x8000000000000000718704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154724c3fd623fb52023-02-07 15:21:22.598root 11241100x8000000000000000718703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d7137bc16916132023-02-07 15:21:22.598root 11241100x8000000000000000718702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bdadc488c387432023-02-07 15:21:22.598root 11241100x8000000000000000718701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20bb11756dba88f2023-02-07 15:21:22.598root 11241100x8000000000000000718700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58465c6aa2126a172023-02-07 15:21:22.598root 11241100x8000000000000000718707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082139d1305d94912023-02-07 15:21:22.599root 11241100x8000000000000000718706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:22.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cfdf4ca4e66e952023-02-07 15:21:22.599root 11241100x8000000000000000718715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1415ea077556e5512023-02-07 15:21:23.096root 11241100x8000000000000000718714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895caae6dd7e768e2023-02-07 15:21:23.096root 11241100x8000000000000000718713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a777b11a210551432023-02-07 15:21:23.096root 11241100x8000000000000000718712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e24cda3a52cfe2023-02-07 15:21:23.096root 11241100x8000000000000000718711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59f885446be0e622023-02-07 15:21:23.096root 11241100x8000000000000000718710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555b26dc3d8b9e6e2023-02-07 15:21:23.096root 11241100x8000000000000000718709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4cb93fd40fcfa2023-02-07 15:21:23.096root 11241100x8000000000000000718708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50936523308fefc32023-02-07 15:21:23.096root 11241100x8000000000000000718725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe5447ce18127752023-02-07 15:21:23.097root 11241100x8000000000000000718724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0acb0c2147a600a2023-02-07 15:21:23.097root 11241100x8000000000000000718723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1c1190d0f49f802023-02-07 15:21:23.097root 11241100x8000000000000000718722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc1874f40a9bf32023-02-07 15:21:23.097root 11241100x8000000000000000718721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc839cf640a6e0b2023-02-07 15:21:23.097root 11241100x8000000000000000718720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f14266dac9ad792023-02-07 15:21:23.097root 11241100x8000000000000000718719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bc6927131708342023-02-07 15:21:23.097root 11241100x8000000000000000718718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87929ba50c10965c2023-02-07 15:21:23.097root 11241100x8000000000000000718717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a469d02ba1fc032023-02-07 15:21:23.097root 11241100x8000000000000000718716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab04a9caf52ae192023-02-07 15:21:23.097root 534500x8000000000000000718726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.169{ec244aba-3071-63e2-c83a-8af647560000}483/lib/systemd/systemd-journaldroot 11241100x8000000000000000718729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e17bdd7806c78a2023-02-07 15:21:23.595root 11241100x8000000000000000718728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ffc999b10fbbf22023-02-07 15:21:23.595root 11241100x8000000000000000718727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a86f537ece5b1902023-02-07 15:21:23.595root 11241100x8000000000000000718735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23dcf64e46790c82023-02-07 15:21:23.596root 11241100x8000000000000000718734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a2a1a3a7bbd8a82023-02-07 15:21:23.596root 11241100x8000000000000000718733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f91052a766041aa2023-02-07 15:21:23.596root 11241100x8000000000000000718732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27afcd5d2df055d2023-02-07 15:21:23.596root 11241100x8000000000000000718731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bfa3f5929f67942023-02-07 15:21:23.596root 11241100x8000000000000000718730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5151d2f932da5fe2023-02-07 15:21:23.596root 11241100x8000000000000000718742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685403e5f0f643232023-02-07 15:21:23.597root 11241100x8000000000000000718741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c49ee5263e6593a2023-02-07 15:21:23.597root 11241100x8000000000000000718740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928acf9528ca6d1b2023-02-07 15:21:23.597root 11241100x8000000000000000718739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb4c69c2e6efcf42023-02-07 15:21:23.597root 11241100x8000000000000000718738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783b960c85b2d81b2023-02-07 15:21:23.597root 11241100x8000000000000000718737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac68e7ccb9f6985b2023-02-07 15:21:23.597root 11241100x8000000000000000718736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a617cea4cc6eef2023-02-07 15:21:23.597root 11241100x8000000000000000718745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f56fa6488f23cf82023-02-07 15:21:23.598root 11241100x8000000000000000718744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ec8438c5253eb42023-02-07 15:21:23.598root 11241100x8000000000000000718743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:23.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae563b5e078b0262023-02-07 15:21:23.598root 11241100x8000000000000000718748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a80a2c774b587a2023-02-07 15:21:24.095root 11241100x8000000000000000718747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbc62261be0361b2023-02-07 15:21:24.095root 11241100x8000000000000000718746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13b95da03c92ba2023-02-07 15:21:24.095root 11241100x8000000000000000718756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7113149d551ff32023-02-07 15:21:24.096root 11241100x8000000000000000718755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ceaef1bad92acc2023-02-07 15:21:24.096root 11241100x8000000000000000718754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea1d88b21e785332023-02-07 15:21:24.096root 11241100x8000000000000000718753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8c286f291e1bcc2023-02-07 15:21:24.096root 11241100x8000000000000000718752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dff5cfad1ebca22023-02-07 15:21:24.096root 11241100x8000000000000000718751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2814199e48c161342023-02-07 15:21:24.096root 11241100x8000000000000000718750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b54c3ccd5d73b82023-02-07 15:21:24.096root 11241100x8000000000000000718749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1433579e8fe2142023-02-07 15:21:24.096root 11241100x8000000000000000718764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3957e1e6b32efe552023-02-07 15:21:24.097root 11241100x8000000000000000718763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2950f1d788c2902023-02-07 15:21:24.097root 11241100x8000000000000000718762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2dc672ba8abd7c2023-02-07 15:21:24.097root 11241100x8000000000000000718761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b116e415c3302ded2023-02-07 15:21:24.097root 11241100x8000000000000000718760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09617a7da4efd2892023-02-07 15:21:24.097root 11241100x8000000000000000718759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebc4f0b2184c1072023-02-07 15:21:24.097root 11241100x8000000000000000718758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766e229df64890c52023-02-07 15:21:24.097root 11241100x8000000000000000718757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccf1e63ba92e1ca2023-02-07 15:21:24.097root 11241100x8000000000000000718768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b54eccbc3bdd4402023-02-07 15:21:24.098root 11241100x8000000000000000718767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ec889dafa831e92023-02-07 15:21:24.098root 11241100x8000000000000000718766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51580240105820462023-02-07 15:21:24.098root 11241100x8000000000000000718765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1462a731a2bf4cf2023-02-07 15:21:24.098root 11241100x8000000000000000718772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df7ef4da114b9702023-02-07 15:21:24.595root 11241100x8000000000000000718771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b589e9b70e9d398d2023-02-07 15:21:24.595root 11241100x8000000000000000718770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dc6b2966cc06f92023-02-07 15:21:24.595root 11241100x8000000000000000718769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5654ebb49082a82023-02-07 15:21:24.595root 11241100x8000000000000000718781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94423ee157f0d12023-02-07 15:21:24.596root 11241100x8000000000000000718780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c2b2e6ca0de522023-02-07 15:21:24.596root 11241100x8000000000000000718779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23265fb98d8d03052023-02-07 15:21:24.596root 11241100x8000000000000000718778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765a570b5cdc21be2023-02-07 15:21:24.596root 11241100x8000000000000000718777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffc1af37e5ecd192023-02-07 15:21:24.596root 11241100x8000000000000000718776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db21e8f534733252023-02-07 15:21:24.596root 11241100x8000000000000000718775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05048129847907122023-02-07 15:21:24.596root 11241100x8000000000000000718774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533cb62d3bb71022023-02-07 15:21:24.596root 11241100x8000000000000000718773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7775028aa81779fd2023-02-07 15:21:24.596root 11241100x8000000000000000718787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b26ea0355b93812023-02-07 15:21:24.597root 11241100x8000000000000000718786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836dc7e42ddaea752023-02-07 15:21:24.597root 11241100x8000000000000000718785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b6bcfa2d43766a2023-02-07 15:21:24.597root 11241100x8000000000000000718784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811c0d11de2217902023-02-07 15:21:24.597root 11241100x8000000000000000718783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2aa194279facab22023-02-07 15:21:24.597root 11241100x8000000000000000718782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011b5a2cf58a8dba2023-02-07 15:21:24.597root 11241100x8000000000000000718788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:24.727{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:21:24.727root 11241100x8000000000000000718790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d01f1ce5abcb5982023-02-07 15:21:25.096root 11241100x8000000000000000718789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84766525158b7a82023-02-07 15:21:25.096root 11241100x8000000000000000718798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb080618ac33c202023-02-07 15:21:25.097root 11241100x8000000000000000718797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59b083e54e7836f2023-02-07 15:21:25.097root 11241100x8000000000000000718796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2832c07abe8c98302023-02-07 15:21:25.097root 11241100x8000000000000000718795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266a56f0585ed3142023-02-07 15:21:25.097root 11241100x8000000000000000718794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557fb48ac06e24772023-02-07 15:21:25.097root 11241100x8000000000000000718793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a634b2610bf1bf0f2023-02-07 15:21:25.097root 11241100x8000000000000000718792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f880333551d79b2023-02-07 15:21:25.097root 11241100x8000000000000000718791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a40a88195c1886e2023-02-07 15:21:25.097root 11241100x8000000000000000718807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02cfc9dc6e30acd2023-02-07 15:21:25.098root 11241100x8000000000000000718806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb4b1cbbc7129222023-02-07 15:21:25.098root 11241100x8000000000000000718805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08be86442c60e812023-02-07 15:21:25.098root 11241100x8000000000000000718804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13941e713df4d9f12023-02-07 15:21:25.098root 11241100x8000000000000000718803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e2ebfeebf8a7f22023-02-07 15:21:25.098root 11241100x8000000000000000718802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd9eb2fb16efc4e2023-02-07 15:21:25.098root 11241100x8000000000000000718801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bd2b2456c18b972023-02-07 15:21:25.098root 11241100x8000000000000000718800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349d0e41b09f705a2023-02-07 15:21:25.098root 11241100x8000000000000000718799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b16f622f35c6312023-02-07 15:21:25.098root 11241100x8000000000000000718808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d171a7122a0d310c2023-02-07 15:21:25.099root 354300x8000000000000000718809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.162{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60518-false10.0.1.12-8000- 11241100x8000000000000000718812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b966c33624d0e7722023-02-07 15:21:25.595root 11241100x8000000000000000718811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93e108d012c097c2023-02-07 15:21:25.595root 11241100x8000000000000000718810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b76281877ec24d2023-02-07 15:21:25.595root 11241100x8000000000000000718818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5f92cafe31f2882023-02-07 15:21:25.596root 11241100x8000000000000000718817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4611114f2ee168f2023-02-07 15:21:25.596root 11241100x8000000000000000718816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52e5f91b0d2095b2023-02-07 15:21:25.596root 11241100x8000000000000000718815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10e8b9b40c360ff2023-02-07 15:21:25.596root 11241100x8000000000000000718814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fce1d53694306b2023-02-07 15:21:25.596root 11241100x8000000000000000718813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f3f581edcbc7e52023-02-07 15:21:25.596root 11241100x8000000000000000718826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc923c83b137f85e2023-02-07 15:21:25.597root 11241100x8000000000000000718825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034d876e8ecddc32023-02-07 15:21:25.597root 11241100x8000000000000000718824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d864e95bb118ca2023-02-07 15:21:25.597root 11241100x8000000000000000718823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3f63858315cd842023-02-07 15:21:25.597root 11241100x8000000000000000718822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a4a0af3cf673f12023-02-07 15:21:25.597root 11241100x8000000000000000718821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d7b88f26eb596a2023-02-07 15:21:25.597root 11241100x8000000000000000718820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f2d0a0b2a810b92023-02-07 15:21:25.597root 11241100x8000000000000000718819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96396766a39e7cec2023-02-07 15:21:25.597root 11241100x8000000000000000718833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e064f145880c9aee2023-02-07 15:21:25.598root 11241100x8000000000000000718832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a08895209d899d42023-02-07 15:21:25.598root 11241100x8000000000000000718831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7487f85a83164c572023-02-07 15:21:25.598root 11241100x8000000000000000718830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5607fd1d68664072023-02-07 15:21:25.598root 11241100x8000000000000000718829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4d976adc8a37852023-02-07 15:21:25.598root 11241100x8000000000000000718828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcd90ed6bfd001a2023-02-07 15:21:25.598root 11241100x8000000000000000718827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984d927bedf0332f2023-02-07 15:21:25.598root 11241100x8000000000000000718835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd04d11348dceca82023-02-07 15:21:25.599root 11241100x8000000000000000718834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0503e4a18e6f11e92023-02-07 15:21:25.599root 11241100x8000000000000000718839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b519c19ac1d7d6122023-02-07 15:21:26.095root 11241100x8000000000000000718838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208137ddb39529e82023-02-07 15:21:26.095root 11241100x8000000000000000718837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aecbef0b7fe56222023-02-07 15:21:26.095root 11241100x8000000000000000718836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6266aeef2e26a02023-02-07 15:21:26.095root 11241100x8000000000000000718848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1a535431483d3f2023-02-07 15:21:26.096root 11241100x8000000000000000718847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906c32fa1810fc7d2023-02-07 15:21:26.096root 11241100x8000000000000000718846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1dd5c8695969cf2023-02-07 15:21:26.096root 11241100x8000000000000000718845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2e1cbcf57302cc2023-02-07 15:21:26.096root 11241100x8000000000000000718844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612479fe9cd1287e2023-02-07 15:21:26.096root 11241100x8000000000000000718843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ca18380ca645592023-02-07 15:21:26.096root 11241100x8000000000000000718842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4514eb44621181652023-02-07 15:21:26.096root 11241100x8000000000000000718841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54928a5f8aea75332023-02-07 15:21:26.096root 11241100x8000000000000000718840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0785691acefc44282023-02-07 15:21:26.096root 11241100x8000000000000000718855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e147977d8d407eaa2023-02-07 15:21:26.097root 11241100x8000000000000000718854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d676aff2f7171412023-02-07 15:21:26.097root 11241100x8000000000000000718853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39965519946260e72023-02-07 15:21:26.097root 11241100x8000000000000000718852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6117149f786891a52023-02-07 15:21:26.097root 11241100x8000000000000000718851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866145d789a99b772023-02-07 15:21:26.097root 11241100x8000000000000000718850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715da1052615e5482023-02-07 15:21:26.097root 11241100x8000000000000000718849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68feeb5cad620ba82023-02-07 15:21:26.097root 11241100x8000000000000000718858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8729e297368f1f7b2023-02-07 15:21:26.098root 11241100x8000000000000000718857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feefa90af24d4f932023-02-07 15:21:26.098root 11241100x8000000000000000718856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c062f855b22f7122023-02-07 15:21:26.098root 11241100x8000000000000000718862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e3891242ad79232023-02-07 15:21:26.595root 11241100x8000000000000000718861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efdefd48235fb582023-02-07 15:21:26.595root 11241100x8000000000000000718860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7da716545aaa38c2023-02-07 15:21:26.595root 11241100x8000000000000000718859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200a06f476a2ce7b2023-02-07 15:21:26.595root 11241100x8000000000000000718870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054282e1b87732e52023-02-07 15:21:26.596root 11241100x8000000000000000718869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c341836ef96fa32023-02-07 15:21:26.596root 11241100x8000000000000000718868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3a6f73d248b3972023-02-07 15:21:26.596root 11241100x8000000000000000718867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ddcd8ac73e77712023-02-07 15:21:26.596root 11241100x8000000000000000718866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95cdc70f5fb36b2023-02-07 15:21:26.596root 11241100x8000000000000000718865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380a6f1207ecf9d72023-02-07 15:21:26.596root 11241100x8000000000000000718864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71eda44c8778913a2023-02-07 15:21:26.596root 11241100x8000000000000000718863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d43c51932093182023-02-07 15:21:26.596root 11241100x8000000000000000718876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60bf7892e988462023-02-07 15:21:26.597root 11241100x8000000000000000718875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348b34534fabac232023-02-07 15:21:26.597root 11241100x8000000000000000718874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdee300f08e7cc52023-02-07 15:21:26.597root 11241100x8000000000000000718873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e36b3b4e2a137522023-02-07 15:21:26.597root 11241100x8000000000000000718872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ed8f73ca70428e2023-02-07 15:21:26.597root 11241100x8000000000000000718871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a67ffb43358cfb2023-02-07 15:21:26.597root 11241100x8000000000000000718881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3710c5e9ca69db652023-02-07 15:21:26.598root 11241100x8000000000000000718880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44886eddf160f4e22023-02-07 15:21:26.598root 11241100x8000000000000000718879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51248f524ae6d982023-02-07 15:21:26.598root 11241100x8000000000000000718878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc546d8d74c58532023-02-07 15:21:26.598root 11241100x8000000000000000718877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:26.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29fa7e4e01d55cc2023-02-07 15:21:26.598root 11241100x8000000000000000718884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7706a8b60a0e9f382023-02-07 15:21:27.095root 11241100x8000000000000000718883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876d92870238c2fd2023-02-07 15:21:27.095root 11241100x8000000000000000718882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4ed1c535c6ba782023-02-07 15:21:27.095root 11241100x8000000000000000718890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a3d0405774bd9b2023-02-07 15:21:27.096root 11241100x8000000000000000718889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcd8d3a683522c92023-02-07 15:21:27.096root 11241100x8000000000000000718888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe8271644e9aa42023-02-07 15:21:27.096root 11241100x8000000000000000718887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc63c2730642011d2023-02-07 15:21:27.096root 11241100x8000000000000000718886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44ff758bf0e69d72023-02-07 15:21:27.096root 11241100x8000000000000000718885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f864b53375db418f2023-02-07 15:21:27.096root 11241100x8000000000000000718899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e60b655291c8902023-02-07 15:21:27.097root 11241100x8000000000000000718898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfe307855f973272023-02-07 15:21:27.097root 11241100x8000000000000000718897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365ab01c517b21552023-02-07 15:21:27.097root 11241100x8000000000000000718896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1771af455b614d912023-02-07 15:21:27.097root 11241100x8000000000000000718895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6378d8d8fda9e1512023-02-07 15:21:27.097root 11241100x8000000000000000718894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9babcdf78311b62023-02-07 15:21:27.097root 11241100x8000000000000000718893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc84a9908de7222023-02-07 15:21:27.097root 11241100x8000000000000000718892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37478808b747dfc72023-02-07 15:21:27.097root 11241100x8000000000000000718891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef28f218766f5d82023-02-07 15:21:27.097root 11241100x8000000000000000718902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a0a189f52352982023-02-07 15:21:27.098root 11241100x8000000000000000718901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbae7e7945297262023-02-07 15:21:27.098root 11241100x8000000000000000718900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57480dbf81de77102023-02-07 15:21:27.098root 11241100x8000000000000000718904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ead51324414d9f02023-02-07 15:21:27.595root 11241100x8000000000000000718903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd95143b62277da72023-02-07 15:21:27.595root 11241100x8000000000000000718915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78da2897fd5b7c0b2023-02-07 15:21:27.596root 11241100x8000000000000000718914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ffe9364040be2b2023-02-07 15:21:27.596root 11241100x8000000000000000718913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6b676de4739b302023-02-07 15:21:27.596root 11241100x8000000000000000718912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878ed0d5be654f02023-02-07 15:21:27.596root 11241100x8000000000000000718911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec992663b9100f562023-02-07 15:21:27.596root 11241100x8000000000000000718910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9348261dc66917222023-02-07 15:21:27.596root 11241100x8000000000000000718909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355e2710b689a05b2023-02-07 15:21:27.596root 11241100x8000000000000000718908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f762c58f47d432023-02-07 15:21:27.596root 11241100x8000000000000000718907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48b9c00f1c4d53d2023-02-07 15:21:27.596root 11241100x8000000000000000718906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56578d5cc769f9e62023-02-07 15:21:27.596root 11241100x8000000000000000718905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ae98ed6774422f2023-02-07 15:21:27.596root 11241100x8000000000000000718919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f42e2cb8a013952023-02-07 15:21:27.597root 11241100x8000000000000000718918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2833fe343cc955b42023-02-07 15:21:27.597root 11241100x8000000000000000718917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9ba0c63430fdff2023-02-07 15:21:27.597root 11241100x8000000000000000718916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42675573d501ce292023-02-07 15:21:27.597root 11241100x8000000000000000718920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968697ed4a4cee52023-02-07 15:21:27.599root 11241100x8000000000000000718926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb8a8890f6e4422023-02-07 15:21:27.600root 11241100x8000000000000000718925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f76b5a245cc221f2023-02-07 15:21:27.600root 11241100x8000000000000000718924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0404439f8c93f252023-02-07 15:21:27.600root 11241100x8000000000000000718923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693456faf014e7892023-02-07 15:21:27.600root 11241100x8000000000000000718922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c0e5766040485d2023-02-07 15:21:27.600root 11241100x8000000000000000718921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0391336c921757752023-02-07 15:21:27.600root 23542300x8000000000000000718927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:27.729{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000718929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cca64886cd643302023-02-07 15:21:28.095root 11241100x8000000000000000718928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d498cba1aee122b92023-02-07 15:21:28.095root 11241100x8000000000000000718931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7a48f64f7efcc02023-02-07 15:21:28.096root 11241100x8000000000000000718930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad165e65976fa8822023-02-07 15:21:28.096root 11241100x8000000000000000718935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fbf3eb2d3da2fe2023-02-07 15:21:28.097root 11241100x8000000000000000718934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ac1c1a56a697272023-02-07 15:21:28.097root 11241100x8000000000000000718933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3336df07955a379a2023-02-07 15:21:28.097root 11241100x8000000000000000718932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22915bd3b3890f62023-02-07 15:21:28.097root 11241100x8000000000000000718939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14521a85d0e8ed822023-02-07 15:21:28.098root 11241100x8000000000000000718938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f175c0398634c442023-02-07 15:21:28.098root 11241100x8000000000000000718937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1027c2e00aa90c92023-02-07 15:21:28.098root 11241100x8000000000000000718936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9566c65292115a52023-02-07 15:21:28.098root 11241100x8000000000000000718944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f03c27c2f689452023-02-07 15:21:28.099root 11241100x8000000000000000718943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb460b103fb3b52023-02-07 15:21:28.099root 11241100x8000000000000000718942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd21c63e629b8fde2023-02-07 15:21:28.099root 11241100x8000000000000000718941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508c77074bf80fb12023-02-07 15:21:28.099root 11241100x8000000000000000718940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f9db53dc0cee132023-02-07 15:21:28.099root 11241100x8000000000000000718945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9058f7c45154d6742023-02-07 15:21:28.101root 11241100x8000000000000000718947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8498b4d67eff6492023-02-07 15:21:28.102root 11241100x8000000000000000718946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba4e51acc0675172023-02-07 15:21:28.102root 11241100x8000000000000000718951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6972feb524d86ab2023-02-07 15:21:28.103root 11241100x8000000000000000718950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7718dd8ab97dd7372023-02-07 15:21:28.103root 11241100x8000000000000000718949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11090bad5f0133d2023-02-07 15:21:28.103root 11241100x8000000000000000718948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fe50d9d7bcbbf72023-02-07 15:21:28.103root 11241100x8000000000000000718953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18414a4884efb412023-02-07 15:21:28.104root 11241100x8000000000000000718952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f130f6b1c0d22d0f2023-02-07 15:21:28.104root 11241100x8000000000000000718959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f151debfde0bd12023-02-07 15:21:28.595root 11241100x8000000000000000718958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff23de317ee95552023-02-07 15:21:28.595root 11241100x8000000000000000718957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8175e636cc0b322023-02-07 15:21:28.595root 11241100x8000000000000000718956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad4ccd4e141ba02023-02-07 15:21:28.595root 11241100x8000000000000000718955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284d21cfc0739b72023-02-07 15:21:28.595root 11241100x8000000000000000718954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4590192b580f0cfa2023-02-07 15:21:28.595root 11241100x8000000000000000718965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5957201f82432f2a2023-02-07 15:21:28.596root 11241100x8000000000000000718964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902c727197f226522023-02-07 15:21:28.596root 11241100x8000000000000000718963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335c2fbae6dc71082023-02-07 15:21:28.596root 11241100x8000000000000000718962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29788e4103d449052023-02-07 15:21:28.596root 11241100x8000000000000000718961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bfbf5299c533432023-02-07 15:21:28.596root 11241100x8000000000000000718960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4f643006d2ed422023-02-07 15:21:28.596root 11241100x8000000000000000718968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0624f30889b759db2023-02-07 15:21:28.597root 11241100x8000000000000000718967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d963eb04d61bd3d42023-02-07 15:21:28.597root 11241100x8000000000000000718966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be181b3b6f7eda2023-02-07 15:21:28.597root 11241100x8000000000000000718972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0c094ff1e3034e2023-02-07 15:21:28.598root 11241100x8000000000000000718971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8857938f22aaa262023-02-07 15:21:28.598root 11241100x8000000000000000718970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837ce550becc403e2023-02-07 15:21:28.598root 11241100x8000000000000000718969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79bca8782d3e9eb2023-02-07 15:21:28.598root 11241100x8000000000000000718974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cd0b1fe0884be12023-02-07 15:21:28.599root 11241100x8000000000000000718973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72582a9ec49ed5f62023-02-07 15:21:28.599root 11241100x8000000000000000718976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806281094746dcbe2023-02-07 15:21:28.600root 11241100x8000000000000000718975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe6c3fe38cd95422023-02-07 15:21:28.600root 11241100x8000000000000000718980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20086e9f5df1be5c2023-02-07 15:21:28.601root 11241100x8000000000000000718979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7453e9ef202c162023-02-07 15:21:28.601root 11241100x8000000000000000718978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b874dc54cc116b1b2023-02-07 15:21:28.601root 11241100x8000000000000000718977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:28.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37596fd5202c90ed2023-02-07 15:21:28.601root 11241100x8000000000000000718983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bc3ccb53f4fe312023-02-07 15:21:29.095root 11241100x8000000000000000718982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c87e02e7c4b4a6c2023-02-07 15:21:29.095root 11241100x8000000000000000718981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b7a379f98e18512023-02-07 15:21:29.095root 11241100x8000000000000000718989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1864cc913caa142023-02-07 15:21:29.096root 11241100x8000000000000000718988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963050125101ea7a2023-02-07 15:21:29.096root 11241100x8000000000000000718987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22826e8ee573e2742023-02-07 15:21:29.096root 11241100x8000000000000000718986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b5ff656fd45eb62023-02-07 15:21:29.096root 11241100x8000000000000000718985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f10c693a8900552023-02-07 15:21:29.096root 11241100x8000000000000000718984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0246b1976efd38282023-02-07 15:21:29.096root 11241100x8000000000000000718991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8f9b351775bef42023-02-07 15:21:29.097root 11241100x8000000000000000718990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c0dc0996d5db6e2023-02-07 15:21:29.097root 11241100x8000000000000000718995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e01b46631297162023-02-07 15:21:29.098root 11241100x8000000000000000718994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a5bd5e22af72ea2023-02-07 15:21:29.098root 11241100x8000000000000000718993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca478721dca90b2023-02-07 15:21:29.098root 11241100x8000000000000000718992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e868ee505c0f2182023-02-07 15:21:29.098root 11241100x8000000000000000719000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bb26fb2725f8212023-02-07 15:21:29.099root 11241100x8000000000000000718999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5815603dab1c5b2023-02-07 15:21:29.099root 11241100x8000000000000000718998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83051fd3b822bde42023-02-07 15:21:29.099root 11241100x8000000000000000718997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a447fd2b4a2f1612023-02-07 15:21:29.099root 11241100x8000000000000000718996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcd344fcc27f3362023-02-07 15:21:29.099root 11241100x8000000000000000719003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5793af9e93c47db92023-02-07 15:21:29.100root 11241100x8000000000000000719002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f24714b6efc73d2023-02-07 15:21:29.100root 11241100x8000000000000000719001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f5e39b91b0d7242023-02-07 15:21:29.100root 11241100x8000000000000000719006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bebe17e868bd312023-02-07 15:21:29.101root 11241100x8000000000000000719005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de3c874afbe29a2023-02-07 15:21:29.101root 11241100x8000000000000000719004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63952d0b863a80f02023-02-07 15:21:29.101root 11241100x8000000000000000719011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbdc3d51b1861fc2023-02-07 15:21:29.595root 11241100x8000000000000000719010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7d304cf337cc512023-02-07 15:21:29.595root 11241100x8000000000000000719009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7fe48fb63d0c802023-02-07 15:21:29.595root 11241100x8000000000000000719008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c405092112d03faf2023-02-07 15:21:29.595root 11241100x8000000000000000719007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfdad1ffb68f3232023-02-07 15:21:29.595root 11241100x8000000000000000719017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa6b688c3dc2c0d2023-02-07 15:21:29.596root 11241100x8000000000000000719016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e939b44cc6cdab92023-02-07 15:21:29.596root 11241100x8000000000000000719015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93346d4f81fdcdf02023-02-07 15:21:29.596root 11241100x8000000000000000719014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3141b1025a3ad42023-02-07 15:21:29.596root 11241100x8000000000000000719013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cea0da4f90241b2023-02-07 15:21:29.596root 11241100x8000000000000000719012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a501bb14fdaa922023-02-07 15:21:29.596root 11241100x8000000000000000719024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d543f934d9f095b2023-02-07 15:21:29.597root 11241100x8000000000000000719023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d98523ddac25af2023-02-07 15:21:29.597root 11241100x8000000000000000719022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c0439b6e52f1e12023-02-07 15:21:29.597root 11241100x8000000000000000719021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314dd0edaa11c49c2023-02-07 15:21:29.597root 11241100x8000000000000000719020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eadcc93241c9622023-02-07 15:21:29.597root 11241100x8000000000000000719019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c7d6f8a62c85f2023-02-07 15:21:29.597root 11241100x8000000000000000719018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e659181c8c5a86162023-02-07 15:21:29.597root 11241100x8000000000000000719030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b900e94d6f77009a2023-02-07 15:21:29.598root 11241100x8000000000000000719029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3929d8c71f2bd0ec2023-02-07 15:21:29.598root 11241100x8000000000000000719028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e01e0d84ada18332023-02-07 15:21:29.598root 11241100x8000000000000000719027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500299cee23c397d2023-02-07 15:21:29.598root 11241100x8000000000000000719026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aa7f8cb98338d22023-02-07 15:21:29.598root 11241100x8000000000000000719025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:29.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837a7e343487f2882023-02-07 15:21:29.598root 11241100x8000000000000000719032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003a63f5d9463f212023-02-07 15:21:30.095root 11241100x8000000000000000719031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64abeba0e9a7f3e2023-02-07 15:21:30.095root 11241100x8000000000000000719038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14791171de1dafd82023-02-07 15:21:30.096root 11241100x8000000000000000719037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe5337ab7053ee42023-02-07 15:21:30.096root 11241100x8000000000000000719036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219fa47b0d8acc642023-02-07 15:21:30.096root 11241100x8000000000000000719035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b9162e017ae62a2023-02-07 15:21:30.096root 11241100x8000000000000000719034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c58ca95eca744b2023-02-07 15:21:30.096root 11241100x8000000000000000719033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cf5c7cfcd34a422023-02-07 15:21:30.096root 11241100x8000000000000000719044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969425626197c5fd2023-02-07 15:21:30.097root 11241100x8000000000000000719043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cb1d149cba05e32023-02-07 15:21:30.097root 11241100x8000000000000000719042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf025ab9668063c2023-02-07 15:21:30.097root 11241100x8000000000000000719041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2825d51891b1a32023-02-07 15:21:30.097root 11241100x8000000000000000719040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4515feef9db2162023-02-07 15:21:30.097root 11241100x8000000000000000719039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee722cbf9a71c9312023-02-07 15:21:30.097root 11241100x8000000000000000719053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89c2ede6fab5fa82023-02-07 15:21:30.098root 11241100x8000000000000000719052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f169485f33cbd15d2023-02-07 15:21:30.098root 11241100x8000000000000000719051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fc0b2cca87516d2023-02-07 15:21:30.098root 11241100x8000000000000000719050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28129de75a456eb02023-02-07 15:21:30.098root 11241100x8000000000000000719049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788ad160b9624e0e2023-02-07 15:21:30.098root 11241100x8000000000000000719048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99196de1dc0f8b6b2023-02-07 15:21:30.098root 11241100x8000000000000000719047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4263b2cef1365ddb2023-02-07 15:21:30.098root 11241100x8000000000000000719046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895f2af1a3effaee2023-02-07 15:21:30.098root 11241100x8000000000000000719045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7978460e52bc152023-02-07 15:21:30.098root 11241100x8000000000000000719062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4cf5b5dcec75c12023-02-07 15:21:30.099root 11241100x8000000000000000719061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743fc6e94de196b32023-02-07 15:21:30.099root 11241100x8000000000000000719060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d1402b99cbb5f52023-02-07 15:21:30.099root 11241100x8000000000000000719059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d650bc17315a9e2023-02-07 15:21:30.099root 11241100x8000000000000000719058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d7020ec71dc3302023-02-07 15:21:30.099root 11241100x8000000000000000719057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0d78ad977209c52023-02-07 15:21:30.099root 11241100x8000000000000000719056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a50d84f5d478872023-02-07 15:21:30.099root 11241100x8000000000000000719055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28070931cdd49f842023-02-07 15:21:30.099root 11241100x8000000000000000719054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e86bb520893c2fb2023-02-07 15:21:30.099root 11241100x8000000000000000719064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6576567c6a6d7ee22023-02-07 15:21:30.100root 11241100x8000000000000000719063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6826c88f51e14662023-02-07 15:21:30.100root 11241100x8000000000000000719067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6936329cc825a92023-02-07 15:21:30.595root 11241100x8000000000000000719066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497fe97aa4ee010d2023-02-07 15:21:30.595root 11241100x8000000000000000719065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7778d09394f6e7682023-02-07 15:21:30.595root 11241100x8000000000000000719070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4673f70f7030acc92023-02-07 15:21:30.596root 11241100x8000000000000000719069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f315eba4f852de2023-02-07 15:21:30.596root 11241100x8000000000000000719068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498c4d84a15147d82023-02-07 15:21:30.596root 11241100x8000000000000000719075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff552453438f5bef2023-02-07 15:21:30.597root 11241100x8000000000000000719074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49936e1f5831ab322023-02-07 15:21:30.597root 11241100x8000000000000000719073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc0e3ede7d385d02023-02-07 15:21:30.597root 11241100x8000000000000000719072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee08b9fb4b334b12023-02-07 15:21:30.597root 11241100x8000000000000000719071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38942b9b167ccb202023-02-07 15:21:30.597root 11241100x8000000000000000719082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6330a27002623cde2023-02-07 15:21:30.598root 11241100x8000000000000000719081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabb8834e746fc5f2023-02-07 15:21:30.598root 11241100x8000000000000000719080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b2fe95391547c52023-02-07 15:21:30.598root 11241100x8000000000000000719079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a3ec059ac4061e2023-02-07 15:21:30.598root 11241100x8000000000000000719078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9b4f2241055f082023-02-07 15:21:30.598root 11241100x8000000000000000719077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb0bd6173a4e4052023-02-07 15:21:30.598root 11241100x8000000000000000719076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e24b158be184b12023-02-07 15:21:30.598root 11241100x8000000000000000719086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530c34a7f323d7b32023-02-07 15:21:30.599root 11241100x8000000000000000719085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3595200810f58dde2023-02-07 15:21:30.599root 11241100x8000000000000000719084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e39bea61abcbf12023-02-07 15:21:30.599root 11241100x8000000000000000719083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82e0650c53eb3562023-02-07 15:21:30.599root 11241100x8000000000000000719089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e58e8322825d242023-02-07 15:21:30.600root 11241100x8000000000000000719088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153493fd05b829fa2023-02-07 15:21:30.600root 11241100x8000000000000000719087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:30.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08009b5df97c0712023-02-07 15:21:30.600root 11241100x8000000000000000719093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5a858ae03596642023-02-07 15:21:31.095root 11241100x8000000000000000719092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a295729171d22b642023-02-07 15:21:31.095root 11241100x8000000000000000719091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ebf95792138fc42023-02-07 15:21:31.095root 11241100x8000000000000000719090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb5880a7fa2b3c72023-02-07 15:21:31.095root 11241100x8000000000000000719100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc92940aaa7c7382023-02-07 15:21:31.096root 11241100x8000000000000000719099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128ca892f661c6492023-02-07 15:21:31.096root 11241100x8000000000000000719098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63d1235f405a7132023-02-07 15:21:31.096root 11241100x8000000000000000719097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002ad9a39c3185b12023-02-07 15:21:31.096root 11241100x8000000000000000719096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d1a57393f127ff2023-02-07 15:21:31.096root 11241100x8000000000000000719095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d349f584c11a742023-02-07 15:21:31.096root 11241100x8000000000000000719094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dc627259b5b8772023-02-07 15:21:31.096root 11241100x8000000000000000719109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c35951528d6132023-02-07 15:21:31.097root 11241100x8000000000000000719108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742e5618b77588c32023-02-07 15:21:31.097root 11241100x8000000000000000719107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e4f3728e57ce9b2023-02-07 15:21:31.097root 11241100x8000000000000000719106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb30875eefc8cb12023-02-07 15:21:31.097root 11241100x8000000000000000719105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87152ef0c54515a92023-02-07 15:21:31.097root 11241100x8000000000000000719104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560738aa1ac82fce2023-02-07 15:21:31.097root 11241100x8000000000000000719103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f907620b564653b02023-02-07 15:21:31.097root 11241100x8000000000000000719102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f733a3fc0aa6d182023-02-07 15:21:31.097root 11241100x8000000000000000719101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a723cbffd9e6af3a2023-02-07 15:21:31.097root 11241100x8000000000000000719117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e401bef33cef0e42023-02-07 15:21:31.098root 11241100x8000000000000000719116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad919d38c5b720f2023-02-07 15:21:31.098root 11241100x8000000000000000719115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f92022be93d4e262023-02-07 15:21:31.098root 11241100x8000000000000000719114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21f4cd993ec95de2023-02-07 15:21:31.098root 11241100x8000000000000000719113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a13101ac572d542023-02-07 15:21:31.098root 11241100x8000000000000000719112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f9fada07cb4c782023-02-07 15:21:31.098root 11241100x8000000000000000719111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469e3bafa25e8e1d2023-02-07 15:21:31.098root 11241100x8000000000000000719110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9209b93f33e5fbbc2023-02-07 15:21:31.098root 11241100x8000000000000000719122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd7e0c6401c328e2023-02-07 15:21:31.100root 11241100x8000000000000000719121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d74e4a287e5b8592023-02-07 15:21:31.100root 11241100x8000000000000000719120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b518ede8098335312023-02-07 15:21:31.100root 11241100x8000000000000000719119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c782f24d68bb851c2023-02-07 15:21:31.100root 11241100x8000000000000000719118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d76ba4c65d99c8e2023-02-07 15:21:31.100root 11241100x8000000000000000719124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8488b553bc3460972023-02-07 15:21:31.101root 11241100x8000000000000000719123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e2cbf2b917f2292023-02-07 15:21:31.101root 354300x8000000000000000719125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.112{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60528-false10.0.1.12-8000- 11241100x8000000000000000719129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8146580966dc01962023-02-07 15:21:31.596root 11241100x8000000000000000719128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2ddba00ef70ba92023-02-07 15:21:31.596root 11241100x8000000000000000719127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3489de25f53b10d2023-02-07 15:21:31.596root 11241100x8000000000000000719126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a0b8496302e2bc2023-02-07 15:21:31.596root 11241100x8000000000000000719138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45e0e7f35361f582023-02-07 15:21:31.597root 11241100x8000000000000000719137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1451436f9125c9542023-02-07 15:21:31.597root 11241100x8000000000000000719136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8b57621cb5d382023-02-07 15:21:31.597root 11241100x8000000000000000719135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0762cfbb46ea6b42023-02-07 15:21:31.597root 11241100x8000000000000000719134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be15e54c791054712023-02-07 15:21:31.597root 11241100x8000000000000000719133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df78a01afb5336f42023-02-07 15:21:31.597root 11241100x8000000000000000719132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299c8be46fa6ec512023-02-07 15:21:31.597root 11241100x8000000000000000719131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e02e3661193fb312023-02-07 15:21:31.597root 11241100x8000000000000000719130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da512a6b61de3e952023-02-07 15:21:31.597root 11241100x8000000000000000719147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5518e4118e0182023-02-07 15:21:31.598root 11241100x8000000000000000719146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bf8dc78ec13d0b2023-02-07 15:21:31.598root 11241100x8000000000000000719145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98a9d5d48dffb8f2023-02-07 15:21:31.598root 11241100x8000000000000000719144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de625b2b5698c57b2023-02-07 15:21:31.598root 11241100x8000000000000000719143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622048223d6bd5b92023-02-07 15:21:31.598root 11241100x8000000000000000719142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa9c13ed35da3882023-02-07 15:21:31.598root 11241100x8000000000000000719141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6ce6ebaaa8e47b2023-02-07 15:21:31.598root 11241100x8000000000000000719140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513bde31a66096312023-02-07 15:21:31.598root 11241100x8000000000000000719139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2918088c003a80412023-02-07 15:21:31.598root 11241100x8000000000000000719148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:31.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0ab2ca5718db582023-02-07 15:21:31.599root 11241100x8000000000000000719155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67ccde0f4f383312023-02-07 15:21:32.095root 11241100x8000000000000000719154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be87738c301f43382023-02-07 15:21:32.095root 11241100x8000000000000000719153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32d92fef7aaa3282023-02-07 15:21:32.095root 11241100x8000000000000000719152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c50634df5633952023-02-07 15:21:32.095root 11241100x8000000000000000719151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0015434edbb66ee82023-02-07 15:21:32.095root 11241100x8000000000000000719150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea2bfb8cbc406e2023-02-07 15:21:32.095root 11241100x8000000000000000719149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7574dfe89701359d2023-02-07 15:21:32.095root 11241100x8000000000000000719162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a1773d4489b0522023-02-07 15:21:32.096root 11241100x8000000000000000719161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c2be267c103e192023-02-07 15:21:32.096root 11241100x8000000000000000719160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01c3735ecf14f642023-02-07 15:21:32.096root 11241100x8000000000000000719159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f2b32b37d1a96a2023-02-07 15:21:32.096root 11241100x8000000000000000719158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575a8c936c1ad8cd2023-02-07 15:21:32.096root 11241100x8000000000000000719157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8f6b36cbd164422023-02-07 15:21:32.096root 11241100x8000000000000000719156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc548087b11980312023-02-07 15:21:32.096root 11241100x8000000000000000719167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56262042412558b82023-02-07 15:21:32.097root 11241100x8000000000000000719166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad37f520372a8a2023-02-07 15:21:32.097root 11241100x8000000000000000719165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fbc79a174e96652023-02-07 15:21:32.097root 11241100x8000000000000000719164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1b8646425751a52023-02-07 15:21:32.097root 11241100x8000000000000000719163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05593af55217b942023-02-07 15:21:32.097root 11241100x8000000000000000719174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeb98ef2d3d442c2023-02-07 15:21:32.098root 11241100x8000000000000000719173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf90e345371ecfbe2023-02-07 15:21:32.098root 11241100x8000000000000000719172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcad8773116088d2023-02-07 15:21:32.098root 11241100x8000000000000000719171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924a3460787c7a612023-02-07 15:21:32.098root 11241100x8000000000000000719170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5f9ea200ebfc022023-02-07 15:21:32.098root 11241100x8000000000000000719169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb82127eb9932342023-02-07 15:21:32.098root 11241100x8000000000000000719168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c3688583989ddd2023-02-07 15:21:32.098root 11241100x8000000000000000719179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97ca811336b306d2023-02-07 15:21:32.099root 11241100x8000000000000000719178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37e18f54a09983e2023-02-07 15:21:32.099root 11241100x8000000000000000719177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e2c880296e7912023-02-07 15:21:32.099root 11241100x8000000000000000719176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d310fcbad58b47502023-02-07 15:21:32.099root 11241100x8000000000000000719175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a91d23a04609bfc2023-02-07 15:21:32.099root 11241100x8000000000000000719182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c22afdbacf0bd02023-02-07 15:21:32.100root 11241100x8000000000000000719181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907b9b40be5e00c62023-02-07 15:21:32.100root 11241100x8000000000000000719180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402b73055749174c2023-02-07 15:21:32.100root 11241100x8000000000000000719186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aab6e053330d5172023-02-07 15:21:32.595root 11241100x8000000000000000719185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4edfbb15762d002023-02-07 15:21:32.595root 11241100x8000000000000000719184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62c94febe4a09542023-02-07 15:21:32.595root 11241100x8000000000000000719183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acca5cb19ea6fcf82023-02-07 15:21:32.595root 11241100x8000000000000000719192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73c9856979de72f2023-02-07 15:21:32.596root 11241100x8000000000000000719191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59a9de4d84711962023-02-07 15:21:32.596root 11241100x8000000000000000719190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191d03b12bba7e202023-02-07 15:21:32.596root 11241100x8000000000000000719189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dbf1b1660ce8f52023-02-07 15:21:32.596root 11241100x8000000000000000719188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d82148cd1fc229c2023-02-07 15:21:32.596root 11241100x8000000000000000719187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d261a3887ee2532023-02-07 15:21:32.596root 11241100x8000000000000000719199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618b19d9043c3352023-02-07 15:21:32.597root 11241100x8000000000000000719198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aabf4fbd583c5752023-02-07 15:21:32.597root 11241100x8000000000000000719197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56b8b84d7cff12f2023-02-07 15:21:32.597root 11241100x8000000000000000719196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e718124d4cdf884f2023-02-07 15:21:32.597root 11241100x8000000000000000719195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c05cd8ef7a03202023-02-07 15:21:32.597root 11241100x8000000000000000719194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34270c7571f219432023-02-07 15:21:32.597root 11241100x8000000000000000719193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc206a93416eff012023-02-07 15:21:32.597root 11241100x8000000000000000719208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0d9ec9239bd5c42023-02-07 15:21:32.598root 11241100x8000000000000000719207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ee71a8bb12da032023-02-07 15:21:32.598root 11241100x8000000000000000719206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec5c786a5d35c22023-02-07 15:21:32.598root 11241100x8000000000000000719205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f3a01d72ea94f22023-02-07 15:21:32.598root 11241100x8000000000000000719204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11c8259fbf167992023-02-07 15:21:32.598root 11241100x8000000000000000719203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d229dbace58baac42023-02-07 15:21:32.598root 11241100x8000000000000000719202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd01df33697f69f2023-02-07 15:21:32.598root 11241100x8000000000000000719201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e3c0ef8d2f50132023-02-07 15:21:32.598root 11241100x8000000000000000719200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:32.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ad84364209d3512023-02-07 15:21:32.598root 11241100x8000000000000000719213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a919149e1685852023-02-07 15:21:33.095root 11241100x8000000000000000719212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e97c53af7334262023-02-07 15:21:33.095root 11241100x8000000000000000719211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfd017b8e8b31e42023-02-07 15:21:33.095root 11241100x8000000000000000719210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a9155d8b2230512023-02-07 15:21:33.095root 11241100x8000000000000000719209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1decb552cb5c632023-02-07 15:21:33.095root 11241100x8000000000000000719220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6291ce5c554c06012023-02-07 15:21:33.096root 11241100x8000000000000000719219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d477cc255bfcf2023-02-07 15:21:33.096root 11241100x8000000000000000719218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fb66f234011f492023-02-07 15:21:33.096root 11241100x8000000000000000719217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b916100a27349e2023-02-07 15:21:33.096root 11241100x8000000000000000719216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c621ce755594c6a92023-02-07 15:21:33.096root 11241100x8000000000000000719215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871cb7a904e3fe582023-02-07 15:21:33.096root 11241100x8000000000000000719214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950bad148b573ef32023-02-07 15:21:33.096root 11241100x8000000000000000719226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a503ffd56d773d102023-02-07 15:21:33.097root 11241100x8000000000000000719225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228255a580572d762023-02-07 15:21:33.097root 11241100x8000000000000000719224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88caa9815a053c432023-02-07 15:21:33.097root 11241100x8000000000000000719223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62362b59c99ad8d42023-02-07 15:21:33.097root 11241100x8000000000000000719222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6237d9e40fa1e5232023-02-07 15:21:33.097root 11241100x8000000000000000719221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7295eceaaa147d282023-02-07 15:21:33.097root 11241100x8000000000000000719232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bbc091826bc34a2023-02-07 15:21:33.098root 11241100x8000000000000000719231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f528345435379752023-02-07 15:21:33.098root 11241100x8000000000000000719230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1ae28c24b0d1ed2023-02-07 15:21:33.098root 11241100x8000000000000000719229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66db64cf24d8147e2023-02-07 15:21:33.098root 11241100x8000000000000000719228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882c469570b46e62023-02-07 15:21:33.098root 11241100x8000000000000000719227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ffed4562d3ded92023-02-07 15:21:33.098root 11241100x8000000000000000719236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2ff1f7e862d7b22023-02-07 15:21:33.099root 11241100x8000000000000000719235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be428418d247ee152023-02-07 15:21:33.099root 11241100x8000000000000000719234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d900f4ecfc2d9a932023-02-07 15:21:33.099root 11241100x8000000000000000719233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65397987af50a6c52023-02-07 15:21:33.099root 11241100x8000000000000000719238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e2a73d55dd84e22023-02-07 15:21:33.595root 11241100x8000000000000000719237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15576188433de6e2023-02-07 15:21:33.595root 11241100x8000000000000000719243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3347ba2c33e08ceb2023-02-07 15:21:33.596root 11241100x8000000000000000719242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7341d8aefc2325f2023-02-07 15:21:33.596root 11241100x8000000000000000719241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7197b4f65b33c12023-02-07 15:21:33.596root 11241100x8000000000000000719240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52362d8f518b55562023-02-07 15:21:33.596root 11241100x8000000000000000719239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec079ae266322422023-02-07 15:21:33.596root 11241100x8000000000000000719248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dacfa0c2491d6a72023-02-07 15:21:33.597root 11241100x8000000000000000719247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04ba2fb6aa8f5d72023-02-07 15:21:33.597root 11241100x8000000000000000719246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77550a754f24d67f2023-02-07 15:21:33.597root 11241100x8000000000000000719245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a01d7ab5acb21e2023-02-07 15:21:33.597root 11241100x8000000000000000719244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15dc27d53358b1f2023-02-07 15:21:33.597root 11241100x8000000000000000719254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53088ca2d32933e2023-02-07 15:21:33.598root 11241100x8000000000000000719253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a2991b2a899aab2023-02-07 15:21:33.598root 11241100x8000000000000000719252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9f9b7ae6c21de22023-02-07 15:21:33.598root 11241100x8000000000000000719251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665b0b829cd6ac5b2023-02-07 15:21:33.598root 11241100x8000000000000000719250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddac61941fc86582023-02-07 15:21:33.598root 11241100x8000000000000000719249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b990b07d1a7585a42023-02-07 15:21:33.598root 11241100x8000000000000000719261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47d28ae05463e52023-02-07 15:21:33.599root 11241100x8000000000000000719260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9121a8f94619c5122023-02-07 15:21:33.599root 11241100x8000000000000000719259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5e211bf578e99f2023-02-07 15:21:33.599root 11241100x8000000000000000719258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae16e0e6bfd91d02023-02-07 15:21:33.599root 11241100x8000000000000000719257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b902745438ce2da2023-02-07 15:21:33.599root 11241100x8000000000000000719256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5161658cab8f422023-02-07 15:21:33.599root 11241100x8000000000000000719255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:33.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc12935f70a3cfa2023-02-07 15:21:33.599root 11241100x8000000000000000719263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cce94fa3c472d12023-02-07 15:21:34.095root 11241100x8000000000000000719262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc98ee5ead6a8dca2023-02-07 15:21:34.095root 11241100x8000000000000000719269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6df0ba3cce51b202023-02-07 15:21:34.096root 11241100x8000000000000000719268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902b00f4cddae4792023-02-07 15:21:34.096root 11241100x8000000000000000719267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19f600e79d2546a2023-02-07 15:21:34.096root 11241100x8000000000000000719266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d3d128c8a49b292023-02-07 15:21:34.096root 11241100x8000000000000000719265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d7b5c93f21a63b2023-02-07 15:21:34.096root 11241100x8000000000000000719264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03de2c5b6c7517542023-02-07 15:21:34.096root 11241100x8000000000000000719276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe9f814808aeed82023-02-07 15:21:34.097root 11241100x8000000000000000719275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd483a08bff040762023-02-07 15:21:34.097root 11241100x8000000000000000719274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ed6328166584472023-02-07 15:21:34.097root 11241100x8000000000000000719273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc19fd20842ccb62023-02-07 15:21:34.097root 11241100x8000000000000000719272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f309e64cf6b3b42023-02-07 15:21:34.097root 11241100x8000000000000000719271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb99492521f14b82023-02-07 15:21:34.097root 11241100x8000000000000000719270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6cba228b9cd3ba2023-02-07 15:21:34.097root 11241100x8000000000000000719286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6a03d3b324b682023-02-07 15:21:34.098root 11241100x8000000000000000719285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca1271bd71dbe72023-02-07 15:21:34.098root 11241100x8000000000000000719284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd80c2bf190bea22023-02-07 15:21:34.098root 11241100x8000000000000000719283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9288e83c5ca29d9d2023-02-07 15:21:34.098root 11241100x8000000000000000719282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73e2e3fb147ecb72023-02-07 15:21:34.098root 11241100x8000000000000000719281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcb59333c3e5ba32023-02-07 15:21:34.098root 11241100x8000000000000000719280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1443b62e0bb8ac2023-02-07 15:21:34.098root 11241100x8000000000000000719279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdef62b5fb7bfcb82023-02-07 15:21:34.098root 11241100x8000000000000000719278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a89ae3ce6fb0abb2023-02-07 15:21:34.098root 11241100x8000000000000000719277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9ed4b1acf376b52023-02-07 15:21:34.098root 11241100x8000000000000000719295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81545d97ec9e1c932023-02-07 15:21:34.596root 11241100x8000000000000000719294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dbfa13183d70df2023-02-07 15:21:34.596root 11241100x8000000000000000719293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0746e34dbe7707a22023-02-07 15:21:34.596root 11241100x8000000000000000719292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a137cf2ed856d5252023-02-07 15:21:34.596root 11241100x8000000000000000719291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c4cf08e28376fb2023-02-07 15:21:34.596root 11241100x8000000000000000719290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db669dc7ad187892023-02-07 15:21:34.596root 11241100x8000000000000000719289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b99c3c2895bb6f2023-02-07 15:21:34.596root 11241100x8000000000000000719288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18be1f1838ab9ffc2023-02-07 15:21:34.596root 11241100x8000000000000000719287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cf13994b2176f82023-02-07 15:21:34.596root 11241100x8000000000000000719305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd5979412fb6a0a2023-02-07 15:21:34.597root 11241100x8000000000000000719304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a67deba5c33192023-02-07 15:21:34.597root 11241100x8000000000000000719303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15bdda662a9563d2023-02-07 15:21:34.597root 11241100x8000000000000000719302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bcc022c4baad692023-02-07 15:21:34.597root 11241100x8000000000000000719301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5efe2804729412a2023-02-07 15:21:34.597root 11241100x8000000000000000719300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0178fe00f23f0d2023-02-07 15:21:34.597root 11241100x8000000000000000719299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d7e6def7d23e082023-02-07 15:21:34.597root 11241100x8000000000000000719298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be546939a42cb0d2023-02-07 15:21:34.597root 11241100x8000000000000000719297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7246701eb86b6e12023-02-07 15:21:34.597root 11241100x8000000000000000719296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15948584a662eaa42023-02-07 15:21:34.597root 11241100x8000000000000000719309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3da10012182bde82023-02-07 15:21:34.598root 11241100x8000000000000000719308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d131648ab21553aa2023-02-07 15:21:34.598root 11241100x8000000000000000719307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fe113b2c1aad992023-02-07 15:21:34.598root 11241100x8000000000000000719306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ef2dc4ecfa9f22023-02-07 15:21:34.598root 11241100x8000000000000000719316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b708dccfcaf017d12023-02-07 15:21:34.599root 11241100x8000000000000000719315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f8a9aee51f1a4b2023-02-07 15:21:34.599root 11241100x8000000000000000719314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b1232179a123162023-02-07 15:21:34.599root 11241100x8000000000000000719313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd15af82ef58c892023-02-07 15:21:34.599root 11241100x8000000000000000719312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aee43e067a998f72023-02-07 15:21:34.599root 11241100x8000000000000000719311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b942f10eee3908722023-02-07 15:21:34.599root 11241100x8000000000000000719310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da77ecee65102fd52023-02-07 15:21:34.599root 11241100x8000000000000000719317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:34.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff08c672a90ec282023-02-07 15:21:34.600root 11241100x8000000000000000719321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f5b03d4cbccb82023-02-07 15:21:35.095root 11241100x8000000000000000719320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f6b7e9029115f92023-02-07 15:21:35.095root 11241100x8000000000000000719319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990649c29e1c36fc2023-02-07 15:21:35.095root 11241100x8000000000000000719318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e23572c7d0b5c32023-02-07 15:21:35.095root 11241100x8000000000000000719328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1355602d540af5882023-02-07 15:21:35.096root 11241100x8000000000000000719327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30406f60d91be1252023-02-07 15:21:35.096root 11241100x8000000000000000719326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5cb34bb69c964c2023-02-07 15:21:35.096root 11241100x8000000000000000719325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5858abb2c48eb4cc2023-02-07 15:21:35.096root 11241100x8000000000000000719324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b41bd747c2d70542023-02-07 15:21:35.096root 11241100x8000000000000000719323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aab2e2886b0ea72023-02-07 15:21:35.096root 11241100x8000000000000000719322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568db5d046b4a4552023-02-07 15:21:35.096root 11241100x8000000000000000719335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035f19bca99a67322023-02-07 15:21:35.097root 11241100x8000000000000000719334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f0761e7bbaef342023-02-07 15:21:35.097root 11241100x8000000000000000719333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaeae7b20df55342023-02-07 15:21:35.097root 11241100x8000000000000000719332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59290d780286d202023-02-07 15:21:35.097root 11241100x8000000000000000719331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f41afd7f4247902023-02-07 15:21:35.097root 11241100x8000000000000000719330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89db03436916cca2023-02-07 15:21:35.097root 11241100x8000000000000000719329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59efd10e1cbf5cd2023-02-07 15:21:35.097root 11241100x8000000000000000719345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d15f3eb8511a1942023-02-07 15:21:35.098root 11241100x8000000000000000719344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be2990c63e2eee52023-02-07 15:21:35.098root 11241100x8000000000000000719343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af4861fabde27f2023-02-07 15:21:35.098root 11241100x8000000000000000719342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301a469d2effc8892023-02-07 15:21:35.098root 11241100x8000000000000000719341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77de1a74b5415892023-02-07 15:21:35.098root 11241100x8000000000000000719340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cd12731b60b3b72023-02-07 15:21:35.098root 11241100x8000000000000000719339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffa769b821a96f52023-02-07 15:21:35.098root 11241100x8000000000000000719338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33bb8ab264965ef2023-02-07 15:21:35.098root 11241100x8000000000000000719337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1fdcbcdd38a7082023-02-07 15:21:35.098root 11241100x8000000000000000719336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60202bbc4c59c0282023-02-07 15:21:35.098root 11241100x8000000000000000719350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f81f33f819fc5c2023-02-07 15:21:35.595root 11241100x8000000000000000719349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaece0be69400252023-02-07 15:21:35.595root 11241100x8000000000000000719348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19302bdc0a5a86242023-02-07 15:21:35.595root 11241100x8000000000000000719347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a970a75b49d7612023-02-07 15:21:35.595root 11241100x8000000000000000719346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ff1c285320c5a52023-02-07 15:21:35.595root 11241100x8000000000000000719363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d400b9eef802f02023-02-07 15:21:35.596root 11241100x8000000000000000719362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d133324bb013308d2023-02-07 15:21:35.596root 11241100x8000000000000000719361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c508868f3ba453d12023-02-07 15:21:35.596root 11241100x8000000000000000719360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7d1df0ba9d158d2023-02-07 15:21:35.596root 11241100x8000000000000000719359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96de7657e1d2d1192023-02-07 15:21:35.596root 11241100x8000000000000000719358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146df7f4a02fa1912023-02-07 15:21:35.596root 11241100x8000000000000000719357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1617f56be66d9a482023-02-07 15:21:35.596root 11241100x8000000000000000719356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25204b989d62078c2023-02-07 15:21:35.596root 11241100x8000000000000000719355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9c705b1490416b2023-02-07 15:21:35.596root 11241100x8000000000000000719354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cb101a0ad062f02023-02-07 15:21:35.596root 11241100x8000000000000000719353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fe78ea6b0ce5aa2023-02-07 15:21:35.596root 11241100x8000000000000000719352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8835979bab9cbb082023-02-07 15:21:35.596root 11241100x8000000000000000719351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df72f925e2a7f5232023-02-07 15:21:35.596root 11241100x8000000000000000719370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a2b41fbf0a5fa12023-02-07 15:21:35.597root 11241100x8000000000000000719369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00d66b58ccf61542023-02-07 15:21:35.597root 11241100x8000000000000000719368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31759d36a6a96ccb2023-02-07 15:21:35.597root 11241100x8000000000000000719367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0dc5b7a99291612023-02-07 15:21:35.597root 11241100x8000000000000000719366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f0f5489d4384e2023-02-07 15:21:35.597root 11241100x8000000000000000719365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9354ae6fdd49d17c2023-02-07 15:21:35.597root 11241100x8000000000000000719364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:35.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc95a9eae6429232023-02-07 15:21:35.597root 11241100x8000000000000000719373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf047549779786762023-02-07 15:21:36.095root 11241100x8000000000000000719372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3af604765fbece42023-02-07 15:21:36.095root 11241100x8000000000000000719371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10132fc4eac4ab3a2023-02-07 15:21:36.095root 11241100x8000000000000000719379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51d7dcbc9fa6ea82023-02-07 15:21:36.096root 11241100x8000000000000000719378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a4dec3fcb012582023-02-07 15:21:36.096root 11241100x8000000000000000719377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccedf15e46f4e3a92023-02-07 15:21:36.096root 11241100x8000000000000000719376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232d2729378d91632023-02-07 15:21:36.096root 11241100x8000000000000000719375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56cee7257db8f782023-02-07 15:21:36.096root 11241100x8000000000000000719374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f5f26b6a025dc52023-02-07 15:21:36.096root 11241100x8000000000000000719388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e525905d84471022023-02-07 15:21:36.097root 11241100x8000000000000000719387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcf193ca3147d082023-02-07 15:21:36.097root 11241100x8000000000000000719386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc884ef07a5d675d2023-02-07 15:21:36.097root 11241100x8000000000000000719385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df99bb476e915232023-02-07 15:21:36.097root 11241100x8000000000000000719384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6866ea7ff01934942023-02-07 15:21:36.097root 11241100x8000000000000000719383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8c3c0ff70a15162023-02-07 15:21:36.097root 11241100x8000000000000000719382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990e53de646818f72023-02-07 15:21:36.097root 11241100x8000000000000000719381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20e98d2639b4b772023-02-07 15:21:36.097root 11241100x8000000000000000719380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d2c545249346102023-02-07 15:21:36.097root 11241100x8000000000000000719396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee4ae224bf4fb972023-02-07 15:21:36.098root 11241100x8000000000000000719395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731f667f8785aff32023-02-07 15:21:36.098root 11241100x8000000000000000719394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9792f0c54ee9922023-02-07 15:21:36.098root 11241100x8000000000000000719393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c3a6f6109da1472023-02-07 15:21:36.098root 11241100x8000000000000000719392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f74d855f1e041362023-02-07 15:21:36.098root 11241100x8000000000000000719391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87056c00a7b155ec2023-02-07 15:21:36.098root 11241100x8000000000000000719390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f730fc546450082023-02-07 15:21:36.098root 11241100x8000000000000000719389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12403e84b1214bd2023-02-07 15:21:36.098root 11241100x8000000000000000719398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6113c2484346753b2023-02-07 15:21:36.099root 11241100x8000000000000000719397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae8a258e6142b1e2023-02-07 15:21:36.099root 354300x8000000000000000719399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.181{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53204-false10.0.1.12-8000- 11241100x8000000000000000719405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b8021f7deb87872023-02-07 15:21:36.595root 11241100x8000000000000000719404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e1364aa2c3c4eb2023-02-07 15:21:36.595root 11241100x8000000000000000719403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb9efeeaa090dc2023-02-07 15:21:36.595root 11241100x8000000000000000719402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce30a24c7a185fc2023-02-07 15:21:36.595root 11241100x8000000000000000719401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88c4990b5fdc01d2023-02-07 15:21:36.595root 11241100x8000000000000000719400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532cfa7fa49444a12023-02-07 15:21:36.595root 11241100x8000000000000000719413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2be6cadde1c37242023-02-07 15:21:36.596root 11241100x8000000000000000719412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7120be1c3e2e3b82023-02-07 15:21:36.596root 11241100x8000000000000000719411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee6723e0517111d2023-02-07 15:21:36.596root 11241100x8000000000000000719410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa9d52574b999482023-02-07 15:21:36.596root 11241100x8000000000000000719409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21822dc7650702e22023-02-07 15:21:36.596root 11241100x8000000000000000719408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3877a941d34d542023-02-07 15:21:36.596root 11241100x8000000000000000719407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3da41a8b4137d22023-02-07 15:21:36.596root 11241100x8000000000000000719406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c32424307ab88612023-02-07 15:21:36.596root 11241100x8000000000000000719419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a70e8243363b5a2023-02-07 15:21:36.597root 11241100x8000000000000000719418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a0e523f24d65c2023-02-07 15:21:36.597root 11241100x8000000000000000719417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5ce08f6154951d2023-02-07 15:21:36.597root 11241100x8000000000000000719416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96092a51a5c99362023-02-07 15:21:36.597root 11241100x8000000000000000719415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d8e81093aca4b72023-02-07 15:21:36.597root 11241100x8000000000000000719414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c22f669243d3cc92023-02-07 15:21:36.597root 11241100x8000000000000000719425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03022482b4a931ac2023-02-07 15:21:36.598root 11241100x8000000000000000719424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ae8b3c60e76be32023-02-07 15:21:36.598root 11241100x8000000000000000719423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ffad247f4cacac2023-02-07 15:21:36.598root 11241100x8000000000000000719422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181920d9cc4a5fb2023-02-07 15:21:36.598root 11241100x8000000000000000719421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437df9665ad9ccd02023-02-07 15:21:36.598root 11241100x8000000000000000719420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3f94f7c3694aff2023-02-07 15:21:36.598root 11241100x8000000000000000719429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d8340f084bf7662023-02-07 15:21:36.599root 11241100x8000000000000000719428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c286c61ebc2463fb2023-02-07 15:21:36.599root 11241100x8000000000000000719427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b746977f51c8282023-02-07 15:21:36.599root 11241100x8000000000000000719426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:36.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d0e64c5c55a04a2023-02-07 15:21:36.599root 11241100x8000000000000000719434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8070713dd1ff12412023-02-07 15:21:37.095root 11241100x8000000000000000719433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e42452b776491472023-02-07 15:21:37.095root 11241100x8000000000000000719432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2511b79aa3a81c2023-02-07 15:21:37.095root 11241100x8000000000000000719431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50916a7e829b00c02023-02-07 15:21:37.095root 11241100x8000000000000000719430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3948966dcd5e8d2023-02-07 15:21:37.095root 11241100x8000000000000000719441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747c7458d683cf0a2023-02-07 15:21:37.096root 11241100x8000000000000000719440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbddf9d2c8bf7d72023-02-07 15:21:37.096root 11241100x8000000000000000719439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b1557988f8f21c2023-02-07 15:21:37.096root 11241100x8000000000000000719438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b6c07e8bd2a5232023-02-07 15:21:37.096root 11241100x8000000000000000719437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6162a7036b95092023-02-07 15:21:37.096root 11241100x8000000000000000719436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dba83d91a9ba56a2023-02-07 15:21:37.096root 11241100x8000000000000000719435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0e8f01b89c920a2023-02-07 15:21:37.096root 11241100x8000000000000000719449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371d2c75874181932023-02-07 15:21:37.097root 11241100x8000000000000000719448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c29a1efedc897232023-02-07 15:21:37.097root 11241100x8000000000000000719447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317fd8de4968f6582023-02-07 15:21:37.097root 11241100x8000000000000000719446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb65e680dd5fc8bb2023-02-07 15:21:37.097root 11241100x8000000000000000719445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e341262a624a8f2023-02-07 15:21:37.097root 11241100x8000000000000000719444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0860c4a8357d222023-02-07 15:21:37.097root 11241100x8000000000000000719443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0ec58ac05457fb2023-02-07 15:21:37.097root 11241100x8000000000000000719442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443fbbe4b839fdf22023-02-07 15:21:37.097root 11241100x8000000000000000719459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b29d9700288cfcd2023-02-07 15:21:37.098root 11241100x8000000000000000719458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b807142401c213222023-02-07 15:21:37.098root 11241100x8000000000000000719457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d86608df61e84a2023-02-07 15:21:37.098root 11241100x8000000000000000719456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbd5cc99dd1bed22023-02-07 15:21:37.098root 11241100x8000000000000000719455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be468ed09af1abb2023-02-07 15:21:37.098root 11241100x8000000000000000719454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4514ee4e7892902023-02-07 15:21:37.098root 11241100x8000000000000000719453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366e85b0490fd46c2023-02-07 15:21:37.098root 11241100x8000000000000000719452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7611a84971349ab2023-02-07 15:21:37.098root 11241100x8000000000000000719451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54327e0b3983c45e2023-02-07 15:21:37.098root 11241100x8000000000000000719450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafbf80133f49fee2023-02-07 15:21:37.098root 11241100x8000000000000000719463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec67f0b24d604522023-02-07 15:21:37.595root 11241100x8000000000000000719462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dda7027ff38bd372023-02-07 15:21:37.595root 11241100x8000000000000000719461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6ad4054c5a6c1b2023-02-07 15:21:37.595root 11241100x8000000000000000719460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b57af25b3fed132023-02-07 15:21:37.595root 11241100x8000000000000000719469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bc39936c47bcd02023-02-07 15:21:37.596root 11241100x8000000000000000719468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f771ad78b0839f2023-02-07 15:21:37.596root 11241100x8000000000000000719467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddcf267174b83c72023-02-07 15:21:37.596root 11241100x8000000000000000719466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985f7912e06b98d52023-02-07 15:21:37.596root 11241100x8000000000000000719465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abef364705ca2192023-02-07 15:21:37.596root 11241100x8000000000000000719464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45008c1d5c36a0ae2023-02-07 15:21:37.596root 11241100x8000000000000000719476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a73cce6048d832b2023-02-07 15:21:37.597root 11241100x8000000000000000719475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9efafa2aa61d832023-02-07 15:21:37.597root 11241100x8000000000000000719474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a526abd64f30a112023-02-07 15:21:37.597root 11241100x8000000000000000719473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1558f7e5615e560d2023-02-07 15:21:37.597root 11241100x8000000000000000719472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee2c470a4a941bf2023-02-07 15:21:37.597root 11241100x8000000000000000719471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0c472cc77f31e92023-02-07 15:21:37.597root 11241100x8000000000000000719470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbab3fb4bc8c4cb2023-02-07 15:21:37.597root 11241100x8000000000000000719481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac954978233b2a82023-02-07 15:21:37.598root 11241100x8000000000000000719480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d483038a2c8ec92023-02-07 15:21:37.598root 11241100x8000000000000000719479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f66fde0e2282912023-02-07 15:21:37.598root 11241100x8000000000000000719478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3989e12b2ac1b1c2023-02-07 15:21:37.598root 11241100x8000000000000000719477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe06c591f7583fe2023-02-07 15:21:37.598root 11241100x8000000000000000719485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197df0b055bf7b222023-02-07 15:21:37.599root 11241100x8000000000000000719484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84117ef71d6be56e2023-02-07 15:21:37.599root 11241100x8000000000000000719483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350c1b8c6b84b33d2023-02-07 15:21:37.599root 11241100x8000000000000000719482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:37.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5736f842d43dde622023-02-07 15:21:37.599root 11241100x8000000000000000719489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4bb86dbd1b5be82023-02-07 15:21:38.095root 11241100x8000000000000000719488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fff6f59192b79a2023-02-07 15:21:38.095root 11241100x8000000000000000719487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca900c2044c77a22023-02-07 15:21:38.095root 11241100x8000000000000000719486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9e2406e2a465d92023-02-07 15:21:38.095root 11241100x8000000000000000719495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62562de6b34284012023-02-07 15:21:38.096root 11241100x8000000000000000719494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fee654a3af42c22023-02-07 15:21:38.096root 11241100x8000000000000000719493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a33d4df6c2d8c2023-02-07 15:21:38.096root 11241100x8000000000000000719492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b457d6df82608dc32023-02-07 15:21:38.096root 11241100x8000000000000000719491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9e9678127b7d752023-02-07 15:21:38.096root 11241100x8000000000000000719490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8343644a52ffd4a2023-02-07 15:21:38.096root 11241100x8000000000000000719502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a63308d9994d252023-02-07 15:21:38.097root 11241100x8000000000000000719501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df469635249d6f02023-02-07 15:21:38.097root 11241100x8000000000000000719500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba90f586cc029642023-02-07 15:21:38.097root 11241100x8000000000000000719499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80094bb8d8059c2f2023-02-07 15:21:38.097root 11241100x8000000000000000719498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d05eada6ca1c1ed2023-02-07 15:21:38.097root 11241100x8000000000000000719497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a332e789bb1767f02023-02-07 15:21:38.097root 11241100x8000000000000000719496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118992dc4ec130b2023-02-07 15:21:38.097root 11241100x8000000000000000719507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b877b6a958eeadf52023-02-07 15:21:38.098root 11241100x8000000000000000719506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ecfd49a14550822023-02-07 15:21:38.098root 11241100x8000000000000000719505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2f8cb3fd0e7b352023-02-07 15:21:38.098root 11241100x8000000000000000719504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c454316124de6c02023-02-07 15:21:38.098root 11241100x8000000000000000719503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a15920b79f6f762023-02-07 15:21:38.098root 11241100x8000000000000000719516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68acb24207cc297c2023-02-07 15:21:38.099root 11241100x8000000000000000719515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ee44dbdf11c96c2023-02-07 15:21:38.099root 11241100x8000000000000000719514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce20847515e62332023-02-07 15:21:38.099root 11241100x8000000000000000719513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b3b0d3152c4c552023-02-07 15:21:38.099root 11241100x8000000000000000719512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13b8270b620082c2023-02-07 15:21:38.099root 11241100x8000000000000000719511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307eab4d706990962023-02-07 15:21:38.099root 11241100x8000000000000000719510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de6ba186ac757422023-02-07 15:21:38.099root 11241100x8000000000000000719509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c168ed09a1782df62023-02-07 15:21:38.099root 11241100x8000000000000000719508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36980c52d26867482023-02-07 15:21:38.099root 11241100x8000000000000000719519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afca1c16c6118b92023-02-07 15:21:38.100root 11241100x8000000000000000719518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073602751de426402023-02-07 15:21:38.100root 11241100x8000000000000000719517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f732c16cf4099a2023-02-07 15:21:38.100root 11241100x8000000000000000719522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5577d97c3ce7cdb72023-02-07 15:21:38.596root 11241100x8000000000000000719521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa8a34259a697122023-02-07 15:21:38.596root 11241100x8000000000000000719520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038fb091709f37ec2023-02-07 15:21:38.596root 11241100x8000000000000000719531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af456ef1dfffd702023-02-07 15:21:38.597root 11241100x8000000000000000719530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c12e262d11c273e2023-02-07 15:21:38.597root 11241100x8000000000000000719529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947f23d4b0a981c22023-02-07 15:21:38.597root 11241100x8000000000000000719528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f682e762c04fe55f2023-02-07 15:21:38.597root 11241100x8000000000000000719527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a40bfcf1e907ac22023-02-07 15:21:38.597root 11241100x8000000000000000719526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8adca3539d41d5b2023-02-07 15:21:38.597root 11241100x8000000000000000719525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e2ef2ea75d7872023-02-07 15:21:38.597root 11241100x8000000000000000719524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7319a76a53c9382023-02-07 15:21:38.597root 11241100x8000000000000000719523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0cd6936064d1712023-02-07 15:21:38.597root 11241100x8000000000000000719538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf09c1e3db27a792023-02-07 15:21:38.598root 11241100x8000000000000000719537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ff9ad7cdcf27792023-02-07 15:21:38.598root 11241100x8000000000000000719536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fca9d1f863df702023-02-07 15:21:38.598root 11241100x8000000000000000719535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d081e26eb87d6de42023-02-07 15:21:38.598root 11241100x8000000000000000719534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2be92ab11f053e2023-02-07 15:21:38.598root 11241100x8000000000000000719533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2926c36b173c7a822023-02-07 15:21:38.598root 11241100x8000000000000000719532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a900cae2c85b51602023-02-07 15:21:38.598root 11241100x8000000000000000719542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef63acb397c1eb1c2023-02-07 15:21:38.599root 11241100x8000000000000000719541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d39c9da6d3175f2023-02-07 15:21:38.599root 11241100x8000000000000000719540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66103d71c8700c22023-02-07 15:21:38.599root 11241100x8000000000000000719539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbd3c050ebada2f2023-02-07 15:21:38.599root 11241100x8000000000000000719543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:38.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a0717569604c8b2023-02-07 15:21:38.600root 11241100x8000000000000000719549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9af20206a395c492023-02-07 15:21:39.095root 11241100x8000000000000000719548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8693b88893e8ca72023-02-07 15:21:39.095root 11241100x8000000000000000719547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d0413f455015342023-02-07 15:21:39.095root 11241100x8000000000000000719546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5f3733fdb33cf52023-02-07 15:21:39.095root 11241100x8000000000000000719545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a0ca8470b2d0432023-02-07 15:21:39.095root 11241100x8000000000000000719544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2dd9df4501bb4c2023-02-07 15:21:39.095root 11241100x8000000000000000719562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c22d16a5ed763b2023-02-07 15:21:39.096root 11241100x8000000000000000719561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7c60188a413ad32023-02-07 15:21:39.096root 11241100x8000000000000000719560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56292cdeeb13a4282023-02-07 15:21:39.096root 11241100x8000000000000000719559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2ecad5d83d64af2023-02-07 15:21:39.096root 11241100x8000000000000000719558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d605dc031de7bfbf2023-02-07 15:21:39.096root 11241100x8000000000000000719557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59360000fbbabc02023-02-07 15:21:39.096root 11241100x8000000000000000719556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222a0d7f9f570b8b2023-02-07 15:21:39.096root 11241100x8000000000000000719555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2e65c6aac748a72023-02-07 15:21:39.096root 11241100x8000000000000000719554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd63355331cbc1cf2023-02-07 15:21:39.096root 11241100x8000000000000000719553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b9c3516cbcd8452023-02-07 15:21:39.096root 11241100x8000000000000000719552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeef6d8cd1d2e9192023-02-07 15:21:39.096root 11241100x8000000000000000719551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b600f5ced3b5582023-02-07 15:21:39.096root 11241100x8000000000000000719550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366d6bae205747302023-02-07 15:21:39.096root 11241100x8000000000000000719574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8bc74d737a69b12023-02-07 15:21:39.097root 11241100x8000000000000000719573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502333e7721a2ceb2023-02-07 15:21:39.097root 11241100x8000000000000000719572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7278fcffab8041592023-02-07 15:21:39.097root 11241100x8000000000000000719571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6282db42db9953cb2023-02-07 15:21:39.097root 11241100x8000000000000000719570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ae82ae874f9dd92023-02-07 15:21:39.097root 11241100x8000000000000000719569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d065d755620d6c2023-02-07 15:21:39.097root 11241100x8000000000000000719568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d5ca97e36d90712023-02-07 15:21:39.097root 11241100x8000000000000000719567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13be51db43be15c2023-02-07 15:21:39.097root 11241100x8000000000000000719566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c878a18e4355abb2023-02-07 15:21:39.097root 11241100x8000000000000000719565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0bceac153cf7472023-02-07 15:21:39.097root 11241100x8000000000000000719564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad5724d447afb582023-02-07 15:21:39.097root 11241100x8000000000000000719563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06c0e686cc1b4922023-02-07 15:21:39.097root 11241100x8000000000000000719584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddba5d64d3be29bf2023-02-07 15:21:39.098root 11241100x8000000000000000719583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a5b087f937d1ec2023-02-07 15:21:39.098root 11241100x8000000000000000719582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9ac14d2efc00972023-02-07 15:21:39.098root 11241100x8000000000000000719581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154b4e9f990354c2023-02-07 15:21:39.098root 11241100x8000000000000000719580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12455cb1b9d433ad2023-02-07 15:21:39.098root 11241100x8000000000000000719579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f6d1fb611f3b12023-02-07 15:21:39.098root 11241100x8000000000000000719578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1888fb621ee99a2023-02-07 15:21:39.098root 11241100x8000000000000000719577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bce380ab101a8b2023-02-07 15:21:39.098root 11241100x8000000000000000719576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4580824e5dffe1f2023-02-07 15:21:39.098root 11241100x8000000000000000719575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a94d3963987a02023-02-07 15:21:39.098root 11241100x8000000000000000719588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683b3f12c09998752023-02-07 15:21:39.099root 11241100x8000000000000000719587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e4892d05db92732023-02-07 15:21:39.099root 11241100x8000000000000000719586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31a9a017a8ccbf12023-02-07 15:21:39.099root 11241100x8000000000000000719585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb377b90354f4832023-02-07 15:21:39.099root 11241100x8000000000000000719592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5866a7cf61c07f332023-02-07 15:21:39.595root 11241100x8000000000000000719591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9841cd205a2a40212023-02-07 15:21:39.595root 11241100x8000000000000000719590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e8c3f6f943c9752023-02-07 15:21:39.595root 11241100x8000000000000000719589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807d01645aeda5142023-02-07 15:21:39.595root 11241100x8000000000000000719603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd54b4eaaf2ca472023-02-07 15:21:39.596root 11241100x8000000000000000719602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda46eceefadaf6d2023-02-07 15:21:39.596root 11241100x8000000000000000719601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4459454c709f312023-02-07 15:21:39.596root 11241100x8000000000000000719600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5c279da25c13522023-02-07 15:21:39.596root 11241100x8000000000000000719599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a880a0e30fceb072023-02-07 15:21:39.596root 11241100x8000000000000000719598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477f6d4589cb817e2023-02-07 15:21:39.596root 11241100x8000000000000000719597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0627915672afc3822023-02-07 15:21:39.596root 11241100x8000000000000000719596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60656f2788efdda12023-02-07 15:21:39.596root 11241100x8000000000000000719595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d1fade855a5f4f2023-02-07 15:21:39.596root 11241100x8000000000000000719594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aa2f977d00eb802023-02-07 15:21:39.596root 11241100x8000000000000000719593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5d938b312ac6f82023-02-07 15:21:39.596root 11241100x8000000000000000719612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb6ffdd479ea8cf2023-02-07 15:21:39.597root 11241100x8000000000000000719611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f63c7caa2277762023-02-07 15:21:39.597root 11241100x8000000000000000719610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb538d8a3fe1b1d42023-02-07 15:21:39.597root 11241100x8000000000000000719609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e49a1905663f102023-02-07 15:21:39.597root 11241100x8000000000000000719608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e39a75f2c15ed32023-02-07 15:21:39.597root 11241100x8000000000000000719607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acb0fa31a19ca342023-02-07 15:21:39.597root 11241100x8000000000000000719606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68935c0b400810272023-02-07 15:21:39.597root 11241100x8000000000000000719605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66251c92a02c72c72023-02-07 15:21:39.597root 11241100x8000000000000000719604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c3f455599134d42023-02-07 15:21:39.597root 11241100x8000000000000000719615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e54ed3fe75b582023-02-07 15:21:39.598root 11241100x8000000000000000719614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6654a378a4ba2062023-02-07 15:21:39.598root 11241100x8000000000000000719613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62747d23bb69412023-02-07 15:21:39.598root 11241100x8000000000000000719618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb5f1ce475802622023-02-07 15:21:39.599root 11241100x8000000000000000719617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe176a889e43d022023-02-07 15:21:39.599root 11241100x8000000000000000719616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68369993c10185b72023-02-07 15:21:39.599root 11241100x8000000000000000719624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a413d93103684e02023-02-07 15:21:39.600root 11241100x8000000000000000719623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d6c6a52f355d72023-02-07 15:21:39.600root 11241100x8000000000000000719622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69eb91878ea93db2023-02-07 15:21:39.600root 11241100x8000000000000000719621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e83128c52ff862023-02-07 15:21:39.600root 11241100x8000000000000000719620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ba3c967e5f4b062023-02-07 15:21:39.600root 11241100x8000000000000000719619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6732094896edd12023-02-07 15:21:39.600root 11241100x8000000000000000719625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:39.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dd64bdf517a46a2023-02-07 15:21:39.601root 11241100x8000000000000000719631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c5f8fa6d78516c2023-02-07 15:21:40.095root 11241100x8000000000000000719630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2952959fa0753e802023-02-07 15:21:40.095root 11241100x8000000000000000719629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8974b95a32e01762023-02-07 15:21:40.095root 11241100x8000000000000000719628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad2ac8a3abfb8432023-02-07 15:21:40.095root 11241100x8000000000000000719627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d188ef2031da3e52023-02-07 15:21:40.095root 11241100x8000000000000000719626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52c1fc2345ac7cd2023-02-07 15:21:40.095root 11241100x8000000000000000719638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191cd83f8e03b6f32023-02-07 15:21:40.096root 11241100x8000000000000000719637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd363bd2508eb0d2023-02-07 15:21:40.096root 11241100x8000000000000000719636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c4f1acf3a584c2023-02-07 15:21:40.096root 11241100x8000000000000000719635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce430f0ac9e3a492023-02-07 15:21:40.096root 11241100x8000000000000000719634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa40c238ae299e12023-02-07 15:21:40.096root 11241100x8000000000000000719633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe38eaec71531102023-02-07 15:21:40.096root 11241100x8000000000000000719632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f36d2106e57e802023-02-07 15:21:40.096root 11241100x8000000000000000719644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839830a0a5717d6d2023-02-07 15:21:40.097root 11241100x8000000000000000719643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32563cf8705852c92023-02-07 15:21:40.097root 11241100x8000000000000000719642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acce47d0cd9cfbf2023-02-07 15:21:40.097root 11241100x8000000000000000719641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db573eeb6a23ddb82023-02-07 15:21:40.097root 11241100x8000000000000000719640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60a5fd217bc5dfc2023-02-07 15:21:40.097root 11241100x8000000000000000719639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23633391b31f3c872023-02-07 15:21:40.097root 11241100x8000000000000000719647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c6aef39dcea9f82023-02-07 15:21:40.098root 11241100x8000000000000000719646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcab7998ed6337662023-02-07 15:21:40.098root 11241100x8000000000000000719645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a22dd6f6674399c2023-02-07 15:21:40.098root 11241100x8000000000000000719651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef360dcb631afcf62023-02-07 15:21:40.099root 11241100x8000000000000000719650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70af1aeb9090d9852023-02-07 15:21:40.099root 11241100x8000000000000000719649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da94e1292eb182a2023-02-07 15:21:40.099root 11241100x8000000000000000719648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49587d01ae8079462023-02-07 15:21:40.099root 11241100x8000000000000000719653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e9ef695d6d3de42023-02-07 15:21:40.100root 11241100x8000000000000000719652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8db404cf104cd622023-02-07 15:21:40.100root 11241100x8000000000000000719660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6464f7861395a4be2023-02-07 15:21:40.101root 11241100x8000000000000000719659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f8cb5214cc8ad92023-02-07 15:21:40.101root 11241100x8000000000000000719658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42421dcd10ccd2222023-02-07 15:21:40.101root 11241100x8000000000000000719657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78583d8b022fa1da2023-02-07 15:21:40.101root 11241100x8000000000000000719656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db734637d046b4a2023-02-07 15:21:40.101root 11241100x8000000000000000719655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b74b2b3c562a24d2023-02-07 15:21:40.101root 11241100x8000000000000000719654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5739b5bddb6304122023-02-07 15:21:40.101root 11241100x8000000000000000719662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8409c11ad9125f732023-02-07 15:21:40.103root 11241100x8000000000000000719661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959e7c8afe40a5902023-02-07 15:21:40.103root 11241100x8000000000000000719666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e681137dc089c0b02023-02-07 15:21:40.595root 11241100x8000000000000000719665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4020449864366e062023-02-07 15:21:40.595root 11241100x8000000000000000719664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be06fa1405e8afab2023-02-07 15:21:40.595root 11241100x8000000000000000719663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba343d5fed53552f2023-02-07 15:21:40.595root 11241100x8000000000000000719672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b809fd37199a712023-02-07 15:21:40.596root 11241100x8000000000000000719671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d02d58e3a834372023-02-07 15:21:40.596root 11241100x8000000000000000719670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a5b4d2ef3624522023-02-07 15:21:40.596root 11241100x8000000000000000719669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ac7df7f5c05efa2023-02-07 15:21:40.596root 11241100x8000000000000000719668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e70aede2e98f8372023-02-07 15:21:40.596root 11241100x8000000000000000719667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405189d7c1edbde82023-02-07 15:21:40.596root 11241100x8000000000000000719677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3de8df26a2fb612023-02-07 15:21:40.597root 11241100x8000000000000000719676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48c809ff7ff2082023-02-07 15:21:40.597root 11241100x8000000000000000719675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6647e24ecdf0d02023-02-07 15:21:40.597root 11241100x8000000000000000719674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bd35b837f537542023-02-07 15:21:40.597root 11241100x8000000000000000719673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dea857962d319752023-02-07 15:21:40.597root 11241100x8000000000000000719686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2049ace33f1960302023-02-07 15:21:40.598root 11241100x8000000000000000719685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310f6f11412d90912023-02-07 15:21:40.598root 11241100x8000000000000000719684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2cbd2168f7f53c2023-02-07 15:21:40.598root 11241100x8000000000000000719683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60d88a122d8f94b2023-02-07 15:21:40.598root 11241100x8000000000000000719682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3e55333e8abb272023-02-07 15:21:40.598root 11241100x8000000000000000719681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90875f5df55075ee2023-02-07 15:21:40.598root 11241100x8000000000000000719680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66679f7bdd486a32023-02-07 15:21:40.598root 11241100x8000000000000000719679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbed7f3bb2d903d2023-02-07 15:21:40.598root 11241100x8000000000000000719678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bb306eaf0963092023-02-07 15:21:40.598root 11241100x8000000000000000719694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbf023202f82e132023-02-07 15:21:40.599root 11241100x8000000000000000719693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2566365fc1a97232023-02-07 15:21:40.599root 11241100x8000000000000000719692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6b0f53583b8352023-02-07 15:21:40.599root 11241100x8000000000000000719691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631e1ec0bab3884f2023-02-07 15:21:40.599root 11241100x8000000000000000719690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18e5789f47acb662023-02-07 15:21:40.599root 11241100x8000000000000000719689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d481feba5ff9392023-02-07 15:21:40.599root 11241100x8000000000000000719688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa490774c9064382023-02-07 15:21:40.599root 11241100x8000000000000000719687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:40.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538e473641447d102023-02-07 15:21:40.599root 11241100x8000000000000000719700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e101f389d19a3a2023-02-07 15:21:41.096root 11241100x8000000000000000719699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b1655b9731a202023-02-07 15:21:41.096root 11241100x8000000000000000719698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdefd10049b119b2023-02-07 15:21:41.096root 11241100x8000000000000000719697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66b83be08d68a052023-02-07 15:21:41.096root 11241100x8000000000000000719696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3e0effad752cc32023-02-07 15:21:41.096root 11241100x8000000000000000719695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e791cd8fc1a2192d2023-02-07 15:21:41.096root 11241100x8000000000000000719706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbfe88cf0c886c52023-02-07 15:21:41.097root 11241100x8000000000000000719705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b30b8d0668eff6e2023-02-07 15:21:41.097root 11241100x8000000000000000719704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc6de667e75dfc2023-02-07 15:21:41.097root 11241100x8000000000000000719703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68492153a63f0752023-02-07 15:21:41.097root 11241100x8000000000000000719702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da08e3e833dda892023-02-07 15:21:41.097root 11241100x8000000000000000719701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e36c035018035be2023-02-07 15:21:41.097root 11241100x8000000000000000719711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22952ec4510b6f062023-02-07 15:21:41.098root 11241100x8000000000000000719710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6275fe78e3e0466f2023-02-07 15:21:41.098root 11241100x8000000000000000719709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7098818dfc6df242023-02-07 15:21:41.098root 11241100x8000000000000000719708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef38d197b91954e2023-02-07 15:21:41.098root 11241100x8000000000000000719707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9425f95b99c0972023-02-07 15:21:41.098root 11241100x8000000000000000719718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de3cd778a30bcd52023-02-07 15:21:41.099root 11241100x8000000000000000719717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcbb559c697bcd62023-02-07 15:21:41.099root 11241100x8000000000000000719716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e74df43305c3b4e2023-02-07 15:21:41.099root 11241100x8000000000000000719715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c3eb63d644675b2023-02-07 15:21:41.099root 11241100x8000000000000000719714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8314d74772b0e3a02023-02-07 15:21:41.099root 11241100x8000000000000000719713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9b0fd9875f853d2023-02-07 15:21:41.099root 11241100x8000000000000000719712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886f44a967251b962023-02-07 15:21:41.099root 11241100x8000000000000000719723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ca2f4c0e9a86402023-02-07 15:21:41.595root 11241100x8000000000000000719722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a831a29ad2e4ca732023-02-07 15:21:41.595root 11241100x8000000000000000719721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75bcebcdd8e408d2023-02-07 15:21:41.595root 11241100x8000000000000000719720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceea1a97efd964f2023-02-07 15:21:41.595root 11241100x8000000000000000719719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f9a12730ffca362023-02-07 15:21:41.595root 11241100x8000000000000000719730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee55db7e52190a0c2023-02-07 15:21:41.596root 11241100x8000000000000000719729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914acf4f604e60c42023-02-07 15:21:41.596root 11241100x8000000000000000719728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafb2edfd8ea5edd2023-02-07 15:21:41.596root 11241100x8000000000000000719727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75facb9a240322612023-02-07 15:21:41.596root 11241100x8000000000000000719726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd70c2ffa2cb0ac2023-02-07 15:21:41.596root 11241100x8000000000000000719725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dad31f12ab8e9a2023-02-07 15:21:41.596root 11241100x8000000000000000719724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff67dfae7a4dbe2023-02-07 15:21:41.596root 11241100x8000000000000000719738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bf324c087e0b8f2023-02-07 15:21:41.597root 11241100x8000000000000000719737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92bed9e61f0ff762023-02-07 15:21:41.597root 11241100x8000000000000000719736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c859ed4b140695372023-02-07 15:21:41.597root 11241100x8000000000000000719735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c39efef2de5882023-02-07 15:21:41.597root 11241100x8000000000000000719734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd9a759d15b257e2023-02-07 15:21:41.597root 11241100x8000000000000000719733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba616f09deeb8ed02023-02-07 15:21:41.597root 11241100x8000000000000000719732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6588c718eab972c2023-02-07 15:21:41.597root 11241100x8000000000000000719731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910cfe84e2449e152023-02-07 15:21:41.597root 11241100x8000000000000000719744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd807ebb29115932023-02-07 15:21:41.598root 11241100x8000000000000000719743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c1c19181deb97a2023-02-07 15:21:41.598root 11241100x8000000000000000719742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b03c73cc01cadc72023-02-07 15:21:41.598root 11241100x8000000000000000719741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a518f37fa0bcf12023-02-07 15:21:41.598root 11241100x8000000000000000719740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b425d09a49e7f2b42023-02-07 15:21:41.598root 11241100x8000000000000000719739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b24692344809e872023-02-07 15:21:41.598root 11241100x8000000000000000719753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f65838543f71562023-02-07 15:21:41.599root 11241100x8000000000000000719752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f4aef8e68c78e22023-02-07 15:21:41.599root 11241100x8000000000000000719751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8c85ca6995b6792023-02-07 15:21:41.599root 11241100x8000000000000000719750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f40368ecae827b2023-02-07 15:21:41.599root 11241100x8000000000000000719749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a580cfc70f2c8dd2023-02-07 15:21:41.599root 11241100x8000000000000000719748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd7045f362fef4d2023-02-07 15:21:41.599root 11241100x8000000000000000719747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c183e1001b20962f2023-02-07 15:21:41.599root 11241100x8000000000000000719746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62a89832bf4cfed2023-02-07 15:21:41.599root 11241100x8000000000000000719745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef83db7eef4ee4372023-02-07 15:21:41.599root 11241100x8000000000000000719755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90712dae23cbff12023-02-07 15:21:41.600root 11241100x8000000000000000719754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:41.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a710189902a9a2532023-02-07 15:21:41.600root 354300x8000000000000000719756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.019{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53214-false10.0.1.12-8000- 11241100x8000000000000000719765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070ce47cd035b9fa2023-02-07 15:21:42.021root 11241100x8000000000000000719764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6baf7eca20fe76d2023-02-07 15:21:42.021root 11241100x8000000000000000719763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f99209719be96b72023-02-07 15:21:42.021root 11241100x8000000000000000719762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c3fe34d7cfab212023-02-07 15:21:42.021root 11241100x8000000000000000719761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893a3ae0d18005dc2023-02-07 15:21:42.021root 11241100x8000000000000000719760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5558b55795aae42023-02-07 15:21:42.021root 11241100x8000000000000000719759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d622dcc22357ff72023-02-07 15:21:42.021root 11241100x8000000000000000719758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83114e977235184a2023-02-07 15:21:42.021root 11241100x8000000000000000719757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.021{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe19573a2aa9e7d2023-02-07 15:21:42.021root 11241100x8000000000000000719779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280afe766f7c1a362023-02-07 15:21:42.022root 11241100x8000000000000000719778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae381bda32bfac22023-02-07 15:21:42.022root 11241100x8000000000000000719777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de48cc0fbf7eea92023-02-07 15:21:42.022root 11241100x8000000000000000719776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd43673b84455f62023-02-07 15:21:42.022root 11241100x8000000000000000719775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f0d63df996918a2023-02-07 15:21:42.022root 11241100x8000000000000000719774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3160fbffa1829972023-02-07 15:21:42.022root 11241100x8000000000000000719773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12990be4f7e48512023-02-07 15:21:42.022root 11241100x8000000000000000719772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1276d97a12324412023-02-07 15:21:42.022root 11241100x8000000000000000719771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e21b458941a5ca52023-02-07 15:21:42.022root 11241100x8000000000000000719770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950412cb821466db2023-02-07 15:21:42.022root 11241100x8000000000000000719769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ad42004179d05e2023-02-07 15:21:42.022root 11241100x8000000000000000719768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5cb3049eb9a92e2023-02-07 15:21:42.022root 11241100x8000000000000000719767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28082ee9814f3fc2023-02-07 15:21:42.022root 11241100x8000000000000000719766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.022{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0432d3ba2dbdb682023-02-07 15:21:42.022root 11241100x8000000000000000719783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8e018005c8ade02023-02-07 15:21:42.023root 11241100x8000000000000000719782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc7a32b0c5a40f42023-02-07 15:21:42.023root 11241100x8000000000000000719781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f24a442175117fe2023-02-07 15:21:42.023root 11241100x8000000000000000719780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.023{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfa85be3d2a6cd82023-02-07 15:21:42.023root 11241100x8000000000000000719786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f555dd716c76f042023-02-07 15:21:42.345root 11241100x8000000000000000719785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cea3ebd0b2ed2102023-02-07 15:21:42.345root 11241100x8000000000000000719784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b7d0efcff60d9a2023-02-07 15:21:42.345root 11241100x8000000000000000719794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5583d380ab30a22023-02-07 15:21:42.346root 11241100x8000000000000000719793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801b9d8f8bf16feb2023-02-07 15:21:42.346root 11241100x8000000000000000719792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8679f130c61373f92023-02-07 15:21:42.346root 11241100x8000000000000000719791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7ca4375e2f65f2023-02-07 15:21:42.346root 11241100x8000000000000000719790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e361f31efd6cca272023-02-07 15:21:42.346root 11241100x8000000000000000719789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6f847170555c552023-02-07 15:21:42.346root 11241100x8000000000000000719788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4722ba0ef6bb49aa2023-02-07 15:21:42.346root 11241100x8000000000000000719787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a1c30e84a845a72023-02-07 15:21:42.346root 11241100x8000000000000000719808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d82a42816a85b72023-02-07 15:21:42.347root 11241100x8000000000000000719807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be6f3e0216119bb2023-02-07 15:21:42.347root 11241100x8000000000000000719806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5b674cfdb10a0a2023-02-07 15:21:42.347root 11241100x8000000000000000719805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e45c0fdcee894032023-02-07 15:21:42.347root 11241100x8000000000000000719804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb427f77eecc58fb2023-02-07 15:21:42.347root 11241100x8000000000000000719803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c899d2df09d9ba372023-02-07 15:21:42.347root 11241100x8000000000000000719802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8ed85882087942023-02-07 15:21:42.347root 11241100x8000000000000000719801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f2dcd82a000ff82023-02-07 15:21:42.347root 11241100x8000000000000000719800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3150b9b9d2b7d172023-02-07 15:21:42.347root 11241100x8000000000000000719799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f1ec7ec31636dc2023-02-07 15:21:42.347root 11241100x8000000000000000719798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eb819a4cc682602023-02-07 15:21:42.347root 11241100x8000000000000000719797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c032af70e03af12023-02-07 15:21:42.347root 11241100x8000000000000000719796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b841b59ecde8b2ec2023-02-07 15:21:42.347root 11241100x8000000000000000719795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e3e6442aa3e0d92023-02-07 15:21:42.347root 11241100x8000000000000000719815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db87848127af9a02023-02-07 15:21:42.846root 11241100x8000000000000000719814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b05ab1c95513132023-02-07 15:21:42.846root 11241100x8000000000000000719813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7f5d7f81a34a8e2023-02-07 15:21:42.846root 11241100x8000000000000000719812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200e00bb784df4422023-02-07 15:21:42.846root 11241100x8000000000000000719811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c801d5e3cea55b042023-02-07 15:21:42.846root 11241100x8000000000000000719810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b4ba4d1dc7935d2023-02-07 15:21:42.846root 11241100x8000000000000000719809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70150983f2674102023-02-07 15:21:42.846root 11241100x8000000000000000719825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2c94ab8671aad2023-02-07 15:21:42.847root 11241100x8000000000000000719824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fd47face2bba082023-02-07 15:21:42.847root 11241100x8000000000000000719823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb058fdf2be7c8332023-02-07 15:21:42.847root 11241100x8000000000000000719822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367d07741f5648082023-02-07 15:21:42.847root 11241100x8000000000000000719821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05330266e72ed98c2023-02-07 15:21:42.847root 11241100x8000000000000000719820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e78679c00306372023-02-07 15:21:42.847root 11241100x8000000000000000719819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183c4948c9d53dac2023-02-07 15:21:42.847root 11241100x8000000000000000719818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce17879e803179482023-02-07 15:21:42.847root 11241100x8000000000000000719817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ac14b7f516ab762023-02-07 15:21:42.847root 11241100x8000000000000000719816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783fbc464a00c3e52023-02-07 15:21:42.847root 11241100x8000000000000000719833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f12c7e4f06c9e7e2023-02-07 15:21:42.848root 11241100x8000000000000000719832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1697e2fc1f777c8b2023-02-07 15:21:42.848root 11241100x8000000000000000719831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467330c6d576d1a92023-02-07 15:21:42.848root 11241100x8000000000000000719830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ee86771f89be452023-02-07 15:21:42.848root 11241100x8000000000000000719829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298d0934dd2122662023-02-07 15:21:42.848root 11241100x8000000000000000719828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab5da82aa0a79022023-02-07 15:21:42.848root 11241100x8000000000000000719827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2584e8febba513e82023-02-07 15:21:42.848root 11241100x8000000000000000719826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:42.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbce4c549f1ff632023-02-07 15:21:42.848root 11241100x8000000000000000719835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68067b95cb58ec262023-02-07 15:21:43.346root 11241100x8000000000000000719834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:43.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214afe2d57ddfd9d2023-02-07 15:21:43.346root 23542300x8000000000000000719864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:57.729{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000719865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f061e633c814ffe2023-02-07 15:21:58.095root 354300x8000000000000000719866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:58.113{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38186-false10.0.1.12-8000- 11241100x8000000000000000719868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf091360536689542023-02-07 15:21:58.595root 11241100x8000000000000000719867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ba2a78dd13174b2023-02-07 15:21:58.595root 11241100x8000000000000000719870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4424d622b69f22023-02-07 15:21:59.095root 11241100x8000000000000000719869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:59.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a460eecbcb9506e42023-02-07 15:21:59.095root 11241100x8000000000000000719872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d178b590bb1aa12023-02-07 15:21:59.595root 11241100x8000000000000000719871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:21:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22322da035c02742023-02-07 15:21:59.595root 11241100x8000000000000000719874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f587d93887ae68102023-02-07 15:22:00.095root 11241100x8000000000000000719873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41348b3e3a883a572023-02-07 15:22:00.095root 154100x8000000000000000719875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.432{ec244aba-6c98-63e2-6814-bff581550000}6237/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 11241100x8000000000000000719877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.433{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac21ae8e312fb692023-02-07 15:22:00.433root 11241100x8000000000000000719876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.433{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2132009d2accea2023-02-07 15:22:00.433root 11241100x8000000000000000719878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.434{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50bd574822450642023-02-07 15:22:00.434root 534500x8000000000000000719879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.449{ec244aba-6c98-63e2-6814-bff581550000}6237/bin/psroot 11241100x8000000000000000719881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba582df7799951e2023-02-07 15:22:00.845root 11241100x8000000000000000719880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa983e9cd2e6b0c2023-02-07 15:22:00.845root 11241100x8000000000000000719883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9350a8d21eab8192023-02-07 15:22:00.846root 11241100x8000000000000000719882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:00.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24217ab40d223b472023-02-07 15:22:00.846root 11241100x8000000000000000719887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0397a0a2a6db16742023-02-07 15:22:01.345root 11241100x8000000000000000719886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e325210a71df3a252023-02-07 15:22:01.345root 11241100x8000000000000000719885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d702b7c4bfc0b742023-02-07 15:22:01.345root 11241100x8000000000000000719884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad9a08025376a0b2023-02-07 15:22:01.345root 11241100x8000000000000000719891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bb51349304e9f42023-02-07 15:22:01.845root 11241100x8000000000000000719890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e899f5ba17da412023-02-07 15:22:01.845root 11241100x8000000000000000719889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e005d1ddf0c91cf42023-02-07 15:22:01.845root 11241100x8000000000000000719888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090b3ba4795eebdc2023-02-07 15:22:01.845root 11241100x8000000000000000719895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd4cda5f4f4c27b2023-02-07 15:22:02.345root 11241100x8000000000000000719894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4f3a8f0b1bf532023-02-07 15:22:02.345root 11241100x8000000000000000719893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7935ee2adbc9dfe2023-02-07 15:22:02.345root 11241100x8000000000000000719892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01d23f65cfce9a22023-02-07 15:22:02.345root 11241100x8000000000000000719899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4c72c6aa2556b02023-02-07 15:22:02.845root 11241100x8000000000000000719898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c05b56536f8c1b52023-02-07 15:22:02.845root 11241100x8000000000000000719897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893b5d583606065e2023-02-07 15:22:02.845root 11241100x8000000000000000719896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9dea196573af592023-02-07 15:22:02.845root 354300x8000000000000000719900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.122{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38192-false10.0.1.12-8000- 11241100x8000000000000000719902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.123{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b72b5c609225492023-02-07 15:22:03.123root 11241100x8000000000000000719901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.123{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ca8d26ab3d4eab2023-02-07 15:22:03.123root 11241100x8000000000000000719905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.124{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb32c65130655b182023-02-07 15:22:03.124root 11241100x8000000000000000719904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.124{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be03acb40a54c2132023-02-07 15:22:03.124root 11241100x8000000000000000719903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.124{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15d75005c8f7d232023-02-07 15:22:03.124root 11241100x8000000000000000719908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d6f2ab8d257902023-02-07 15:22:03.595root 11241100x8000000000000000719907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fef9e482745633b2023-02-07 15:22:03.595root 11241100x8000000000000000719906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2dfa4acb1c4792023-02-07 15:22:03.595root 11241100x8000000000000000719910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531419eca4403aa32023-02-07 15:22:03.596root 11241100x8000000000000000719909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:03.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e9b07d1553b03e2023-02-07 15:22:03.596root 11241100x8000000000000000719913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfecd16e522433fc2023-02-07 15:22:04.095root 11241100x8000000000000000719912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d1dbe0ac7b338d2023-02-07 15:22:04.095root 11241100x8000000000000000719911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b250a145e86097d2023-02-07 15:22:04.095root 11241100x8000000000000000719915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f72f54914fe682023-02-07 15:22:04.096root 11241100x8000000000000000719914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57220bdfa47fc8bb2023-02-07 15:22:04.096root 11241100x8000000000000000719917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251b472c9e3549242023-02-07 15:22:04.595root 11241100x8000000000000000719916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecbf57a2323b9a72023-02-07 15:22:04.595root 11241100x8000000000000000719920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f51e6b72f54cf12023-02-07 15:22:04.596root 11241100x8000000000000000719919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64cabae9dcc597c2023-02-07 15:22:04.596root 11241100x8000000000000000719918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aae8b501748de42023-02-07 15:22:04.596root 11241100x8000000000000000719925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b901d47607626ee02023-02-07 15:22:05.095root 11241100x8000000000000000719924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd047050836ab32023-02-07 15:22:05.095root 11241100x8000000000000000719923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c0732fcf9cdb182023-02-07 15:22:05.095root 11241100x8000000000000000719922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7019279c8aef9ebc2023-02-07 15:22:05.095root 11241100x8000000000000000719921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6425ffda528b5fb32023-02-07 15:22:05.095root 11241100x8000000000000000719930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a44640726e7485a2023-02-07 15:22:05.595root 11241100x8000000000000000719929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043b6d63edf5ef462023-02-07 15:22:05.595root 11241100x8000000000000000719928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37af8bf114b417402023-02-07 15:22:05.595root 11241100x8000000000000000719927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51868cba8ad9f5932023-02-07 15:22:05.595root 11241100x8000000000000000719926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:05.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d682bf98a8e3d4642023-02-07 15:22:05.595root 11241100x8000000000000000719932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77341165455c6ccc2023-02-07 15:22:06.095root 11241100x8000000000000000719931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d78195b7fd380832023-02-07 15:22:06.095root 11241100x8000000000000000719935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5805924d62e7c1762023-02-07 15:22:06.096root 11241100x8000000000000000719934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66592be9e9311b7b2023-02-07 15:22:06.096root 11241100x8000000000000000719933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7691f6d71afda0872023-02-07 15:22:06.096root 11241100x8000000000000000719940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252cadb7ed8e95c22023-02-07 15:22:06.595root 11241100x8000000000000000719939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50776b981bbf20402023-02-07 15:22:06.595root 11241100x8000000000000000719938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbbc164b6eb45ec2023-02-07 15:22:06.595root 11241100x8000000000000000719937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478af174c0d2e92a2023-02-07 15:22:06.595root 11241100x8000000000000000719936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baabb1a62429fdbb2023-02-07 15:22:06.595root 11241100x8000000000000000719945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eaca9fa4f957652023-02-07 15:22:07.095root 11241100x8000000000000000719944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081d4a19f93e69812023-02-07 15:22:07.095root 11241100x8000000000000000719943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e4c8b19ba69af52023-02-07 15:22:07.095root 11241100x8000000000000000719942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f0d0ade60d74cd2023-02-07 15:22:07.095root 11241100x8000000000000000719941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2bedd62df99ec22023-02-07 15:22:07.095root 11241100x8000000000000000719949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a7a31669cef7f2023-02-07 15:22:07.595root 11241100x8000000000000000719948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f0a33234ca3af42023-02-07 15:22:07.595root 11241100x8000000000000000719947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b39bbb71160bfbb2023-02-07 15:22:07.595root 11241100x8000000000000000719946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9d7ea098a3bafe2023-02-07 15:22:07.595root 11241100x8000000000000000719950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83967694e8ee05c82023-02-07 15:22:07.596root 11241100x8000000000000000719955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137b74373a9585752023-02-07 15:22:08.095root 11241100x8000000000000000719954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d785eb9d225f9b42023-02-07 15:22:08.095root 11241100x8000000000000000719953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a29f53e0eded07d2023-02-07 15:22:08.095root 11241100x8000000000000000719952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f819ab8bff6ed6c2023-02-07 15:22:08.095root 11241100x8000000000000000719951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc48476358a24bfc2023-02-07 15:22:08.095root 354300x8000000000000000719956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.124{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51898-false10.0.1.12-8000- 11241100x8000000000000000719962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d6bca63a3162882023-02-07 15:22:08.595root 11241100x8000000000000000719961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10b172179cf08ea2023-02-07 15:22:08.595root 11241100x8000000000000000719960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080afc4df6c5de532023-02-07 15:22:08.595root 11241100x8000000000000000719959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb46d01c5182bd42023-02-07 15:22:08.595root 11241100x8000000000000000719958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca93cd6664fa36e42023-02-07 15:22:08.595root 11241100x8000000000000000719957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb72e866b1030e492023-02-07 15:22:08.595root 11241100x8000000000000000719967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c792fd255db77d9b2023-02-07 15:22:09.095root 11241100x8000000000000000719966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda6b5e290d0f5662023-02-07 15:22:09.095root 11241100x8000000000000000719965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b45d3a05b6e7202023-02-07 15:22:09.095root 11241100x8000000000000000719964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5117aecd8402eb102023-02-07 15:22:09.095root 11241100x8000000000000000719963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2582727ab14dd20d2023-02-07 15:22:09.095root 11241100x8000000000000000719968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5761a5dd8c98b07e2023-02-07 15:22:09.096root 11241100x8000000000000000719972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cf5cb51ba6f6e92023-02-07 15:22:09.595root 11241100x8000000000000000719971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2a204ee27151522023-02-07 15:22:09.595root 11241100x8000000000000000719970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6190d2fbf27a06b2023-02-07 15:22:09.595root 11241100x8000000000000000719969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a8d77faf612e472023-02-07 15:22:09.595root 11241100x8000000000000000719974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bb39e4cd16c9b32023-02-07 15:22:09.596root 11241100x8000000000000000719973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64748918afccc8ee2023-02-07 15:22:09.596root 11241100x8000000000000000719980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec0e026f39abaaf2023-02-07 15:22:10.095root 11241100x8000000000000000719979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d5339bf83d3da62023-02-07 15:22:10.095root 11241100x8000000000000000719978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b13645d7ec0782023-02-07 15:22:10.095root 11241100x8000000000000000719977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b3fac1cf9309372023-02-07 15:22:10.095root 11241100x8000000000000000719976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dee3e4723e533d2023-02-07 15:22:10.095root 11241100x8000000000000000719975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a10136fe78a39922023-02-07 15:22:10.095root 11241100x8000000000000000719986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a4363dbb2bbb832023-02-07 15:22:10.598root 11241100x8000000000000000719985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dcde5ba05107b22023-02-07 15:22:10.598root 11241100x8000000000000000719984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a00d7b83603bb02023-02-07 15:22:10.598root 11241100x8000000000000000719983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbebb4b157fb60ae2023-02-07 15:22:10.598root 11241100x8000000000000000719982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e729d8c0b3fd700b2023-02-07 15:22:10.598root 11241100x8000000000000000719981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:10.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3146c8d9d355c68d2023-02-07 15:22:10.598root 11241100x8000000000000000719991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6349d8f8448d4f182023-02-07 15:22:11.095root 11241100x8000000000000000719990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe66b8003f7c55a2023-02-07 15:22:11.095root 11241100x8000000000000000719989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf239efadc8b8062023-02-07 15:22:11.095root 11241100x8000000000000000719988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbfe1ec6d44831e2023-02-07 15:22:11.095root 11241100x8000000000000000719987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b2435496bd32432023-02-07 15:22:11.095root 11241100x8000000000000000719992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3779cf7abf39b1bb2023-02-07 15:22:11.096root 11241100x8000000000000000719996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5083ba84f29b0782023-02-07 15:22:11.595root 11241100x8000000000000000719995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e664a2bfeed88c7c2023-02-07 15:22:11.595root 11241100x8000000000000000719994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5f2e96e859ceea2023-02-07 15:22:11.595root 11241100x8000000000000000719993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8c2f7e3f2a264d2023-02-07 15:22:11.595root 11241100x8000000000000000719998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb41a8d88e2f4432023-02-07 15:22:11.596root 11241100x8000000000000000719997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:11.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd7868834d475162023-02-07 15:22:11.596root 11241100x8000000000000000720002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bbdbb3704a6c752023-02-07 15:22:12.095root 11241100x8000000000000000720001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9667bb1708fe262023-02-07 15:22:12.095root 11241100x8000000000000000720000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c5bc77a5c78c3b2023-02-07 15:22:12.095root 11241100x8000000000000000719999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84566d8ee257ea632023-02-07 15:22:12.095root 11241100x8000000000000000720004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7875f1a10ce266392023-02-07 15:22:12.096root 11241100x8000000000000000720003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d0c51ca6f1530a2023-02-07 15:22:12.096root 11241100x8000000000000000720007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9449ff0f09eb34da2023-02-07 15:22:12.595root 11241100x8000000000000000720006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cca4aedfe6713e2023-02-07 15:22:12.595root 11241100x8000000000000000720005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813c906be54eb0952023-02-07 15:22:12.595root 11241100x8000000000000000720010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf69f1fdd68df2272023-02-07 15:22:12.596root 11241100x8000000000000000720009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bf26636437aeff2023-02-07 15:22:12.596root 11241100x8000000000000000720008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:12.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89214da29c91f20f2023-02-07 15:22:12.596root 11241100x8000000000000000720014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e733b0d804c2cd692023-02-07 15:22:13.095root 11241100x8000000000000000720013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e8c06aff8202b72023-02-07 15:22:13.095root 11241100x8000000000000000720012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8dac786e1b4c092023-02-07 15:22:13.095root 11241100x8000000000000000720011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe780770464d42e2023-02-07 15:22:13.095root 11241100x8000000000000000720016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a5e35d8fe8db9e2023-02-07 15:22:13.096root 11241100x8000000000000000720015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a21886c4b9b81e72023-02-07 15:22:13.096root 11241100x8000000000000000720018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc9256ce36be9212023-02-07 15:22:13.595root 11241100x8000000000000000720017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de17bb35297c1c32023-02-07 15:22:13.595root 11241100x8000000000000000720022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4403fdb6fc81b4312023-02-07 15:22:13.596root 11241100x8000000000000000720021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081e72f85cbcc79c2023-02-07 15:22:13.596root 11241100x8000000000000000720020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd64f7c83723d382023-02-07 15:22:13.596root 11241100x8000000000000000720019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:13.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d26dc8cae2d22e72023-02-07 15:22:13.596root 11241100x8000000000000000720026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fddccbe37e739f42023-02-07 15:22:14.095root 11241100x8000000000000000720025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d812d43cca2ca3ef2023-02-07 15:22:14.095root 11241100x8000000000000000720024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf87b5cf042a6462023-02-07 15:22:14.095root 11241100x8000000000000000720023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a480cc11ab5da2c02023-02-07 15:22:14.095root 11241100x8000000000000000720028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7acf5db5d8db8512023-02-07 15:22:14.096root 11241100x8000000000000000720027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de01ad91a7bacd802023-02-07 15:22:14.096root 354300x8000000000000000720029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.114{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51906-false10.0.1.12-8000- 11241100x8000000000000000720034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c060e7cd515bdd662023-02-07 15:22:14.595root 11241100x8000000000000000720033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779f1b72527cb3d72023-02-07 15:22:14.595root 11241100x8000000000000000720032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180c8495d1aea52a2023-02-07 15:22:14.595root 11241100x8000000000000000720031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf7ec87856093b02023-02-07 15:22:14.595root 11241100x8000000000000000720030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2c46a2023673522023-02-07 15:22:14.595root 11241100x8000000000000000720036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f579f0aa5c7c9312023-02-07 15:22:14.596root 11241100x8000000000000000720035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1c729dd175b4ec2023-02-07 15:22:14.596root 354300x8000000000000000720037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:14.607{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-45626-false10.0.1.12-8089- 11241100x8000000000000000720039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4644d37389e74412023-02-07 15:22:15.095root 11241100x8000000000000000720038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d15f28e72c6b2982023-02-07 15:22:15.095root 11241100x8000000000000000720043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25719d101b0f2652023-02-07 15:22:15.096root 11241100x8000000000000000720042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8da5565296d3a5d2023-02-07 15:22:15.096root 11241100x8000000000000000720041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7361b5197391b36a2023-02-07 15:22:15.096root 11241100x8000000000000000720040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9844d0c4d6e5ab2023-02-07 15:22:15.096root 11241100x8000000000000000720045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d70ab2f4da2aba2023-02-07 15:22:15.097root 11241100x8000000000000000720044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdad178cd26657682023-02-07 15:22:15.097root 11241100x8000000000000000720053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77656c3e24ace4bd2023-02-07 15:22:15.595root 11241100x8000000000000000720052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4ae6ef673bdf7f2023-02-07 15:22:15.595root 11241100x8000000000000000720051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf25e8d49ce4fb42023-02-07 15:22:15.595root 11241100x8000000000000000720050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9598140e2e480d82023-02-07 15:22:15.595root 11241100x8000000000000000720049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222b87512e5e92122023-02-07 15:22:15.595root 11241100x8000000000000000720048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ef71ac7893ffd32023-02-07 15:22:15.595root 11241100x8000000000000000720047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845fd958ca6d90f02023-02-07 15:22:15.595root 11241100x8000000000000000720046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b951918d9daf49372023-02-07 15:22:15.595root 11241100x8000000000000000720055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee996081bb275e12023-02-07 15:22:16.095root 11241100x8000000000000000720054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451a645f59cfa4482023-02-07 15:22:16.095root 11241100x8000000000000000720060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa7a9641f5b5b32023-02-07 15:22:16.096root 11241100x8000000000000000720059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848f2d483f1e24bc2023-02-07 15:22:16.096root 11241100x8000000000000000720058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c585861120c1fa02023-02-07 15:22:16.096root 11241100x8000000000000000720057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fecb01e2deacd32023-02-07 15:22:16.096root 11241100x8000000000000000720056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109257d34337f40b2023-02-07 15:22:16.096root 11241100x8000000000000000720061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88c355ab6aa95692023-02-07 15:22:16.097root 11241100x8000000000000000720065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd1c7ac68f693422023-02-07 15:22:16.595root 11241100x8000000000000000720064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cca61ece423e3322023-02-07 15:22:16.595root 11241100x8000000000000000720063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29f265ca1bbe8d72023-02-07 15:22:16.595root 11241100x8000000000000000720062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebfd5e6a83df1cf2023-02-07 15:22:16.595root 11241100x8000000000000000720069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb414ff79c51bb22023-02-07 15:22:16.596root 11241100x8000000000000000720068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252dc8dbe9802a8b2023-02-07 15:22:16.596root 11241100x8000000000000000720067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e44b8c9000e978b2023-02-07 15:22:16.596root 11241100x8000000000000000720066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc720175f5e344e2023-02-07 15:22:16.596root 11241100x8000000000000000720073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dbc219894d55272023-02-07 15:22:17.095root 11241100x8000000000000000720072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5840bc289e09862023-02-07 15:22:17.095root 11241100x8000000000000000720071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e327e848dc0212023-02-07 15:22:17.095root 11241100x8000000000000000720070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e1cbd91c2c6cb72023-02-07 15:22:17.095root 11241100x8000000000000000720077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38d3d34970ab2442023-02-07 15:22:17.096root 11241100x8000000000000000720076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f22f87537168292023-02-07 15:22:17.096root 11241100x8000000000000000720075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ddb2104ea5d78a2023-02-07 15:22:17.096root 11241100x8000000000000000720074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d452738a11e01592023-02-07 15:22:17.096root 11241100x8000000000000000720081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cc56f1e847723c2023-02-07 15:22:17.595root 11241100x8000000000000000720080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191758fb33fd72e52023-02-07 15:22:17.595root 11241100x8000000000000000720079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be4a8f1662026ba2023-02-07 15:22:17.595root 11241100x8000000000000000720078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6951317c8633e112023-02-07 15:22:17.595root 11241100x8000000000000000720085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32facb23ebd7551a2023-02-07 15:22:17.596root 11241100x8000000000000000720084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e6e6d8c061a412023-02-07 15:22:17.596root 11241100x8000000000000000720083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d1719834dc1fcd2023-02-07 15:22:17.596root 11241100x8000000000000000720082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:17.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab987c34e57a3c62023-02-07 15:22:17.596root 11241100x8000000000000000720090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4eefdf81d96dab2023-02-07 15:22:18.097root 11241100x8000000000000000720089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bba6b08c8af8fe2023-02-07 15:22:18.097root 11241100x8000000000000000720088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1d59cd0cf90a772023-02-07 15:22:18.097root 11241100x8000000000000000720087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366795dbc2b3ade82023-02-07 15:22:18.097root 11241100x8000000000000000720086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0712d2545c8b4a9b2023-02-07 15:22:18.097root 11241100x8000000000000000720093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209213e5f71ac2492023-02-07 15:22:18.098root 11241100x8000000000000000720092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5949b3d8e56524552023-02-07 15:22:18.098root 11241100x8000000000000000720091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73952ea0877953fd2023-02-07 15:22:18.098root 11241100x8000000000000000720097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37810e54bf06d6e2023-02-07 15:22:18.595root 11241100x8000000000000000720096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b2ca3893d97bd42023-02-07 15:22:18.595root 11241100x8000000000000000720095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698863249e9e3bf12023-02-07 15:22:18.595root 11241100x8000000000000000720094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b606f5f004517552023-02-07 15:22:18.595root 11241100x8000000000000000720101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78462b76ebcaac922023-02-07 15:22:18.596root 11241100x8000000000000000720100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8ee7833fcfd06c2023-02-07 15:22:18.596root 11241100x8000000000000000720099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81054eb00ea71a792023-02-07 15:22:18.596root 11241100x8000000000000000720098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdc16cabc099f2d2023-02-07 15:22:18.596root 11241100x8000000000000000720105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbffa7ff350c1262023-02-07 15:22:19.095root 11241100x8000000000000000720104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e63f96fe97a9da2023-02-07 15:22:19.095root 11241100x8000000000000000720103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68391c7acb8a04e42023-02-07 15:22:19.095root 11241100x8000000000000000720102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd05833a3935b052023-02-07 15:22:19.095root 11241100x8000000000000000720109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44db35ab425a0952023-02-07 15:22:19.096root 11241100x8000000000000000720108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa972cce029562e32023-02-07 15:22:19.096root 11241100x8000000000000000720107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3223ab1a2d2ec22023-02-07 15:22:19.096root 11241100x8000000000000000720106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d6b24694af326a2023-02-07 15:22:19.096root 354300x8000000000000000720110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.179{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47732-false10.0.1.12-8000- 11241100x8000000000000000720117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25201498138e27b2023-02-07 15:22:19.596root 11241100x8000000000000000720116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e689d367b94d84c62023-02-07 15:22:19.596root 11241100x8000000000000000720115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca27b2adcbf4581e2023-02-07 15:22:19.596root 11241100x8000000000000000720114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711a8e813b59202f2023-02-07 15:22:19.596root 11241100x8000000000000000720113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0ef8cac53d83022023-02-07 15:22:19.596root 11241100x8000000000000000720112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff837dc64cc5535d2023-02-07 15:22:19.596root 11241100x8000000000000000720111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfa798503a2b7d32023-02-07 15:22:19.596root 11241100x8000000000000000720119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314bdb790f364fa42023-02-07 15:22:19.597root 11241100x8000000000000000720118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:19.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d31a85da5db6f222023-02-07 15:22:19.597root 11241100x8000000000000000720123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7501e717ca0829222023-02-07 15:22:20.095root 11241100x8000000000000000720122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eef7e8e11754d922023-02-07 15:22:20.095root 11241100x8000000000000000720121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a41926ef0c65c102023-02-07 15:22:20.095root 11241100x8000000000000000720120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0400e2b3e90eced2023-02-07 15:22:20.095root 11241100x8000000000000000720128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21814a31d221e0b02023-02-07 15:22:20.096root 11241100x8000000000000000720127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717b99c43cd7735f2023-02-07 15:22:20.096root 11241100x8000000000000000720126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a395444e0c81e82023-02-07 15:22:20.096root 11241100x8000000000000000720125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e199636cf8d77652023-02-07 15:22:20.096root 11241100x8000000000000000720124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e3b5930df48a22023-02-07 15:22:20.096root 154100x8000000000000000720129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.515{ec244aba-6cac-63e2-e806-066643560000}6238/bin/ls-----ls --color=auto -l/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 11241100x8000000000000000720130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.516{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0217c4323a7772c72023-02-07 15:22:20.516root 534500x8000000000000000720136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.517{ec244aba-6cac-63e2-e806-066643560000}6238/bin/lsubuntu 11241100x8000000000000000720135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.517{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008dafe15f165f182023-02-07 15:22:20.517root 11241100x8000000000000000720134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.517{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dead042e7ef0a5f2023-02-07 15:22:20.517root 11241100x8000000000000000720133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.517{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaebea49891675a2023-02-07 15:22:20.517root 11241100x8000000000000000720132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.517{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b639cf82b942ac2023-02-07 15:22:20.517root 11241100x8000000000000000720131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.517{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340e82b54eed0bf62023-02-07 15:22:20.517root 11241100x8000000000000000720140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.518{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded6a8f2122a31382023-02-07 15:22:20.518root 11241100x8000000000000000720139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.518{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54115a0d35ebf57b2023-02-07 15:22:20.518root 11241100x8000000000000000720138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.518{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9f8978d8f605242023-02-07 15:22:20.518root 11241100x8000000000000000720137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.518{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bec6b1abfeb716d2023-02-07 15:22:20.518root 11241100x8000000000000000720141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688876a8db42cc332023-02-07 15:22:20.845root 11241100x8000000000000000720142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42588fee3bd909722023-02-07 15:22:20.846root 11241100x8000000000000000720149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116d01fed97064962023-02-07 15:22:20.847root 11241100x8000000000000000720148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f4aebbef3988992023-02-07 15:22:20.847root 11241100x8000000000000000720147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4123363ff9b431602023-02-07 15:22:20.847root 11241100x8000000000000000720146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb3c07bae43d7092023-02-07 15:22:20.847root 11241100x8000000000000000720145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6a241a60d7a1ce2023-02-07 15:22:20.847root 11241100x8000000000000000720144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a011fdfa9b1e58c2023-02-07 15:22:20.847root 11241100x8000000000000000720143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e654692183b2c7a32023-02-07 15:22:20.847root 11241100x8000000000000000720151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37f3a32574358212023-02-07 15:22:20.848root 11241100x8000000000000000720150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:20.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b18c0c1f61e0582023-02-07 15:22:20.848root 11241100x8000000000000000720157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848e6ff5576036232023-02-07 15:22:21.345root 11241100x8000000000000000720156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16819d0c69c22e0e2023-02-07 15:22:21.345root 11241100x8000000000000000720155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31a5dbccbf524542023-02-07 15:22:21.345root 11241100x8000000000000000720154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32da428e163df7d2023-02-07 15:22:21.345root 11241100x8000000000000000720153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9724ac3f39eab72023-02-07 15:22:21.345root 11241100x8000000000000000720152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcceec112ba4b072023-02-07 15:22:21.345root 11241100x8000000000000000720162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b6f1fcfdf9278b2023-02-07 15:22:21.346root 11241100x8000000000000000720161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681db8d6037665e22023-02-07 15:22:21.346root 11241100x8000000000000000720160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3a61cca4a5dbdf2023-02-07 15:22:21.346root 11241100x8000000000000000720159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c74b8ef226f85042023-02-07 15:22:21.346root 11241100x8000000000000000720158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f352a756c5d56f372023-02-07 15:22:21.346root 11241100x8000000000000000720166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cca5d43acc0c782023-02-07 15:22:21.845root 11241100x8000000000000000720165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada51c56ccd8d2432023-02-07 15:22:21.845root 11241100x8000000000000000720164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642f06ecc2c9db8d2023-02-07 15:22:21.845root 11241100x8000000000000000720163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c36d0424685102023-02-07 15:22:21.845root 11241100x8000000000000000720173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d20a30fae9f8542023-02-07 15:22:21.846root 11241100x8000000000000000720172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d612502adf225d342023-02-07 15:22:21.846root 11241100x8000000000000000720171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560fadcdb9e5f8782023-02-07 15:22:21.846root 11241100x8000000000000000720170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aac7b876ea98722023-02-07 15:22:21.846root 11241100x8000000000000000720169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d807ef1a2af2abf92023-02-07 15:22:21.846root 11241100x8000000000000000720168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e1864de90db7842023-02-07 15:22:21.846root 11241100x8000000000000000720167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:21.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fce9e9add37a262023-02-07 15:22:21.846root 11241100x8000000000000000720175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2effd74abdc67df72023-02-07 15:22:22.345root 11241100x8000000000000000720174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3625e254ca23a99f2023-02-07 15:22:22.345root 11241100x8000000000000000720184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea1c4058e9cdea62023-02-07 15:22:22.346root 11241100x8000000000000000720183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c0fadfc501ed412023-02-07 15:22:22.346root 11241100x8000000000000000720182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7598bd0e8c113d662023-02-07 15:22:22.346root 11241100x8000000000000000720181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7119a47f7a6c15582023-02-07 15:22:22.346root 11241100x8000000000000000720180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d49d441a4f617be2023-02-07 15:22:22.346root 11241100x8000000000000000720179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88045c847d71099e2023-02-07 15:22:22.346root 11241100x8000000000000000720178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936805da8d331592023-02-07 15:22:22.346root 11241100x8000000000000000720177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb62cb153b8758b2023-02-07 15:22:22.346root 11241100x8000000000000000720176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e845d8d1127a72023-02-07 15:22:22.346root 11241100x8000000000000000720187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617db7948533be9e2023-02-07 15:22:22.845root 11241100x8000000000000000720186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae881b6565b29b4f2023-02-07 15:22:22.845root 11241100x8000000000000000720185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a797ac75927ea2062023-02-07 15:22:22.845root 11241100x8000000000000000720195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064419a8a9dc11e92023-02-07 15:22:22.846root 11241100x8000000000000000720194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e298508d424532023-02-07 15:22:22.846root 11241100x8000000000000000720193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea2ed22d53bfa172023-02-07 15:22:22.846root 11241100x8000000000000000720192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5005b5bd9b0534732023-02-07 15:22:22.846root 11241100x8000000000000000720191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d922a658af3ffd2023-02-07 15:22:22.846root 11241100x8000000000000000720190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db482b037a645a2023-02-07 15:22:22.846root 11241100x8000000000000000720189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43540b5203aaf5812023-02-07 15:22:22.846root 11241100x8000000000000000720188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:22.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46255f20aa2eab0b2023-02-07 15:22:22.846root 11241100x8000000000000000720198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d016f1541123b92d2023-02-07 15:22:23.345root 11241100x8000000000000000720197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da22b179588c8482023-02-07 15:22:23.345root 11241100x8000000000000000720196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51089cac97dfd5572023-02-07 15:22:23.345root 11241100x8000000000000000720206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a255a7a208ad9f2023-02-07 15:22:23.346root 11241100x8000000000000000720205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d7e1ecffc9f9c82023-02-07 15:22:23.346root 11241100x8000000000000000720204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e14806f3634eca2023-02-07 15:22:23.346root 11241100x8000000000000000720203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0903690146a993b2023-02-07 15:22:23.346root 11241100x8000000000000000720202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500efb721d29daac2023-02-07 15:22:23.346root 11241100x8000000000000000720201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba895342ec55fb942023-02-07 15:22:23.346root 11241100x8000000000000000720200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60624045dece94c12023-02-07 15:22:23.346root 11241100x8000000000000000720199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea472a7a7f47b542023-02-07 15:22:23.346root 11241100x8000000000000000720208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f8e43cb2a1427b2023-02-07 15:22:23.845root 11241100x8000000000000000720207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcac8975b6f78472023-02-07 15:22:23.845root 11241100x8000000000000000720217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3896165819fc08bc2023-02-07 15:22:23.846root 11241100x8000000000000000720216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34236a4eac7af4e2023-02-07 15:22:23.846root 11241100x8000000000000000720215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71498735481bab92023-02-07 15:22:23.846root 11241100x8000000000000000720214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f901b42deec33b092023-02-07 15:22:23.846root 11241100x8000000000000000720213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea3bb44b241f802023-02-07 15:22:23.846root 11241100x8000000000000000720212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113d37a5c2904dbc2023-02-07 15:22:23.846root 11241100x8000000000000000720211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4f96cb66eef4542023-02-07 15:22:23.846root 11241100x8000000000000000720210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606813107c2af4012023-02-07 15:22:23.846root 11241100x8000000000000000720209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:23.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b80ee392fcc6abc2023-02-07 15:22:23.846root 11241100x8000000000000000720219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.234{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34931af62bac08c2023-02-07 15:22:24.234root 354300x8000000000000000720218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.234{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47736-false10.0.1.12-8000- 11241100x8000000000000000720228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a525917bebba99b2023-02-07 15:22:24.235root 11241100x8000000000000000720227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d421b3f874ef52e2023-02-07 15:22:24.235root 11241100x8000000000000000720226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d607e7823e3b9f952023-02-07 15:22:24.235root 11241100x8000000000000000720225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3565a28c81df5a2023-02-07 15:22:24.235root 11241100x8000000000000000720224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e0f6b5281f90192023-02-07 15:22:24.235root 11241100x8000000000000000720223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e216920dd22162612023-02-07 15:22:24.235root 11241100x8000000000000000720222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6cdde126ab54802023-02-07 15:22:24.235root 11241100x8000000000000000720221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826a29c6f916a2df2023-02-07 15:22:24.235root 11241100x8000000000000000720220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.235{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c2e16e6d84c28f2023-02-07 15:22:24.235root 11241100x8000000000000000720230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.236{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d217afe2cd7b92023-02-07 15:22:24.236root 11241100x8000000000000000720229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.236{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f3a4a2a4da04362023-02-07 15:22:24.236root 11241100x8000000000000000720232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407d3c429181848b2023-02-07 15:22:24.596root 11241100x8000000000000000720231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce1918259d6ae622023-02-07 15:22:24.596root 11241100x8000000000000000720242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc8839b13ba5df82023-02-07 15:22:24.597root 11241100x8000000000000000720241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e659c9f63f8631a22023-02-07 15:22:24.597root 11241100x8000000000000000720240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d563d670ddaa8832023-02-07 15:22:24.597root 11241100x8000000000000000720239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c1695e919c12b32023-02-07 15:22:24.597root 11241100x8000000000000000720238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a7cbd1e15d65152023-02-07 15:22:24.597root 11241100x8000000000000000720237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d182eab6534c461d2023-02-07 15:22:24.597root 11241100x8000000000000000720236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85afa772876ff8d2023-02-07 15:22:24.597root 11241100x8000000000000000720235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c4c893db8263852023-02-07 15:22:24.597root 11241100x8000000000000000720234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616f41cce2569c642023-02-07 15:22:24.597root 11241100x8000000000000000720233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208df8fdde8a82a82023-02-07 15:22:24.597root 11241100x8000000000000000720243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:24.727{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:22:24.727root 11241100x8000000000000000720250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02aaee63b949a3842023-02-07 15:22:25.096root 11241100x8000000000000000720249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc80789aca3955e2023-02-07 15:22:25.096root 11241100x8000000000000000720248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84289f4ced6a7a52023-02-07 15:22:25.096root 11241100x8000000000000000720247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d572e5bb0f39b12023-02-07 15:22:25.096root 11241100x8000000000000000720246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cb1832db9c4d6b2023-02-07 15:22:25.096root 11241100x8000000000000000720245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ac8413e8dbd1652023-02-07 15:22:25.096root 11241100x8000000000000000720244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b56d28a361acfef2023-02-07 15:22:25.096root 11241100x8000000000000000720256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b3b74d88c551e42023-02-07 15:22:25.097root 11241100x8000000000000000720255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cda62720eb2d3c2023-02-07 15:22:25.097root 11241100x8000000000000000720254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcec240dc938d152023-02-07 15:22:25.097root 11241100x8000000000000000720253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777fbcb03fd373b2023-02-07 15:22:25.097root 11241100x8000000000000000720252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1114c262d368057a2023-02-07 15:22:25.097root 11241100x8000000000000000720251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060aeed7e0a51a7e2023-02-07 15:22:25.097root 11241100x8000000000000000720258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbcf621a1e609e52023-02-07 15:22:25.595root 11241100x8000000000000000720257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b0c131d67c6ea92023-02-07 15:22:25.595root 11241100x8000000000000000720261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb319a8c96888d92023-02-07 15:22:25.598root 11241100x8000000000000000720260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4b01672ffd9b4d2023-02-07 15:22:25.598root 11241100x8000000000000000720259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5488b7857297e4e2023-02-07 15:22:25.598root 11241100x8000000000000000720266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807d99b0c67d43112023-02-07 15:22:25.599root 11241100x8000000000000000720265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5943108177b467b62023-02-07 15:22:25.599root 11241100x8000000000000000720264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24719cd42b4e5fbc2023-02-07 15:22:25.599root 11241100x8000000000000000720263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac93899409518b42023-02-07 15:22:25.599root 11241100x8000000000000000720262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d11ba953972cf742023-02-07 15:22:25.599root 11241100x8000000000000000720268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d88485611a065d2023-02-07 15:22:25.600root 11241100x8000000000000000720267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fe5d68e0c224072023-02-07 15:22:25.600root 11241100x8000000000000000720269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:25.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291c608d58b2548e2023-02-07 15:22:25.601root 11241100x8000000000000000720273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb42d6c3ac2ac9ec2023-02-07 15:22:26.095root 11241100x8000000000000000720272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39baa99c0fb3f6462023-02-07 15:22:26.095root 11241100x8000000000000000720271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2b8bf676f1e2ae2023-02-07 15:22:26.095root 11241100x8000000000000000720270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a723207410dca32023-02-07 15:22:26.095root 11241100x8000000000000000720279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f639bd191c2728742023-02-07 15:22:26.096root 11241100x8000000000000000720278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433894a382b875312023-02-07 15:22:26.096root 11241100x8000000000000000720277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2cade6a39932e12023-02-07 15:22:26.096root 11241100x8000000000000000720276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0551dfb26bf0825d2023-02-07 15:22:26.096root 11241100x8000000000000000720275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8995acc710a32f2023-02-07 15:22:26.096root 11241100x8000000000000000720274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0451812ec150499d2023-02-07 15:22:26.096root 11241100x8000000000000000720282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b6f3f1eae795e52023-02-07 15:22:26.097root 11241100x8000000000000000720281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f6a7a283bea9432023-02-07 15:22:26.097root 11241100x8000000000000000720280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14c0494c488813d2023-02-07 15:22:26.097root 11241100x8000000000000000720285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9293de53ffb5b8a2023-02-07 15:22:26.595root 11241100x8000000000000000720284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1d6c25e9ad41092023-02-07 15:22:26.595root 11241100x8000000000000000720283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01d64bc2aac7edc2023-02-07 15:22:26.595root 11241100x8000000000000000720293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337d16b0be8e9eb12023-02-07 15:22:26.596root 11241100x8000000000000000720292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b069219057c5a7b02023-02-07 15:22:26.596root 11241100x8000000000000000720291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac62bb03d97ebf542023-02-07 15:22:26.596root 11241100x8000000000000000720290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62e7d634cd9936d2023-02-07 15:22:26.596root 11241100x8000000000000000720289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d967717818c56e2023-02-07 15:22:26.596root 11241100x8000000000000000720288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90851ffa7fdc86cb2023-02-07 15:22:26.596root 11241100x8000000000000000720287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17a9b08207190112023-02-07 15:22:26.596root 11241100x8000000000000000720286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e152502f360a2122023-02-07 15:22:26.596root 11241100x8000000000000000720295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d08bdc9e487f552023-02-07 15:22:26.597root 11241100x8000000000000000720294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:26.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0c842da72ef9ab2023-02-07 15:22:26.597root 11241100x8000000000000000720297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dc90afb89a4def2023-02-07 15:22:27.095root 11241100x8000000000000000720296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c3962640147dd22023-02-07 15:22:27.095root 11241100x8000000000000000720304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e441b71251e7c2023-02-07 15:22:27.096root 11241100x8000000000000000720303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7735517d0b70d702023-02-07 15:22:27.096root 11241100x8000000000000000720302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da104b9d382821e12023-02-07 15:22:27.096root 11241100x8000000000000000720301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c24c8fd4eb9e102023-02-07 15:22:27.096root 11241100x8000000000000000720300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b8eec0a97651262023-02-07 15:22:27.096root 11241100x8000000000000000720299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb43f957286751242023-02-07 15:22:27.096root 11241100x8000000000000000720298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02de80c8c6e343982023-02-07 15:22:27.096root 11241100x8000000000000000720308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af0fbcebadef8c12023-02-07 15:22:27.097root 11241100x8000000000000000720307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6326ced16b2e4822023-02-07 15:22:27.097root 11241100x8000000000000000720306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1510b637510fea522023-02-07 15:22:27.097root 11241100x8000000000000000720305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0686b7336798404a2023-02-07 15:22:27.097root 11241100x8000000000000000720315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5b86639af779642023-02-07 15:22:27.595root 11241100x8000000000000000720314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c801bdbaf6957cd92023-02-07 15:22:27.595root 11241100x8000000000000000720313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9476a23aed84f2023-02-07 15:22:27.595root 11241100x8000000000000000720312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da50655d7c131fd2023-02-07 15:22:27.595root 11241100x8000000000000000720311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a007020f37ca602023-02-07 15:22:27.595root 11241100x8000000000000000720310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea75ef8afab8f2c72023-02-07 15:22:27.595root 11241100x8000000000000000720309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616cdec51a2e73132023-02-07 15:22:27.595root 11241100x8000000000000000720321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5494d6c02f5704712023-02-07 15:22:27.596root 11241100x8000000000000000720320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f2d07743b519e82023-02-07 15:22:27.596root 11241100x8000000000000000720319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9b61f16948efdb2023-02-07 15:22:27.596root 11241100x8000000000000000720318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a615d1f63922342023-02-07 15:22:27.596root 11241100x8000000000000000720317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c618233c17dff32023-02-07 15:22:27.596root 11241100x8000000000000000720316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8c608d035134202023-02-07 15:22:27.596root 23542300x8000000000000000720322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:27.728{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000720327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb2dcefc2bf8882023-02-07 15:22:28.095root 11241100x8000000000000000720326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2ae7b36f004f9e2023-02-07 15:22:28.095root 11241100x8000000000000000720325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4466f0495ded0cb32023-02-07 15:22:28.095root 11241100x8000000000000000720324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b05fdbdb02c3b2023-02-07 15:22:28.095root 11241100x8000000000000000720323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928dd3e106e954612023-02-07 15:22:28.095root 11241100x8000000000000000720332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5018d9052c95536c2023-02-07 15:22:28.096root 11241100x8000000000000000720331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83469f94343532ce2023-02-07 15:22:28.096root 11241100x8000000000000000720330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8232bc49fe9844e02023-02-07 15:22:28.096root 11241100x8000000000000000720329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aa959f8940c77e2023-02-07 15:22:28.096root 11241100x8000000000000000720328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7685eeebcc51e0e92023-02-07 15:22:28.096root 11241100x8000000000000000720335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c8a36d320f12c02023-02-07 15:22:28.097root 11241100x8000000000000000720334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3a4627e449c12e2023-02-07 15:22:28.097root 11241100x8000000000000000720333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553223659668acc92023-02-07 15:22:28.097root 11241100x8000000000000000720336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65eb7dc7e2c453e2023-02-07 15:22:28.098root 11241100x8000000000000000720343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8483b7a549a482892023-02-07 15:22:28.595root 11241100x8000000000000000720342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4342fce084bbef542023-02-07 15:22:28.595root 11241100x8000000000000000720341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3fe5bf1bacd11f2023-02-07 15:22:28.595root 11241100x8000000000000000720340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db88a8d586104ad52023-02-07 15:22:28.595root 11241100x8000000000000000720339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23aecc58caac2282023-02-07 15:22:28.595root 11241100x8000000000000000720338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f9eaba56e9a0b82023-02-07 15:22:28.595root 11241100x8000000000000000720337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68c970f91f45a62023-02-07 15:22:28.595root 11241100x8000000000000000720350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ba948bf9717d672023-02-07 15:22:28.596root 11241100x8000000000000000720349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5756f77d21a1c0c72023-02-07 15:22:28.596root 11241100x8000000000000000720348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99133b8d60bf3ea72023-02-07 15:22:28.596root 11241100x8000000000000000720347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab25dbdf3f9e8b92023-02-07 15:22:28.596root 11241100x8000000000000000720346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce0409217046ed42023-02-07 15:22:28.596root 11241100x8000000000000000720345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf287dac39c88f482023-02-07 15:22:28.596root 11241100x8000000000000000720344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105fc52738e5202b2023-02-07 15:22:28.596root 11241100x8000000000000000720353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f682339386fbff2023-02-07 15:22:29.095root 11241100x8000000000000000720352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94de8feb3be83b22023-02-07 15:22:29.095root 11241100x8000000000000000720351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc862bc8dee62f762023-02-07 15:22:29.095root 11241100x8000000000000000720357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3027c5194318692023-02-07 15:22:29.096root 11241100x8000000000000000720356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2195bcb2f33b062023-02-07 15:22:29.096root 11241100x8000000000000000720355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e02ee7f84d301142023-02-07 15:22:29.096root 11241100x8000000000000000720354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1717226b3269ff872023-02-07 15:22:29.096root 11241100x8000000000000000720364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4553cd6ad8a2da172023-02-07 15:22:29.097root 11241100x8000000000000000720363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c66e013bdac7132023-02-07 15:22:29.097root 11241100x8000000000000000720362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001c20c23c4b9b02023-02-07 15:22:29.097root 11241100x8000000000000000720361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3527ccfedc31bc52023-02-07 15:22:29.097root 11241100x8000000000000000720360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408ff214e37c140f2023-02-07 15:22:29.097root 11241100x8000000000000000720359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6653063ac5dca1cc2023-02-07 15:22:29.097root 11241100x8000000000000000720358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be63abe8bc5a4432023-02-07 15:22:29.097root 11241100x8000000000000000720368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e738a0195615162023-02-07 15:22:29.595root 11241100x8000000000000000720367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee137f3e58273a302023-02-07 15:22:29.595root 11241100x8000000000000000720366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea058a98ae2a91e2023-02-07 15:22:29.595root 11241100x8000000000000000720365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296ac029bd984fd82023-02-07 15:22:29.595root 11241100x8000000000000000720376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87d6652098f73572023-02-07 15:22:29.596root 11241100x8000000000000000720375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c854ced53d0f47882023-02-07 15:22:29.596root 11241100x8000000000000000720374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d2e27c1dd3a7c72023-02-07 15:22:29.596root 11241100x8000000000000000720373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aa33ea79418c962023-02-07 15:22:29.596root 11241100x8000000000000000720372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b45e3220d738022023-02-07 15:22:29.596root 11241100x8000000000000000720371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d589c28670b83b2023-02-07 15:22:29.596root 11241100x8000000000000000720370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06425b6e20c7d35e2023-02-07 15:22:29.596root 11241100x8000000000000000720369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1922374a28c8f8522023-02-07 15:22:29.596root 11241100x8000000000000000720378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9921b8b3544bcdc02023-02-07 15:22:29.597root 11241100x8000000000000000720377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:29.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09c6512bb5d88f12023-02-07 15:22:29.597root 354300x8000000000000000720379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.044{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36684-false10.0.1.12-8000- 11241100x8000000000000000720383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903c78784852fdb82023-02-07 15:22:30.046root 11241100x8000000000000000720382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5acd969811c80c12023-02-07 15:22:30.046root 11241100x8000000000000000720381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fa2234131d6e882023-02-07 15:22:30.046root 11241100x8000000000000000720380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.046{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91a0e071f5fd7f12023-02-07 15:22:30.046root 11241100x8000000000000000720386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcb4957d35be0492023-02-07 15:22:30.047root 11241100x8000000000000000720385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f829bf6835434a2023-02-07 15:22:30.047root 11241100x8000000000000000720384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd50789452e252c52023-02-07 15:22:30.047root 11241100x8000000000000000720389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37962ea7e5e5dcc82023-02-07 15:22:30.048root 11241100x8000000000000000720388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bccb42f4b4b23942023-02-07 15:22:30.048root 11241100x8000000000000000720387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c72aaa953550012023-02-07 15:22:30.048root 11241100x8000000000000000720393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868a07ff7344c5c32023-02-07 15:22:30.049root 11241100x8000000000000000720392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cce72dfc33a2e42023-02-07 15:22:30.049root 11241100x8000000000000000720391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cd1c3681b140ac2023-02-07 15:22:30.049root 11241100x8000000000000000720390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa67ea8d561adc12023-02-07 15:22:30.049root 11241100x8000000000000000720394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e111c0eb626e1972023-02-07 15:22:30.050root 11241100x8000000000000000720398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f5e53d951d1b122023-02-07 15:22:30.345root 11241100x8000000000000000720397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed4e8a10bd8a4fb2023-02-07 15:22:30.345root 11241100x8000000000000000720396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f70b43d7288b1f2023-02-07 15:22:30.345root 11241100x8000000000000000720395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba7d58d291ab0672023-02-07 15:22:30.345root 11241100x8000000000000000720406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2421d1f761da8b962023-02-07 15:22:30.346root 11241100x8000000000000000720405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda229370e097ffd2023-02-07 15:22:30.346root 11241100x8000000000000000720404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39337d0c34ad7fc2023-02-07 15:22:30.346root 11241100x8000000000000000720403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38089c2051674ec22023-02-07 15:22:30.346root 11241100x8000000000000000720402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe96af46071fe0c2023-02-07 15:22:30.346root 11241100x8000000000000000720401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ad296f2435dffc2023-02-07 15:22:30.346root 11241100x8000000000000000720400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbc7d4dddc5cd3b2023-02-07 15:22:30.346root 11241100x8000000000000000720399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac5df192ba223b2023-02-07 15:22:30.346root 11241100x8000000000000000720409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8885a7d98bd7df6a2023-02-07 15:22:30.347root 11241100x8000000000000000720408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3e9966c871833c2023-02-07 15:22:30.347root 11241100x8000000000000000720407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de27ec8207d9c892023-02-07 15:22:30.347root 11241100x8000000000000000720410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea1621d9150a0f2023-02-07 15:22:30.845root 11241100x8000000000000000720419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2863f24e38a34cf42023-02-07 15:22:30.846root 11241100x8000000000000000720418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeef88e92ed6e0c42023-02-07 15:22:30.846root 11241100x8000000000000000720417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61bb19880df6e022023-02-07 15:22:30.846root 11241100x8000000000000000720416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb69c6d17f20404f2023-02-07 15:22:30.846root 11241100x8000000000000000720415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c985f88adee2c1d2023-02-07 15:22:30.846root 11241100x8000000000000000720414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8147128ebfa7c23f2023-02-07 15:22:30.846root 11241100x8000000000000000720413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f7d1ef232a02db2023-02-07 15:22:30.846root 11241100x8000000000000000720412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11e54fc9ad1f5ba2023-02-07 15:22:30.846root 11241100x8000000000000000720411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d921d26c032c8722023-02-07 15:22:30.846root 11241100x8000000000000000720424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c702043a42e1e62023-02-07 15:22:30.847root 11241100x8000000000000000720423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feaf1a82c70da052023-02-07 15:22:30.847root 11241100x8000000000000000720422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f421bbc2b7327f2023-02-07 15:22:30.847root 11241100x8000000000000000720421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8976d99938ca532023-02-07 15:22:30.847root 11241100x8000000000000000720420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:30.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d6228380dade942023-02-07 15:22:30.847root 11241100x8000000000000000720425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eea2466b59286e92023-02-07 15:22:31.345root 11241100x8000000000000000720433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49203199a63971ef2023-02-07 15:22:31.346root 11241100x8000000000000000720432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5226f46360db5aa2023-02-07 15:22:31.346root 11241100x8000000000000000720431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7a68de7c9a0c582023-02-07 15:22:31.346root 11241100x8000000000000000720430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa190100c1d2f3d2023-02-07 15:22:31.346root 11241100x8000000000000000720429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c174fd0c00ab13c32023-02-07 15:22:31.346root 11241100x8000000000000000720428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcee69af63a92562023-02-07 15:22:31.346root 11241100x8000000000000000720427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88731dbc729c97bc2023-02-07 15:22:31.346root 11241100x8000000000000000720426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25c88e4193558be2023-02-07 15:22:31.346root 11241100x8000000000000000720438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e505da76c369f352023-02-07 15:22:31.347root 11241100x8000000000000000720437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50544e57cfc85a262023-02-07 15:22:31.347root 11241100x8000000000000000720436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb4ab5075e9380b2023-02-07 15:22:31.347root 11241100x8000000000000000720435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97206946f018d0e2023-02-07 15:22:31.347root 11241100x8000000000000000720434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092ed0f4d48d01ae2023-02-07 15:22:31.347root 11241100x8000000000000000720439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df169ebbaf108772023-02-07 15:22:31.348root 11241100x8000000000000000720440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f3fa38a4426b492023-02-07 15:22:31.845root 11241100x8000000000000000720446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18486903e7a64722023-02-07 15:22:31.846root 11241100x8000000000000000720445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bcaa6f277881242023-02-07 15:22:31.846root 11241100x8000000000000000720444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38828f7b75b6fce62023-02-07 15:22:31.846root 11241100x8000000000000000720443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431523c444be3bac2023-02-07 15:22:31.846root 11241100x8000000000000000720442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c9c64e19070ce82023-02-07 15:22:31.846root 11241100x8000000000000000720441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b2d392e2eca3e42023-02-07 15:22:31.846root 11241100x8000000000000000720454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5d781df56219d52023-02-07 15:22:31.847root 11241100x8000000000000000720453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f31a757891c1d452023-02-07 15:22:31.847root 11241100x8000000000000000720452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865d37f3ca91328b2023-02-07 15:22:31.847root 11241100x8000000000000000720451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d87fa94c1657032023-02-07 15:22:31.847root 11241100x8000000000000000720450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4e36e3c7887d322023-02-07 15:22:31.847root 11241100x8000000000000000720449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123f69fe61047f42023-02-07 15:22:31.847root 11241100x8000000000000000720448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c826e5267e771fa62023-02-07 15:22:31.847root 11241100x8000000000000000720447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:31.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd81136b9b61abec2023-02-07 15:22:31.847root 11241100x8000000000000000720455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aacc9e6775c49962023-02-07 15:22:32.345root 11241100x8000000000000000720466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b289cc873554a692023-02-07 15:22:32.346root 11241100x8000000000000000720465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f0ffd941821d6e2023-02-07 15:22:32.346root 11241100x8000000000000000720464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b59a438f1be90112023-02-07 15:22:32.346root 11241100x8000000000000000720463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446dde35f2859a5d2023-02-07 15:22:32.346root 11241100x8000000000000000720462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db37a30c31a55ef82023-02-07 15:22:32.346root 11241100x8000000000000000720461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b61b7cc920a942023-02-07 15:22:32.346root 11241100x8000000000000000720460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fd32db72379dd12023-02-07 15:22:32.346root 11241100x8000000000000000720459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204a01600e258482023-02-07 15:22:32.346root 11241100x8000000000000000720458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51611152e7181a5e2023-02-07 15:22:32.346root 11241100x8000000000000000720457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ebe350e25c2c4e2023-02-07 15:22:32.346root 11241100x8000000000000000720456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b43b453a2200ee2023-02-07 15:22:32.346root 11241100x8000000000000000720469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b81e22c364d90a2023-02-07 15:22:32.347root 11241100x8000000000000000720468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe6d313e67b5c1e2023-02-07 15:22:32.347root 11241100x8000000000000000720467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc3ab2591080c132023-02-07 15:22:32.347root 11241100x8000000000000000720476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a63694493f412be2023-02-07 15:22:32.348root 11241100x8000000000000000720475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3c1bea98cf38992023-02-07 15:22:32.348root 11241100x8000000000000000720474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52744144ad645a5b2023-02-07 15:22:32.348root 11241100x8000000000000000720473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145c2bdc2fdc7f9c2023-02-07 15:22:32.348root 11241100x8000000000000000720472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f790ff92fa1db1692023-02-07 15:22:32.348root 11241100x8000000000000000720471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9c3520d12b8aeb2023-02-07 15:22:32.348root 11241100x8000000000000000720470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bdd9b6b06c9c002023-02-07 15:22:32.348root 11241100x8000000000000000720478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1dc3d29f24545f2023-02-07 15:22:32.349root 11241100x8000000000000000720477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25b89b002bcd4ff2023-02-07 15:22:32.349root 11241100x8000000000000000720487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58af03fb3dd47d842023-02-07 15:22:32.846root 11241100x8000000000000000720486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd708add1824cdab2023-02-07 15:22:32.846root 11241100x8000000000000000720485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ba2fc466e3d80f2023-02-07 15:22:32.846root 11241100x8000000000000000720484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15b400b53606a232023-02-07 15:22:32.846root 11241100x8000000000000000720483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c0db3a7bd487692023-02-07 15:22:32.846root 11241100x8000000000000000720482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d698949dc32b62b2023-02-07 15:22:32.846root 11241100x8000000000000000720481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9095292beaa66f2023-02-07 15:22:32.846root 11241100x8000000000000000720480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f76ad323488fda2023-02-07 15:22:32.846root 11241100x8000000000000000720479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754243556ab850ac2023-02-07 15:22:32.846root 11241100x8000000000000000720492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f68012edea376682023-02-07 15:22:32.847root 11241100x8000000000000000720491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272ad5545dbe9b6e2023-02-07 15:22:32.847root 11241100x8000000000000000720490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7be57556ebfdb5a2023-02-07 15:22:32.847root 11241100x8000000000000000720489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa195651b8721152023-02-07 15:22:32.847root 11241100x8000000000000000720488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb11709ddddcf4032023-02-07 15:22:32.847root 11241100x8000000000000000720493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:32.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbce0853fdff43b22023-02-07 15:22:32.848root 11241100x8000000000000000720494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a7a43cd0b1734b2023-02-07 15:22:33.345root 11241100x8000000000000000720498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c310f89841a36b2023-02-07 15:22:33.346root 11241100x8000000000000000720497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bb4ee2a1f148b32023-02-07 15:22:33.346root 11241100x8000000000000000720496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38ccb72abc6f702023-02-07 15:22:33.346root 11241100x8000000000000000720495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ec5664b18934752023-02-07 15:22:33.346root 11241100x8000000000000000720500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37069768cdb529682023-02-07 15:22:33.347root 11241100x8000000000000000720499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ee321cc3fa089d2023-02-07 15:22:33.347root 11241100x8000000000000000720508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb4d3e9ccef81862023-02-07 15:22:33.348root 11241100x8000000000000000720507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3d5010ef9ad5642023-02-07 15:22:33.348root 11241100x8000000000000000720506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e743df13ea2ac22023-02-07 15:22:33.348root 11241100x8000000000000000720505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdedaa4a83afe032023-02-07 15:22:33.348root 11241100x8000000000000000720504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6220a7f7cdc74f332023-02-07 15:22:33.348root 11241100x8000000000000000720503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08ed343cc6b9e3a2023-02-07 15:22:33.348root 11241100x8000000000000000720502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae1a53b337c716f2023-02-07 15:22:33.348root 11241100x8000000000000000720501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2158db47975c00452023-02-07 15:22:33.348root 11241100x8000000000000000720510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a92fe76129d8a9e2023-02-07 15:22:33.845root 11241100x8000000000000000720509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aa1759cb7293562023-02-07 15:22:33.845root 11241100x8000000000000000720517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b363f7b2893fd62023-02-07 15:22:33.846root 11241100x8000000000000000720516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e91be5ebdb3f352023-02-07 15:22:33.846root 11241100x8000000000000000720515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f617bfe04365dd132023-02-07 15:22:33.846root 11241100x8000000000000000720514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3b8d463782bfb52023-02-07 15:22:33.846root 11241100x8000000000000000720513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3468bb28c7fbe5652023-02-07 15:22:33.846root 11241100x8000000000000000720512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15f67a26add58152023-02-07 15:22:33.846root 11241100x8000000000000000720511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861d8ef5cde5a1152023-02-07 15:22:33.846root 11241100x8000000000000000720523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d261b9099c797252023-02-07 15:22:33.847root 11241100x8000000000000000720522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2542f83bdf171c62023-02-07 15:22:33.847root 11241100x8000000000000000720521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2c3d7ec2ac52a82023-02-07 15:22:33.847root 11241100x8000000000000000720520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680de55a55392aa82023-02-07 15:22:33.847root 11241100x8000000000000000720519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff26228043a6abfe2023-02-07 15:22:33.847root 11241100x8000000000000000720518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:33.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e624e1a9a52b33262023-02-07 15:22:33.847root 11241100x8000000000000000720529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07d3f2d88ba51322023-02-07 15:22:34.346root 11241100x8000000000000000720528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee093548f7b51e4d2023-02-07 15:22:34.346root 11241100x8000000000000000720527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d091bfe35709fb672023-02-07 15:22:34.346root 11241100x8000000000000000720526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c96980bca2aab12023-02-07 15:22:34.346root 11241100x8000000000000000720525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103291fff65d28b12023-02-07 15:22:34.346root 11241100x8000000000000000720524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731acee315b8e2702023-02-07 15:22:34.346root 11241100x8000000000000000720538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe8f25746c623622023-02-07 15:22:34.347root 11241100x8000000000000000720537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bf04b0de84b7fc2023-02-07 15:22:34.347root 11241100x8000000000000000720536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d7b9a614377022023-02-07 15:22:34.347root 11241100x8000000000000000720535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d65abd2efe60d62023-02-07 15:22:34.347root 11241100x8000000000000000720534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb5f9e9d41dd782023-02-07 15:22:34.347root 11241100x8000000000000000720533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028219d19f633a722023-02-07 15:22:34.347root 11241100x8000000000000000720532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae192b6b47d2bc2023-02-07 15:22:34.347root 11241100x8000000000000000720531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73f0b7b31c9ae512023-02-07 15:22:34.347root 11241100x8000000000000000720530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaab8931ceac6a8e2023-02-07 15:22:34.347root 11241100x8000000000000000720541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78abeeffa3662cf32023-02-07 15:22:34.845root 11241100x8000000000000000720540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be05e2fdcbfa83ff2023-02-07 15:22:34.845root 11241100x8000000000000000720539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044d0c34756fd6f2023-02-07 15:22:34.845root 11241100x8000000000000000720553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38579862f43364b42023-02-07 15:22:34.846root 11241100x8000000000000000720552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199d7f1782db95c82023-02-07 15:22:34.846root 11241100x8000000000000000720551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25382e39e85f4f9d2023-02-07 15:22:34.846root 11241100x8000000000000000720550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97feb96d63821f452023-02-07 15:22:34.846root 11241100x8000000000000000720549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4325968cc7a58e4b2023-02-07 15:22:34.846root 11241100x8000000000000000720548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ce7ecb932a6e402023-02-07 15:22:34.846root 11241100x8000000000000000720547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46417e5f582b0582023-02-07 15:22:34.846root 11241100x8000000000000000720546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0188e758ca96d34c2023-02-07 15:22:34.846root 11241100x8000000000000000720545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc3023dc805f1662023-02-07 15:22:34.846root 11241100x8000000000000000720544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf91a751e2d5a6962023-02-07 15:22:34.846root 11241100x8000000000000000720543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd62c51cf651a2912023-02-07 15:22:34.846root 11241100x8000000000000000720542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:34.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598aadd4330f6cf2023-02-07 15:22:34.846root 354300x8000000000000000720554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.053{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36700-false10.0.1.12-8000- 11241100x8000000000000000720556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993aaaf6d263a362023-02-07 15:22:35.345root 11241100x8000000000000000720555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dea5654c7d3b6932023-02-07 15:22:35.345root 11241100x8000000000000000720570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a243989b309e05d2023-02-07 15:22:35.346root 11241100x8000000000000000720569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffdb838882760ba2023-02-07 15:22:35.346root 11241100x8000000000000000720568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a978f7fd334d01d72023-02-07 15:22:35.346root 11241100x8000000000000000720567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bb671c8f49e1f22023-02-07 15:22:35.346root 11241100x8000000000000000720566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95d599978c0f6132023-02-07 15:22:35.346root 11241100x8000000000000000720565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694d5c71d2f928ef2023-02-07 15:22:35.346root 11241100x8000000000000000720564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a2434a7aa35162023-02-07 15:22:35.346root 11241100x8000000000000000720563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f36929dab77e872023-02-07 15:22:35.346root 11241100x8000000000000000720562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d5b5c5281df7e2023-02-07 15:22:35.346root 11241100x8000000000000000720561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29fa6aa9484203b2023-02-07 15:22:35.346root 11241100x8000000000000000720560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8e99151dbeedde2023-02-07 15:22:35.346root 11241100x8000000000000000720559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3dd3cb318746232023-02-07 15:22:35.346root 11241100x8000000000000000720558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891454a673e42b9c2023-02-07 15:22:35.346root 11241100x8000000000000000720557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daa3ec444fb452b2023-02-07 15:22:35.346root 11241100x8000000000000000720572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d253bcabb6d3e342023-02-07 15:22:35.845root 11241100x8000000000000000720571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e6366ef3a8aad02023-02-07 15:22:35.845root 11241100x8000000000000000720582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31587e82187a1f302023-02-07 15:22:35.846root 11241100x8000000000000000720581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26de35fb2ccca9d2023-02-07 15:22:35.846root 11241100x8000000000000000720580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2f3b0a93ac4e32023-02-07 15:22:35.846root 11241100x8000000000000000720579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415f7c84008129cb2023-02-07 15:22:35.846root 11241100x8000000000000000720578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3f8793d62205012023-02-07 15:22:35.846root 11241100x8000000000000000720577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159c8bc8dd7db3202023-02-07 15:22:35.846root 11241100x8000000000000000720576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87677982842836de2023-02-07 15:22:35.846root 11241100x8000000000000000720575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f992315b9d53c8152023-02-07 15:22:35.846root 11241100x8000000000000000720574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ad1a89a2eba30b2023-02-07 15:22:35.846root 11241100x8000000000000000720573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07170c0b7e0e535a2023-02-07 15:22:35.846root 11241100x8000000000000000720586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7ab9afe0d599bc2023-02-07 15:22:35.847root 11241100x8000000000000000720585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9894317d7f020b2b2023-02-07 15:22:35.847root 11241100x8000000000000000720584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15a70b3a04a80e72023-02-07 15:22:35.847root 11241100x8000000000000000720583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:35.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341893c8a46ce5fa2023-02-07 15:22:35.847root 11241100x8000000000000000720588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b4c4c053280df12023-02-07 15:22:36.345root 11241100x8000000000000000720587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b96f6d7aa43a902023-02-07 15:22:36.345root 11241100x8000000000000000720594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c20b4c69ce689a12023-02-07 15:22:36.346root 11241100x8000000000000000720593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aef9d743f803e662023-02-07 15:22:36.346root 11241100x8000000000000000720592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf313c48300e86c12023-02-07 15:22:36.346root 11241100x8000000000000000720591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e19d19983abd4a2023-02-07 15:22:36.346root 11241100x8000000000000000720590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07958e24d968e7d62023-02-07 15:22:36.346root 11241100x8000000000000000720589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef33a46efe178992023-02-07 15:22:36.346root 11241100x8000000000000000720600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d714304dde00bb2023-02-07 15:22:36.347root 11241100x8000000000000000720599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b079945948582a892023-02-07 15:22:36.347root 11241100x8000000000000000720598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fa29fdcb8904752023-02-07 15:22:36.347root 11241100x8000000000000000720597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8280fba68a0ee4c2023-02-07 15:22:36.347root 11241100x8000000000000000720596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb58338113bd0bc2023-02-07 15:22:36.347root 11241100x8000000000000000720595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e857e71c0a6ba72023-02-07 15:22:36.347root 11241100x8000000000000000720602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcfe8c12b3a55d92023-02-07 15:22:36.348root 11241100x8000000000000000720601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2596e404d968447d2023-02-07 15:22:36.348root 11241100x8000000000000000720603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e42d1d54e7d7e62023-02-07 15:22:36.845root 11241100x8000000000000000720610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e4642e18a0f4bd2023-02-07 15:22:36.846root 11241100x8000000000000000720609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af641bb99b5c9782023-02-07 15:22:36.846root 11241100x8000000000000000720608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6d1a52f5da4e0c2023-02-07 15:22:36.846root 11241100x8000000000000000720607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728cbfc6b45f3b932023-02-07 15:22:36.846root 11241100x8000000000000000720606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5139dd23bb92fd2023-02-07 15:22:36.846root 11241100x8000000000000000720605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e445e47c27825c2023-02-07 15:22:36.846root 11241100x8000000000000000720604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ef0be61865adbb2023-02-07 15:22:36.846root 11241100x8000000000000000720614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9120acc69249ef182023-02-07 15:22:36.847root 11241100x8000000000000000720613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01634fdf91df87892023-02-07 15:22:36.847root 11241100x8000000000000000720612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c67db7e053e81f92023-02-07 15:22:36.847root 11241100x8000000000000000720611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8411f775b1a5d62023-02-07 15:22:36.847root 11241100x8000000000000000720618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb41ad7a9466f62023-02-07 15:22:36.848root 11241100x8000000000000000720617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b3301d25cc96902023-02-07 15:22:36.848root 11241100x8000000000000000720616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f1b7c1ad5102ab2023-02-07 15:22:36.848root 11241100x8000000000000000720615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:36.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097e685e71c055b22023-02-07 15:22:36.848root 11241100x8000000000000000720630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69982202cfe33d002023-02-07 15:22:37.346root 11241100x8000000000000000720629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbd4dc51428faa82023-02-07 15:22:37.346root 11241100x8000000000000000720628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18c718dbfb69bc62023-02-07 15:22:37.346root 11241100x8000000000000000720627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf5cf3a13f25f102023-02-07 15:22:37.346root 11241100x8000000000000000720626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32371692822b2fdc2023-02-07 15:22:37.346root 11241100x8000000000000000720625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8572c8dbf34f5f702023-02-07 15:22:37.346root 11241100x8000000000000000720624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec3980aeb5fbc982023-02-07 15:22:37.346root 11241100x8000000000000000720623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62210514ffcbc8492023-02-07 15:22:37.346root 11241100x8000000000000000720622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e3ee05154585102023-02-07 15:22:37.346root 11241100x8000000000000000720621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea87b027b0630722023-02-07 15:22:37.346root 11241100x8000000000000000720620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd819c7644433a972023-02-07 15:22:37.346root 11241100x8000000000000000720619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5783e6d30850a3092023-02-07 15:22:37.346root 11241100x8000000000000000720634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d78e35f1f147c02023-02-07 15:22:37.347root 11241100x8000000000000000720633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0ee44f488fe532023-02-07 15:22:37.347root 11241100x8000000000000000720632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee61b78c47f336222023-02-07 15:22:37.347root 11241100x8000000000000000720631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b0e812545fd0742023-02-07 15:22:37.347root 154100x8000000000000000720635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.513{ec244aba-6cbd-63e2-9ce6-4c64fa550000}6239/sbin/ifconfig-----ifconfig/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 534500x8000000000000000720636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.518{ec244aba-6cbd-63e2-9ce6-4c64fa550000}6239/sbin/ifconfigubuntu 11241100x8000000000000000720637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa89499352d0d732023-02-07 15:22:37.845root 11241100x8000000000000000720642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee53825446e4c8872023-02-07 15:22:37.846root 11241100x8000000000000000720641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1de7507c2ee17fe2023-02-07 15:22:37.846root 11241100x8000000000000000720640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947489aba79576842023-02-07 15:22:37.846root 11241100x8000000000000000720639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad5d12bea4eb8e72023-02-07 15:22:37.846root 11241100x8000000000000000720638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25b1f43edd30c4f2023-02-07 15:22:37.846root 11241100x8000000000000000720654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf9434319b779fa2023-02-07 15:22:37.847root 11241100x8000000000000000720653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d190db7a6030d2023-02-07 15:22:37.847root 11241100x8000000000000000720652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675aa9f6b671da672023-02-07 15:22:37.847root 11241100x8000000000000000720651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac39d2171abb389f2023-02-07 15:22:37.847root 11241100x8000000000000000720650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05532b4fd64d32b72023-02-07 15:22:37.847root 11241100x8000000000000000720649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54858fdc58874332023-02-07 15:22:37.847root 11241100x8000000000000000720648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ab0233c2ef379a2023-02-07 15:22:37.847root 11241100x8000000000000000720647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7817a77617ebd862023-02-07 15:22:37.847root 11241100x8000000000000000720646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3aeed8b1fa59b8e2023-02-07 15:22:37.847root 11241100x8000000000000000720645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b82f755588b1d32023-02-07 15:22:37.847root 11241100x8000000000000000720644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16fa56183f9adf52023-02-07 15:22:37.847root 11241100x8000000000000000720643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351113003c98501f2023-02-07 15:22:37.847root 11241100x8000000000000000720655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9242876f144317672023-02-07 15:22:38.345root 11241100x8000000000000000720662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a1b196d36795e12023-02-07 15:22:38.346root 11241100x8000000000000000720661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604e1daf887870942023-02-07 15:22:38.346root 11241100x8000000000000000720660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f1bbd1fedcfb032023-02-07 15:22:38.346root 11241100x8000000000000000720659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9559d72b88b8972023-02-07 15:22:38.346root 11241100x8000000000000000720658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afab51181dec04a42023-02-07 15:22:38.346root 11241100x8000000000000000720657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79016419e94a9b32023-02-07 15:22:38.346root 11241100x8000000000000000720656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d09f40047a3c02023-02-07 15:22:38.346root 11241100x8000000000000000720672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e315a335e8334c6f2023-02-07 15:22:38.347root 11241100x8000000000000000720671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04082f1187d62432023-02-07 15:22:38.347root 11241100x8000000000000000720670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54204e7357d30a92023-02-07 15:22:38.347root 11241100x8000000000000000720669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1428d68d1bd4d4852023-02-07 15:22:38.347root 11241100x8000000000000000720668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191e0e2264b743b72023-02-07 15:22:38.347root 11241100x8000000000000000720667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e88bbfdb0743782023-02-07 15:22:38.347root 11241100x8000000000000000720666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb210b436df5c9812023-02-07 15:22:38.347root 11241100x8000000000000000720665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4576dae367ee8662023-02-07 15:22:38.347root 11241100x8000000000000000720664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c1bd505b0344342023-02-07 15:22:38.347root 11241100x8000000000000000720663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5139ea3c82f33ae02023-02-07 15:22:38.347root 11241100x8000000000000000720678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0115e5cf22c35ea42023-02-07 15:22:38.846root 11241100x8000000000000000720677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee2f0ab4e5c1fa72023-02-07 15:22:38.846root 11241100x8000000000000000720676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2840e25ced41332023-02-07 15:22:38.846root 11241100x8000000000000000720675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6515499fecdaa2b62023-02-07 15:22:38.846root 11241100x8000000000000000720674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b88708bcf252e5a2023-02-07 15:22:38.846root 11241100x8000000000000000720673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53240828dd1f649c2023-02-07 15:22:38.846root 11241100x8000000000000000720687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5eebd2f72ebbb32023-02-07 15:22:38.847root 11241100x8000000000000000720686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3646ebb26e50302023-02-07 15:22:38.847root 11241100x8000000000000000720685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df0298e5da94ad02023-02-07 15:22:38.847root 11241100x8000000000000000720684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f48d9b54343882023-02-07 15:22:38.847root 11241100x8000000000000000720683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d08a7cd87c75f872023-02-07 15:22:38.847root 11241100x8000000000000000720682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e60167c00f36b62023-02-07 15:22:38.847root 11241100x8000000000000000720681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a11c9c2b86e5bcc2023-02-07 15:22:38.847root 11241100x8000000000000000720680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e9dfcede22439d2023-02-07 15:22:38.847root 11241100x8000000000000000720679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc2f5f46aba5362023-02-07 15:22:38.847root 11241100x8000000000000000720690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8147e89ebed3f49a2023-02-07 15:22:38.848root 11241100x8000000000000000720689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d96a0ff0843d0f42023-02-07 15:22:38.848root 11241100x8000000000000000720688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:38.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeedb901a09bf282023-02-07 15:22:38.848root 11241100x8000000000000000720699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22af77b95ff12a2b2023-02-07 15:22:39.346root 11241100x8000000000000000720698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72998c8b173bf822023-02-07 15:22:39.346root 11241100x8000000000000000720697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56012d729bd11232023-02-07 15:22:39.346root 11241100x8000000000000000720696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693e6dc1c724196b2023-02-07 15:22:39.346root 11241100x8000000000000000720695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420afcbe3ffd44292023-02-07 15:22:39.346root 11241100x8000000000000000720694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257609e1c0dc6dff2023-02-07 15:22:39.346root 11241100x8000000000000000720693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90835ed38709169e2023-02-07 15:22:39.346root 11241100x8000000000000000720692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5537e0f74da969a92023-02-07 15:22:39.346root 11241100x8000000000000000720691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1709ac1e193eed202023-02-07 15:22:39.346root 11241100x8000000000000000720704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecfddfa12ab38102023-02-07 15:22:39.347root 11241100x8000000000000000720703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e527b0bb1a4b55292023-02-07 15:22:39.347root 11241100x8000000000000000720702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdcfd4c003247602023-02-07 15:22:39.347root 11241100x8000000000000000720701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001769abe0b2e94e2023-02-07 15:22:39.347root 11241100x8000000000000000720700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d80bcbb73e417c62023-02-07 15:22:39.347root 11241100x8000000000000000720708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d70ebf44ef795e42023-02-07 15:22:39.348root 11241100x8000000000000000720707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffa8843023b6c92023-02-07 15:22:39.348root 11241100x8000000000000000720706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fc5c783eaa6cb12023-02-07 15:22:39.348root 11241100x8000000000000000720705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3aa7d2b4655f8c2023-02-07 15:22:39.348root 11241100x8000000000000000720710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a197d0cac39a11272023-02-07 15:22:39.845root 11241100x8000000000000000720709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de27320a675673b2023-02-07 15:22:39.845root 11241100x8000000000000000720714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595825e734cc49072023-02-07 15:22:39.846root 11241100x8000000000000000720713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667e9bab42a948aa2023-02-07 15:22:39.846root 11241100x8000000000000000720712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec4f6923b7b19c2023-02-07 15:22:39.846root 11241100x8000000000000000720711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214d8810b28dc27a2023-02-07 15:22:39.846root 11241100x8000000000000000720722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8c516dbbe0819f2023-02-07 15:22:39.847root 11241100x8000000000000000720721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91406c9e029731e2023-02-07 15:22:39.847root 11241100x8000000000000000720720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cf4e28d58aedc92023-02-07 15:22:39.847root 11241100x8000000000000000720719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e122156efb8eb62023-02-07 15:22:39.847root 11241100x8000000000000000720718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca497ac955945ef22023-02-07 15:22:39.847root 11241100x8000000000000000720717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2af409292cdd5522023-02-07 15:22:39.847root 11241100x8000000000000000720716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fae5775ee4ab7bc2023-02-07 15:22:39.847root 11241100x8000000000000000720715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180fb3f78077c1922023-02-07 15:22:39.847root 11241100x8000000000000000720728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184079004a9045b2023-02-07 15:22:39.848root 11241100x8000000000000000720727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91583d1f68a20a012023-02-07 15:22:39.848root 11241100x8000000000000000720726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88efa746f9eba8542023-02-07 15:22:39.848root 11241100x8000000000000000720725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86b717d3b3713b22023-02-07 15:22:39.848root 11241100x8000000000000000720724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142225dc583357d52023-02-07 15:22:39.848root 11241100x8000000000000000720723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0261043e32fcd52023-02-07 15:22:39.848root 354300x8000000000000000720729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.130{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59844-false10.0.1.12-8000- 11241100x8000000000000000720734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.131{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abd2f68cbb90ffe2023-02-07 15:22:40.131root 11241100x8000000000000000720733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.131{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da86c23fbcd660cf2023-02-07 15:22:40.131root 11241100x8000000000000000720732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.131{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200dc5aed89659ba2023-02-07 15:22:40.131root 11241100x8000000000000000720731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.131{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f7d95dac0025292023-02-07 15:22:40.131root 11241100x8000000000000000720730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.131{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10ff19a4aaf0ef12023-02-07 15:22:40.131root 11241100x8000000000000000720743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d7e2efc443dc6a2023-02-07 15:22:40.132root 11241100x8000000000000000720742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7298e2f4009e2a072023-02-07 15:22:40.132root 11241100x8000000000000000720741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fba2c6150f58872023-02-07 15:22:40.132root 11241100x8000000000000000720740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b4866b7e7f6872023-02-07 15:22:40.132root 11241100x8000000000000000720739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600627bfe80b8b0e2023-02-07 15:22:40.132root 11241100x8000000000000000720738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf0faaabbaaf0b32023-02-07 15:22:40.132root 11241100x8000000000000000720737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906f45fb33b9773f2023-02-07 15:22:40.132root 11241100x8000000000000000720736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9cc46436e0116b2023-02-07 15:22:40.132root 11241100x8000000000000000720735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.132{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe83454b3822e22023-02-07 15:22:40.132root 11241100x8000000000000000720751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6528abdb394db3e22023-02-07 15:22:40.133root 11241100x8000000000000000720750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33c0235e2a125542023-02-07 15:22:40.133root 11241100x8000000000000000720749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9be3238a5081a92023-02-07 15:22:40.133root 11241100x8000000000000000720748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6630b3024a698732023-02-07 15:22:40.133root 11241100x8000000000000000720747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ae9fe3cf1bd5212023-02-07 15:22:40.133root 11241100x8000000000000000720746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67df6a4dc1ef03582023-02-07 15:22:40.133root 11241100x8000000000000000720745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228de95b8190ede22023-02-07 15:22:40.133root 11241100x8000000000000000720744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.133{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c74ea96386777a2023-02-07 15:22:40.133root 11241100x8000000000000000720761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa607f9b6f858c2c2023-02-07 15:22:40.134root 11241100x8000000000000000720760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbefa3c6b3d0e6ee2023-02-07 15:22:40.134root 11241100x8000000000000000720759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f445992433eb612023-02-07 15:22:40.134root 11241100x8000000000000000720758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9163c51075c4f362023-02-07 15:22:40.134root 11241100x8000000000000000720757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827f8c8f5be07022023-02-07 15:22:40.134root 11241100x8000000000000000720756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c439d449243ddcae2023-02-07 15:22:40.134root 11241100x8000000000000000720755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a3fe7bf3620b872023-02-07 15:22:40.134root 11241100x8000000000000000720754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44399653b22c7fb12023-02-07 15:22:40.134root 11241100x8000000000000000720753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f69375aa3ab5b52023-02-07 15:22:40.134root 11241100x8000000000000000720752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.134{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1258e39849032c2023-02-07 15:22:40.134root 11241100x8000000000000000720768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac25092a878a20f2023-02-07 15:22:40.595root 11241100x8000000000000000720767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea8824d6ff4e87d2023-02-07 15:22:40.595root 11241100x8000000000000000720766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ab8e9c117a9f1b2023-02-07 15:22:40.595root 11241100x8000000000000000720765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b1eda1478476d02023-02-07 15:22:40.595root 11241100x8000000000000000720764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246d0e776725e87a2023-02-07 15:22:40.595root 11241100x8000000000000000720763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfa0218091050d82023-02-07 15:22:40.595root 11241100x8000000000000000720762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77abbdc14b8d89a22023-02-07 15:22:40.595root 11241100x8000000000000000720775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391ae42fe511c7dc2023-02-07 15:22:40.596root 11241100x8000000000000000720774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de3f3b84401ccdb2023-02-07 15:22:40.596root 11241100x8000000000000000720773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484187b9851dcc352023-02-07 15:22:40.596root 11241100x8000000000000000720772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1f5ec0b050638c2023-02-07 15:22:40.596root 11241100x8000000000000000720771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181978916a938cac2023-02-07 15:22:40.596root 11241100x8000000000000000720770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632ab9214ea427b32023-02-07 15:22:40.596root 11241100x8000000000000000720769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da89f7c1002d7a42023-02-07 15:22:40.596root 11241100x8000000000000000720779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cae3bab8425383a2023-02-07 15:22:40.597root 11241100x8000000000000000720778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb79fd0e006c09e22023-02-07 15:22:40.597root 11241100x8000000000000000720777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215558b6a447d1dc2023-02-07 15:22:40.597root 11241100x8000000000000000720776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795ac4bd2da8c78f2023-02-07 15:22:40.597root 11241100x8000000000000000720780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:40.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b4ad32eba79a582023-02-07 15:22:40.598root 11241100x8000000000000000720784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228dce5ca42686f62023-02-07 15:22:41.095root 11241100x8000000000000000720783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c7ffa554f189472023-02-07 15:22:41.095root 11241100x8000000000000000720782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea669325bde56ad12023-02-07 15:22:41.095root 11241100x8000000000000000720781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cc292565750c6c2023-02-07 15:22:41.095root 11241100x8000000000000000720791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce41db9b8bcba602023-02-07 15:22:41.096root 11241100x8000000000000000720790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aed9af6924c55b12023-02-07 15:22:41.096root 11241100x8000000000000000720789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1217456dd735d1c2023-02-07 15:22:41.096root 11241100x8000000000000000720788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d83c081ddc080c32023-02-07 15:22:41.096root 11241100x8000000000000000720787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f78dacc78b9162023-02-07 15:22:41.096root 11241100x8000000000000000720786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bca1cadbcba9d42023-02-07 15:22:41.096root 11241100x8000000000000000720785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a536cf945991f02f2023-02-07 15:22:41.096root 11241100x8000000000000000720799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea553f46b9d590602023-02-07 15:22:41.097root 11241100x8000000000000000720798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c7f9eacf075a232023-02-07 15:22:41.097root 11241100x8000000000000000720797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b5ce202fd25f352023-02-07 15:22:41.097root 11241100x8000000000000000720796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc1fd38ae0b54382023-02-07 15:22:41.097root 11241100x8000000000000000720795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd02e3233ef6f9b2023-02-07 15:22:41.097root 11241100x8000000000000000720794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5543a1f4ddbf5d2023-02-07 15:22:41.097root 11241100x8000000000000000720793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edf9ce20c2fc54a2023-02-07 15:22:41.097root 11241100x8000000000000000720792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd06ebb5f79fdf02023-02-07 15:22:41.097root 11241100x8000000000000000720805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be405fc3cc7666bf2023-02-07 15:22:41.595root 11241100x8000000000000000720804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80aa734149895912023-02-07 15:22:41.595root 11241100x8000000000000000720803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37a7e56393b40c72023-02-07 15:22:41.595root 11241100x8000000000000000720802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d94007e0434bf32023-02-07 15:22:41.595root 11241100x8000000000000000720801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d86048073597352023-02-07 15:22:41.595root 11241100x8000000000000000720800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912048de0f38bbb2023-02-07 15:22:41.595root 11241100x8000000000000000720817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5aca46fa91022f2023-02-07 15:22:41.596root 11241100x8000000000000000720816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c138af2da668802023-02-07 15:22:41.596root 11241100x8000000000000000720815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581da8b23ccb02062023-02-07 15:22:41.596root 11241100x8000000000000000720814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48433c75321c7f052023-02-07 15:22:41.596root 11241100x8000000000000000720813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f662094595a6862023-02-07 15:22:41.596root 11241100x8000000000000000720812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f549e619db44cc22023-02-07 15:22:41.596root 11241100x8000000000000000720811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee049d21ffc50bf2023-02-07 15:22:41.596root 11241100x8000000000000000720810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7e6e45db8ce1542023-02-07 15:22:41.596root 11241100x8000000000000000720809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7e6975a70ace22023-02-07 15:22:41.596root 11241100x8000000000000000720808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff553043e29d32af2023-02-07 15:22:41.596root 11241100x8000000000000000720807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a03097bf62949b32023-02-07 15:22:41.596root 11241100x8000000000000000720806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b779813a27b9ed0a2023-02-07 15:22:41.596root 11241100x8000000000000000720818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf904e3afd09fd82023-02-07 15:22:41.597root 11241100x8000000000000000720822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247f816973b050c2023-02-07 15:22:42.095root 11241100x8000000000000000720821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b06ae30ed9b1532023-02-07 15:22:42.095root 11241100x8000000000000000720820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b9ecf0a2c1c0a92023-02-07 15:22:42.095root 11241100x8000000000000000720819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f199fbc4874af2023-02-07 15:22:42.095root 11241100x8000000000000000720830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db938c5f82762f602023-02-07 15:22:42.096root 11241100x8000000000000000720829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853444fa91ab105f2023-02-07 15:22:42.096root 11241100x8000000000000000720828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a8aa39864a311a2023-02-07 15:22:42.096root 11241100x8000000000000000720827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65132bbbfadc119e2023-02-07 15:22:42.096root 11241100x8000000000000000720826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69491640830909732023-02-07 15:22:42.096root 11241100x8000000000000000720825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acb794a77a3d83d2023-02-07 15:22:42.096root 11241100x8000000000000000720824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d5566d107466e42023-02-07 15:22:42.096root 11241100x8000000000000000720823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d8ad77109d51eb2023-02-07 15:22:42.096root 11241100x8000000000000000720836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df5bd5a307e7192023-02-07 15:22:42.097root 11241100x8000000000000000720835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c005f9e45ebf512023-02-07 15:22:42.097root 11241100x8000000000000000720834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e187e26a8d37a02023-02-07 15:22:42.097root 11241100x8000000000000000720833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c626e7d618177d2023-02-07 15:22:42.097root 11241100x8000000000000000720832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a703acc8d20a0fe02023-02-07 15:22:42.097root 11241100x8000000000000000720831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128f0fd93690f6a2023-02-07 15:22:42.097root 11241100x8000000000000000720837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79b817ad3cafaad2023-02-07 15:22:42.098root 11241100x8000000000000000720841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3338df74fa6cd7ac2023-02-07 15:22:42.595root 11241100x8000000000000000720840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac4a1e8f11e00de2023-02-07 15:22:42.595root 11241100x8000000000000000720839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6802bf8bae9c89a32023-02-07 15:22:42.595root 11241100x8000000000000000720838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63df5b05e7824ba52023-02-07 15:22:42.595root 11241100x8000000000000000720848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16e54385e210072023-02-07 15:22:42.596root 11241100x8000000000000000720847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf4a51bfab8b2692023-02-07 15:22:42.596root 11241100x8000000000000000720846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfeac7214c8378482023-02-07 15:22:42.596root 11241100x8000000000000000720845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e0f6eddf0706142023-02-07 15:22:42.596root 11241100x8000000000000000720844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedf1d95d3e3a7252023-02-07 15:22:42.596root 11241100x8000000000000000720843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3af0d84554fbf12023-02-07 15:22:42.596root 11241100x8000000000000000720842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8467f89ad7bc71ea2023-02-07 15:22:42.596root 11241100x8000000000000000720855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68e8518e218c8312023-02-07 15:22:42.597root 11241100x8000000000000000720854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c5f95743561522023-02-07 15:22:42.597root 11241100x8000000000000000720853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ac3680cc450ead2023-02-07 15:22:42.597root 11241100x8000000000000000720852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cfd65259d1796b2023-02-07 15:22:42.597root 11241100x8000000000000000720851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659185ce5a458ab32023-02-07 15:22:42.597root 11241100x8000000000000000720850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e270b4753aac40f2023-02-07 15:22:42.597root 11241100x8000000000000000720849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3d13aa006878812023-02-07 15:22:42.597root 11241100x8000000000000000720857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adec06eb3450267f2023-02-07 15:22:42.598root 11241100x8000000000000000720856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:42.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99719e6eef1f032d2023-02-07 15:22:42.598root 11241100x8000000000000000720863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b7ed14f9651f6f2023-02-07 15:22:43.096root 11241100x8000000000000000720862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7de29797d12524e2023-02-07 15:22:43.096root 11241100x8000000000000000720861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6fe7593b59e392023-02-07 15:22:43.096root 11241100x8000000000000000720860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e08a5cc7640f4512023-02-07 15:22:43.096root 11241100x8000000000000000720859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbd260042f826382023-02-07 15:22:43.096root 11241100x8000000000000000720858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38660ae2ba596e5a2023-02-07 15:22:43.096root 11241100x8000000000000000720870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e544169c63bffd2023-02-07 15:22:43.097root 11241100x8000000000000000720869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2259d0ac9c6facde2023-02-07 15:22:43.097root 11241100x8000000000000000720868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfbc9e6f0697e822023-02-07 15:22:43.097root 11241100x8000000000000000720867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add05a9ea9b5606e2023-02-07 15:22:43.097root 11241100x8000000000000000720866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6119f6e199977b2023-02-07 15:22:43.097root 11241100x8000000000000000720865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6eb5b8703cfc102023-02-07 15:22:43.097root 11241100x8000000000000000720864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f6727499a6eeb2023-02-07 15:22:43.097root 11241100x8000000000000000720874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158c561bdb82a13c2023-02-07 15:22:43.098root 11241100x8000000000000000720873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635dbbeccd1a9de42023-02-07 15:22:43.098root 11241100x8000000000000000720872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e35f3c91e70c512023-02-07 15:22:43.098root 11241100x8000000000000000720871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff0afbb865895c2023-02-07 15:22:43.098root 11241100x8000000000000000720876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13741654c2ec7822023-02-07 15:22:43.099root 11241100x8000000000000000720875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baa74e9e03431db2023-02-07 15:22:43.099root 11241100x8000000000000000720881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d0e742f9df7a42023-02-07 15:22:43.595root 11241100x8000000000000000720880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8f7e1c91b6a9452023-02-07 15:22:43.595root 11241100x8000000000000000720879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f3f23851309be2023-02-07 15:22:43.595root 11241100x8000000000000000720878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6927385bb18cfe5e2023-02-07 15:22:43.595root 11241100x8000000000000000720877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2e5b07c99fb7d82023-02-07 15:22:43.595root 11241100x8000000000000000720884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ade0afb441f492023-02-07 15:22:43.596root 11241100x8000000000000000720883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6465efa68147e7e2023-02-07 15:22:43.596root 11241100x8000000000000000720882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd04424854c97fff2023-02-07 15:22:43.596root 11241100x8000000000000000720892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f117fd95786eb6c2023-02-07 15:22:43.597root 11241100x8000000000000000720891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1652638f4e69d12023-02-07 15:22:43.597root 11241100x8000000000000000720890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8808088f094e2e8e2023-02-07 15:22:43.597root 11241100x8000000000000000720889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cd8712be6978b22023-02-07 15:22:43.597root 11241100x8000000000000000720888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b88848b4c7a32c2023-02-07 15:22:43.597root 11241100x8000000000000000720887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad3ab4520237da02023-02-07 15:22:43.597root 11241100x8000000000000000720886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0234af1f7e19d3e2023-02-07 15:22:43.597root 11241100x8000000000000000720885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a643f596d49bbd2023-02-07 15:22:43.597root 11241100x8000000000000000720900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f30d9994a842fa2023-02-07 15:22:43.598root 11241100x8000000000000000720899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2172997a6bb33c72023-02-07 15:22:43.598root 11241100x8000000000000000720898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555089403cf0fbee2023-02-07 15:22:43.598root 11241100x8000000000000000720897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba36e06822874472023-02-07 15:22:43.598root 11241100x8000000000000000720896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b30f354d23c1a22023-02-07 15:22:43.598root 11241100x8000000000000000720895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3607668ddbe8d12023-02-07 15:22:43.598root 11241100x8000000000000000720894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0d5650dd994faf2023-02-07 15:22:43.598root 11241100x8000000000000000720893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:43.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e61f93ac44b57a72023-02-07 15:22:43.598root 11241100x8000000000000000720905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37859b4d493284302023-02-07 15:22:44.095root 11241100x8000000000000000720904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4530998a1e163ec2023-02-07 15:22:44.095root 11241100x8000000000000000720903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b004aefc8b91a92023-02-07 15:22:44.095root 11241100x8000000000000000720902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a7b9be534dd51c2023-02-07 15:22:44.095root 11241100x8000000000000000720901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872af7aa9937d722023-02-07 15:22:44.095root 11241100x8000000000000000720913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d0efe1c197d86f2023-02-07 15:22:44.096root 11241100x8000000000000000720912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd8539fb631e0782023-02-07 15:22:44.096root 11241100x8000000000000000720911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6733dea30207372023-02-07 15:22:44.096root 11241100x8000000000000000720910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d56a9f3b88db12023-02-07 15:22:44.096root 11241100x8000000000000000720909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a70f36865145c3d2023-02-07 15:22:44.096root 11241100x8000000000000000720908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f52f734c26b1502023-02-07 15:22:44.096root 11241100x8000000000000000720907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b627d51344b0e192023-02-07 15:22:44.096root 11241100x8000000000000000720906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e53b3a9b81d5a22023-02-07 15:22:44.096root 11241100x8000000000000000720920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8ff42c15e8f29a2023-02-07 15:22:44.097root 11241100x8000000000000000720919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d82f110ed2edc42023-02-07 15:22:44.097root 11241100x8000000000000000720918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618b636fb8f685a2023-02-07 15:22:44.097root 11241100x8000000000000000720917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4277062500de4e2023-02-07 15:22:44.097root 11241100x8000000000000000720916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5d61844d07f1ad2023-02-07 15:22:44.097root 11241100x8000000000000000720915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a3f56068a867652023-02-07 15:22:44.097root 11241100x8000000000000000720914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c327c66c36a2e22023-02-07 15:22:44.097root 11241100x8000000000000000720921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f828b94ae9ed7a9a2023-02-07 15:22:44.098root 11241100x8000000000000000720925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e67058559470fe02023-02-07 15:22:44.595root 11241100x8000000000000000720924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18a666207d20e5f2023-02-07 15:22:44.595root 11241100x8000000000000000720923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e72e60db10a3822023-02-07 15:22:44.595root 11241100x8000000000000000720922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7773ebc2574be362023-02-07 15:22:44.595root 11241100x8000000000000000720934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbd359dcbd588e42023-02-07 15:22:44.596root 11241100x8000000000000000720933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c31403bb8f2d0342023-02-07 15:22:44.596root 11241100x8000000000000000720932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810879430e3986902023-02-07 15:22:44.596root 11241100x8000000000000000720931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b6e9629fea89c12023-02-07 15:22:44.596root 11241100x8000000000000000720930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c5afe55a3ad78e2023-02-07 15:22:44.596root 11241100x8000000000000000720929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6652eb5d157704a2023-02-07 15:22:44.596root 11241100x8000000000000000720928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148bb9da59d25f162023-02-07 15:22:44.596root 11241100x8000000000000000720927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d95b1451fe595232023-02-07 15:22:44.596root 11241100x8000000000000000720926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b24c2cb9d62de252023-02-07 15:22:44.596root 11241100x8000000000000000720944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a46050d5f2dc372023-02-07 15:22:44.597root 11241100x8000000000000000720943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c03fd01676d1bb92023-02-07 15:22:44.597root 11241100x8000000000000000720942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811d0ae5f36431842023-02-07 15:22:44.597root 11241100x8000000000000000720941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d8f0607a1b4e92023-02-07 15:22:44.597root 11241100x8000000000000000720940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d2be6f1c349a182023-02-07 15:22:44.597root 11241100x8000000000000000720939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faeda62b0d1f97c42023-02-07 15:22:44.597root 11241100x8000000000000000720938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6d07dfc3143ed32023-02-07 15:22:44.597root 11241100x8000000000000000720937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06cb3353903a1312023-02-07 15:22:44.597root 11241100x8000000000000000720936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d30c3aec3e07ea92023-02-07 15:22:44.597root 11241100x8000000000000000720935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bc30b1e256e53e2023-02-07 15:22:44.597root 154100x8000000000000000720945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.646{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash-----/bin/bash ./awfulshred3.sh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bash-bashubuntu 154100x8000000000000000720946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.652{ec244aba-6cc4-63e2-504f-3a345a550000}6242/usr/bin/shred-----shred -n 1 -x -z ./awfulshred3.sh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6241--- 154100x8000000000000000720949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.656{ec244aba-6cc4-63e2-7033-d6bbc3550000}6243/bin/rm-----rm ./awfulshred3.sh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000720948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.656{00000000-0000-0000-0000-000000000000}6241<unknown process>ubuntu 534500x8000000000000000720947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.656{ec244aba-6cc4-63e2-504f-3a345a550000}6242/usr/bin/shredubuntu 23542300x8000000000000000720950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.657{ec244aba-6cc4-63e2-7033-d6bbc3550000}6243ubuntu/bin/rm/home/ubuntu/wiper/./awfulshred3.sh--- 154100x8000000000000000720954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.658{ec244aba-6cc4-63e2-d0c9-ed4ce6550000}6244/bin/cat-----cat /dev/null/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 11241100x8000000000000000720953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.658{ec244aba-6cc4-63e2-0000-000000000000}6244/bin/bash/home/ubuntu/.bash_history2023-02-07 15:22:44.658ubuntu 11241100x8000000000000000720952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.658{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/home/ubuntu/.history2023-02-07 15:22:44.658ubuntu 534500x8000000000000000720951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.658{ec244aba-6cc4-63e2-7033-d6bbc3550000}6243/bin/rmubuntu 154100x8000000000000000720956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.660{ec244aba-6cc4-63e2-407e-e8143e560000}6245/sbin/swapon-----swapon -a/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000720955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.660{ec244aba-6cc4-63e2-d0c9-ed4ce6550000}6244/bin/catubuntu 154100x8000000000000000720958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.664{ec244aba-6cc4-63e2-300e-bfc5c7550000}6246/bin/sleep-----sleep 2/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000720957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:44.664{ec244aba-6cc4-63e2-407e-e8143e560000}6245/sbin/swaponubuntu 11241100x8000000000000000720965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f464027411377d732023-02-07 15:22:45.095root 11241100x8000000000000000720964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6313180d6b7c4b2023-02-07 15:22:45.095root 11241100x8000000000000000720963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81fb7996c1f6ed32023-02-07 15:22:45.095root 11241100x8000000000000000720962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e76ea06d167f1f2023-02-07 15:22:45.095root 11241100x8000000000000000720961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefbacee316dab652023-02-07 15:22:45.095root 11241100x8000000000000000720960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c4b5e71a40ca782023-02-07 15:22:45.095root 11241100x8000000000000000720959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322be3f7c30a478d2023-02-07 15:22:45.095root 11241100x8000000000000000720970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32795d3ecc1e92c2023-02-07 15:22:45.096root 11241100x8000000000000000720969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64939081ed99b9b62023-02-07 15:22:45.096root 11241100x8000000000000000720968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e430c71551e1882f2023-02-07 15:22:45.096root 11241100x8000000000000000720967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c59bcdcc6a4e842023-02-07 15:22:45.096root 11241100x8000000000000000720966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cfd77eccae1c662023-02-07 15:22:45.096root 11241100x8000000000000000720975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e998848befe885ed2023-02-07 15:22:45.097root 11241100x8000000000000000720974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cad24297b974cb2023-02-07 15:22:45.097root 11241100x8000000000000000720973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa88f80c079369d2023-02-07 15:22:45.097root 11241100x8000000000000000720972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad82b7951c8e20f2023-02-07 15:22:45.097root 11241100x8000000000000000720971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ff45b651d8af922023-02-07 15:22:45.097root 11241100x8000000000000000720978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6901061b6dac092023-02-07 15:22:45.098root 11241100x8000000000000000720977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5396119b1c8aa2b2023-02-07 15:22:45.098root 11241100x8000000000000000720976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6becbfcb86499f2023-02-07 15:22:45.098root 11241100x8000000000000000720980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d5ac3387f2e2cf2023-02-07 15:22:45.099root 11241100x8000000000000000720979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887daf8b393decfd2023-02-07 15:22:45.099root 11241100x8000000000000000720985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af68c22bb878fd82023-02-07 15:22:45.100root 11241100x8000000000000000720984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155c2230d463684a2023-02-07 15:22:45.100root 11241100x8000000000000000720983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622f9acb1172076b2023-02-07 15:22:45.100root 11241100x8000000000000000720982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec870b28a746f242023-02-07 15:22:45.100root 11241100x8000000000000000720981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1ef45ff795d4cc2023-02-07 15:22:45.100root 11241100x8000000000000000720994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8926cd05e1fd362023-02-07 15:22:45.101root 11241100x8000000000000000720993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb1c86820f436f92023-02-07 15:22:45.101root 11241100x8000000000000000720992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8420ba0b1b153c2023-02-07 15:22:45.101root 11241100x8000000000000000720991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0171e7a7dbf52c8a2023-02-07 15:22:45.101root 11241100x8000000000000000720990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30743a434fe81eb2023-02-07 15:22:45.101root 11241100x8000000000000000720989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579555b6fb25f4782023-02-07 15:22:45.101root 11241100x8000000000000000720988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ff880ed98411562023-02-07 15:22:45.101root 11241100x8000000000000000720987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373d794043506a02023-02-07 15:22:45.101root 11241100x8000000000000000720986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d211048084ae63e62023-02-07 15:22:45.101root 11241100x8000000000000000721003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c219b425ec9a8af2023-02-07 15:22:45.102root 11241100x8000000000000000721002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6c20b2900f3f482023-02-07 15:22:45.102root 11241100x8000000000000000721001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2027f649d06546a72023-02-07 15:22:45.102root 11241100x8000000000000000721000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b451d08f1ca35112023-02-07 15:22:45.102root 11241100x8000000000000000720999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c60b2306e9894302023-02-07 15:22:45.102root 11241100x8000000000000000720998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3c06d1327363692023-02-07 15:22:45.102root 11241100x8000000000000000720997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85f6d309283a77f2023-02-07 15:22:45.102root 11241100x8000000000000000720996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ae7d410b11d632023-02-07 15:22:45.102root 11241100x8000000000000000720995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6bae896843d58e2023-02-07 15:22:45.102root 11241100x8000000000000000721004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fab99b4359da022023-02-07 15:22:45.104root 11241100x8000000000000000721008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663b614b3b6baec52023-02-07 15:22:45.596root 11241100x8000000000000000721007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9586da9fcf10c4a02023-02-07 15:22:45.596root 11241100x8000000000000000721006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d9a2d9fd8b6a502023-02-07 15:22:45.596root 11241100x8000000000000000721005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7060281d818d37c22023-02-07 15:22:45.596root 11241100x8000000000000000721017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b510009b4c57a7192023-02-07 15:22:45.597root 11241100x8000000000000000721016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c193a02e046c9532023-02-07 15:22:45.597root 11241100x8000000000000000721015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb450f838cdfa32023-02-07 15:22:45.597root 11241100x8000000000000000721014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fedb50879fd5c32023-02-07 15:22:45.597root 11241100x8000000000000000721013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201281088eaa85302023-02-07 15:22:45.597root 11241100x8000000000000000721012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9774ee99668646d32023-02-07 15:22:45.597root 11241100x8000000000000000721011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3442b78bf77ae5f2023-02-07 15:22:45.597root 11241100x8000000000000000721010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b650ba9050e7bb2023-02-07 15:22:45.597root 11241100x8000000000000000721009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0fa248f71d64142023-02-07 15:22:45.597root 11241100x8000000000000000721026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e09cc0b6b741912023-02-07 15:22:45.598root 11241100x8000000000000000721025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc5fa812e3d3d2a2023-02-07 15:22:45.598root 11241100x8000000000000000721024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6aacfae66fc4f22023-02-07 15:22:45.598root 11241100x8000000000000000721023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9a4cb170f7fa9f2023-02-07 15:22:45.598root 11241100x8000000000000000721022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c181e9086946c22023-02-07 15:22:45.598root 11241100x8000000000000000721021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48af0256f42c43972023-02-07 15:22:45.598root 11241100x8000000000000000721020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3207325ffe9a4ab2023-02-07 15:22:45.598root 11241100x8000000000000000721019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae16f9f429363de72023-02-07 15:22:45.598root 11241100x8000000000000000721018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f116f18803d5b62023-02-07 15:22:45.598root 11241100x8000000000000000721036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fde3365248bd6062023-02-07 15:22:45.599root 11241100x8000000000000000721035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb29f2ec86bca92023-02-07 15:22:45.599root 11241100x8000000000000000721034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39385e6ab4ea07ad2023-02-07 15:22:45.599root 11241100x8000000000000000721033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c15dcc6e88391692023-02-07 15:22:45.599root 11241100x8000000000000000721032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfb8530e7bd14422023-02-07 15:22:45.599root 11241100x8000000000000000721031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036bb086abe0bd122023-02-07 15:22:45.599root 11241100x8000000000000000721030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538aeae592ce744b2023-02-07 15:22:45.599root 11241100x8000000000000000721029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1f5a22966929f72023-02-07 15:22:45.599root 11241100x8000000000000000721028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411da2180651187b2023-02-07 15:22:45.599root 11241100x8000000000000000721027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7afd4b187368ca2023-02-07 15:22:45.599root 11241100x8000000000000000721037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:45.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9549496ed45ecae52023-02-07 15:22:45.600root 354300x8000000000000000721038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.056{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36720-false10.0.1.12-8000- 11241100x8000000000000000721039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ed3dc74b320eea2023-02-07 15:22:46.058root 11241100x8000000000000000721043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcabc93dbe0e7882023-02-07 15:22:46.059root 11241100x8000000000000000721042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b165e9726460292023-02-07 15:22:46.059root 11241100x8000000000000000721041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35fc980e91a2ad72023-02-07 15:22:46.059root 11241100x8000000000000000721040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a786bcdf1a6ce2023-02-07 15:22:46.059root 11241100x8000000000000000721046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.060{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea9b21c81f733522023-02-07 15:22:46.060root 11241100x8000000000000000721045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.060{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203c49971bb905122023-02-07 15:22:46.060root 11241100x8000000000000000721044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.060{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ea60373ee375682023-02-07 15:22:46.060root 11241100x8000000000000000721050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff4b753679d13552023-02-07 15:22:46.066root 11241100x8000000000000000721049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dc5d605b3d8db32023-02-07 15:22:46.066root 11241100x8000000000000000721048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4565540c478412023-02-07 15:22:46.066root 11241100x8000000000000000721047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.066{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47baaee55644d3c32023-02-07 15:22:46.066root 11241100x8000000000000000721053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d9c41cd8af80ca2023-02-07 15:22:46.067root 11241100x8000000000000000721052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb7b016316c49622023-02-07 15:22:46.067root 11241100x8000000000000000721051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.067{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ade44b7d0ba25d2023-02-07 15:22:46.067root 11241100x8000000000000000721061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c15fc3c0ac95e672023-02-07 15:22:46.068root 11241100x8000000000000000721060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82875b9e009864432023-02-07 15:22:46.068root 11241100x8000000000000000721059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ca362cb9aa2bb22023-02-07 15:22:46.068root 11241100x8000000000000000721058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e3302e9bd361862023-02-07 15:22:46.068root 11241100x8000000000000000721057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b345a732de4f6962023-02-07 15:22:46.068root 11241100x8000000000000000721056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80298e3f8bef4bea2023-02-07 15:22:46.068root 11241100x8000000000000000721055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aac2535234c9902023-02-07 15:22:46.068root 11241100x8000000000000000721054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.068{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab16788232188ed2023-02-07 15:22:46.068root 11241100x8000000000000000721070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630061b4c94893562023-02-07 15:22:46.069root 11241100x8000000000000000721069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472fb92629beb46b2023-02-07 15:22:46.069root 11241100x8000000000000000721068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e635d5378ad78bb22023-02-07 15:22:46.069root 11241100x8000000000000000721067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee29bceb104edd962023-02-07 15:22:46.069root 11241100x8000000000000000721066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8052eab296521312023-02-07 15:22:46.069root 11241100x8000000000000000721065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33217aff7722ae9a2023-02-07 15:22:46.069root 11241100x8000000000000000721064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4343450575bd3fe82023-02-07 15:22:46.069root 11241100x8000000000000000721063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8031e875bdf9dea2023-02-07 15:22:46.069root 11241100x8000000000000000721062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117378c00c976f642023-02-07 15:22:46.069root 11241100x8000000000000000721072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244eef48d9fd17bd2023-02-07 15:22:46.070root 11241100x8000000000000000721071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c52da28467e71642023-02-07 15:22:46.070root 11241100x8000000000000000721075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83372fd30c16b8b02023-02-07 15:22:46.346root 11241100x8000000000000000721074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7b6e8ed9549b6d2023-02-07 15:22:46.346root 11241100x8000000000000000721073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e9a5045a7a67052023-02-07 15:22:46.346root 11241100x8000000000000000721083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46894885a9bb9dcb2023-02-07 15:22:46.347root 11241100x8000000000000000721082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8d22fba43086332023-02-07 15:22:46.347root 11241100x8000000000000000721081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d36a5a73a5e64c72023-02-07 15:22:46.347root 11241100x8000000000000000721080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e74029c7147ed42023-02-07 15:22:46.347root 11241100x8000000000000000721079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e10c2afba06e282023-02-07 15:22:46.347root 11241100x8000000000000000721078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a3d6242653b56d2023-02-07 15:22:46.347root 11241100x8000000000000000721077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfe259ac5338e92023-02-07 15:22:46.347root 11241100x8000000000000000721076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1a4579fb4c78e32023-02-07 15:22:46.347root 11241100x8000000000000000721092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0c194a10a2dc7d2023-02-07 15:22:46.348root 11241100x8000000000000000721091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031fe1acefc8ee542023-02-07 15:22:46.348root 11241100x8000000000000000721090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea64445aaa4124c2023-02-07 15:22:46.348root 11241100x8000000000000000721089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12241cf383da70fb2023-02-07 15:22:46.348root 11241100x8000000000000000721088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20948bed86a15832023-02-07 15:22:46.348root 11241100x8000000000000000721087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db33e9ae81ca1b2023-02-07 15:22:46.348root 11241100x8000000000000000721086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231fc0e78d5b0ddf2023-02-07 15:22:46.348root 11241100x8000000000000000721085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991cfc13ebd10ec72023-02-07 15:22:46.348root 11241100x8000000000000000721084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1138601e872a4c4e2023-02-07 15:22:46.348root 11241100x8000000000000000721105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3369bd3b02671ee2023-02-07 15:22:46.349root 11241100x8000000000000000721104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56678fc52c6fbe472023-02-07 15:22:46.349root 11241100x8000000000000000721103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc650b723e6a3302023-02-07 15:22:46.349root 11241100x8000000000000000721102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38a7a3c6f16fe0f2023-02-07 15:22:46.349root 11241100x8000000000000000721101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49797c4ab59dbcc62023-02-07 15:22:46.349root 11241100x8000000000000000721100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6655f84731b5febf2023-02-07 15:22:46.349root 11241100x8000000000000000721099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177d342e5c81f2e02023-02-07 15:22:46.349root 11241100x8000000000000000721098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b0f2bf3c9a125d2023-02-07 15:22:46.349root 11241100x8000000000000000721097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852c25bf1b6265532023-02-07 15:22:46.349root 11241100x8000000000000000721096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56413c85e49b34942023-02-07 15:22:46.349root 11241100x8000000000000000721095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eab51e9f47bf85e2023-02-07 15:22:46.349root 11241100x8000000000000000721094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b9ad84ec461c6d2023-02-07 15:22:46.349root 11241100x8000000000000000721093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebf3bcdf7ef4f662023-02-07 15:22:46.349root 11241100x8000000000000000721106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e28be8473b40472023-02-07 15:22:46.350root 154100x8000000000000000721117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.666{ec244aba-6cc6-63e2-a094-98f877550000}6247/sbin/swapoff-----swapoff -a/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 11241100x8000000000000000721108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.666{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dbae0d5b5ebaec2023-02-07 15:22:46.666root 534500x8000000000000000721107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.666{ec244aba-6cc4-63e2-300e-bfc5c7550000}6246/bin/sleepubuntu 11241100x8000000000000000721113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.667{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6217055456823f2023-02-07 15:22:46.667root 11241100x8000000000000000721112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.667{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9492a9ce90fc182023-02-07 15:22:46.667root 11241100x8000000000000000721111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.667{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625599ce9dec576b2023-02-07 15:22:46.667root 11241100x8000000000000000721110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.667{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7252b213ace05be2023-02-07 15:22:46.667root 11241100x8000000000000000721109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.667{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7223a2b33007aceb2023-02-07 15:22:46.667root 11241100x8000000000000000721118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.668{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed91917a276e2c2023-02-07 15:22:46.668root 11241100x8000000000000000721116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.668{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099cf711ed7f43492023-02-07 15:22:46.668root 11241100x8000000000000000721115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.668{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467e1f47673afaf12023-02-07 15:22:46.668root 11241100x8000000000000000721114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.668{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db19285d3debfe42023-02-07 15:22:46.668root 11241100x8000000000000000721122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.669{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b8e56e29c2b6f32023-02-07 15:22:46.669root 11241100x8000000000000000721121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.669{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b61a3e6484fa432023-02-07 15:22:46.669root 11241100x8000000000000000721120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.669{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c347c5496f73ef32023-02-07 15:22:46.669root 11241100x8000000000000000721119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.669{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b095e18ad2cd39582023-02-07 15:22:46.669root 11241100x8000000000000000721127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.670{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb6e44c0b71e9462023-02-07 15:22:46.670root 11241100x8000000000000000721126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.670{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6264ffc06aeb2e2023-02-07 15:22:46.670root 11241100x8000000000000000721125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.670{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdadd53ab03783672023-02-07 15:22:46.670root 11241100x8000000000000000721124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.670{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae944b4064ed0cb2023-02-07 15:22:46.670root 11241100x8000000000000000721123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.670{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ee8ad0de0b629b2023-02-07 15:22:46.670root 154100x8000000000000000721142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.671{ec244aba-6cc6-63e2-782b-215771550000}6248/bin/sync-----sync/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 11241100x8000000000000000721133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.671{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4c3ab32695ea112023-02-07 15:22:46.671root 11241100x8000000000000000721132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.671{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f6cea71f2a77382023-02-07 15:22:46.671root 11241100x8000000000000000721131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.671{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4548bad4d167d12023-02-07 15:22:46.671root 11241100x8000000000000000721130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.671{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71dff823477e9712023-02-07 15:22:46.671root 11241100x8000000000000000721129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.671{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c37dc308149ddd42023-02-07 15:22:46.671root 534500x8000000000000000721128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.671{ec244aba-6cc6-63e2-a094-98f877550000}6247/sbin/swapoffubuntu 11241100x8000000000000000721139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.672{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9ea9ca78cdd2432023-02-07 15:22:46.672root 11241100x8000000000000000721138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.672{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3fd8a41e9ae7b22023-02-07 15:22:46.672root 11241100x8000000000000000721137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.672{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff0d85f670e5b032023-02-07 15:22:46.672root 11241100x8000000000000000721136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.672{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a55c20fbf3fea3d2023-02-07 15:22:46.672root 11241100x8000000000000000721135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.672{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b51e7a4092929ad2023-02-07 15:22:46.672root 11241100x8000000000000000721134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.672{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97a5a93ed5194052023-02-07 15:22:46.672root 11241100x8000000000000000721148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e58e603b1fd106f2023-02-07 15:22:46.673root 11241100x8000000000000000721147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1333ece92fbab12023-02-07 15:22:46.673root 11241100x8000000000000000721146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b894720c0924f23a2023-02-07 15:22:46.673root 11241100x8000000000000000721145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1774ad807d00b72023-02-07 15:22:46.673root 11241100x8000000000000000721144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e950a4fb98a582023-02-07 15:22:46.673root 11241100x8000000000000000721143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4e4c10611520042023-02-07 15:22:46.673root 11241100x8000000000000000721141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645b030862525b462023-02-07 15:22:46.673root 11241100x8000000000000000721140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.673{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12e51a51f8d1a942023-02-07 15:22:46.673root 11241100x8000000000000000721150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.674{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d55d21e49083c52023-02-07 15:22:46.674root 11241100x8000000000000000721149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.674{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b7388dac788f622023-02-07 15:22:46.674root 11241100x8000000000000000721151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.676{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2a9169f30a10a72023-02-07 15:22:46.676root 534500x8000000000000000721152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.762{ec244aba-6cc6-63e2-782b-215771550000}6248/bin/syncubuntu 154100x8000000000000000721154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.763{ec244aba-6cc6-63e2-d039-ea1721560000}6249/bin/cat-----cat /dev/null/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 11241100x8000000000000000721153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.763{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/home/ubuntu/.history-06240.tmp2023-02-07 15:22:46.763ubuntu 534500x8000000000000000721155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.764{ec244aba-6cc6-63e2-d039-ea1721560000}6249/bin/catubuntu 154100x8000000000000000721157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.765{ec244aba-6cc6-63e2-805e-215d71550000}6251/bin/uname-----uname -s/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.765{ec244aba-3071-63e2-c83a-8af647560000}6250-ubuntu 154100x8000000000000000721159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.766{ec244aba-6cc6-63e2-801e-9fafb1550000}6252/bin/uname-----uname --kernel-release/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.766{ec244aba-6cc6-63e2-805e-215d71550000}6251/bin/unameubuntu 534500x8000000000000000721160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.767{ec244aba-6cc6-63e2-801e-9fafb1550000}6252/bin/unameubuntu 534500x8000000000000000721161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.768{ec244aba-3071-63e2-c83a-8af647560000}6253-ubuntu 154100x8000000000000000721162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.769{ec244aba-6cc6-63e2-d0dc-bc51a6550000}6255/bin/systemctl-----systemctl list-units/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6254--- 534500x8000000000000000721163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.782{ec244aba-6cc6-63e2-d0dc-bc51a6550000}6255/bin/systemctlubuntu 534500x8000000000000000721164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.783{ec244aba-6cc6-63e2-0000-000000000000}6254-ubuntu 23542300x8000000000000000721166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.784{ec244aba-6cc4-63e2-4874-afa016560000}6240ubuntu/bin/bash/tmp/sh-thd.qe8Xik--- 11241100x8000000000000000721165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.784{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/tmp/sh-thd.qe8Xik2023-02-07 15:22:46.784ubuntu 23542300x8000000000000000721168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.789{ec244aba-6cc4-63e2-4874-afa016560000}6240ubuntu/bin/bash/tmp/sh-thd.Ig9NyB--- 11241100x8000000000000000721167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.789{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/tmp/sh-thd.Ig9NyB2023-02-07 15:22:46.789ubuntu 11241100x8000000000000000721169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.795{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/tmp/sh-thd.U6KIPS2023-02-07 15:22:46.795ubuntu 23542300x8000000000000000721170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.796{ec244aba-6cc4-63e2-4874-afa016560000}6240ubuntu/bin/bash/tmp/sh-thd.U6KIPS--- 154100x8000000000000000721171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.799{ec244aba-6cc6-63e2-e8eb-0f56d6550000}6257/usr/bin/basename-----basename -s .service ssh.service/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{00000000-0000-0000-0000-000000000000}6256--- 534500x8000000000000000721173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.800{00000000-0000-0000-0000-000000000000}6256<unknown process>ubuntu 534500x8000000000000000721172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.800{ec244aba-6cc6-63e2-e8eb-0f56d6550000}6257/usr/bin/basenameubuntu 154100x8000000000000000721174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.801{ec244aba-6cc6-63e2-d05c-950c1f560000}6258/bin/systemctl-----systemctl is-active --quiet ssh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 154100x8000000000000000721176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.807{ec244aba-6cc6-63e2-d02c-4630f0550000}6259/bin/systemctl-----systemctl --quiet is-active ssh.service/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.807{ec244aba-6cc6-63e2-d05c-950c1f560000}6258/bin/systemctlubuntu 154100x8000000000000000721178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.814{ec244aba-6cc6-63e2-d00c-2eed45560000}6260/bin/systemctl-----systemctl stop ssh.service/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.814{ec244aba-6cc6-63e2-d02c-4630f0550000}6259/bin/systemctlubuntu 11241100x8000000000000000721179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.820{ec244aba-3071-63e2-28a0-2054d3550000}508/lib/systemd/systemd-udevd/run/udev/queue2023-02-07 15:22:46.820root 23542300x8000000000000000721180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.821{ec244aba-3071-63e2-28a0-2054d3550000}508root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000721181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.822{ec244aba-6cc6-63e2-0000-000000000000}6261-root 11241100x8000000000000000721182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.830{ec244aba-3071-63e2-28a0-2054d3550000}508/lib/systemd/systemd-udevd/run/udev/queue2023-02-07 15:22:46.830root 534500x8000000000000000721184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.833{00000000-0000-0000-0000-000000000000}6262<unknown process>root 23542300x8000000000000000721183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.833{ec244aba-3071-63e2-28a0-2054d3550000}508root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000721185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.840{ec244aba-6cc6-63e2-d00c-2eed45560000}6260/bin/systemctlubuntu 154100x8000000000000000721187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.841{ec244aba-6cc6-63e2-d0dc-e71f83550000}6264/bin/systemctl-----systemctl disable ssh.service/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.841{ec244aba-6cc6-63e2-0000-000000000000}6263-ubuntu 154100x8000000000000000721188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.848{ec244aba-6cc6-63e2-68f2-d14561550000}6265/bin/dash-----/bin/sh /lib/systemd/systemd-sysv-install disable ssh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc6-63e2-d0dc-e71f83550000}6264/bin/systemctlsystemctlubuntu 154100x8000000000000000721189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.850{ec244aba-6cc6-63e2-582a-2f48b9550000}6266/usr/bin/getopt-----getopt -o r: --long root: -- disable ssh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc6-63e2-68f2-d14561550000}6265/bin/dash/bin/shubuntu 154100x8000000000000000721191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.851{ec244aba-6cc6-63e2-d84a-9ead7e550000}6267/usr/bin/perl-----/usr/bin/perl /usr/sbin/update-rc.d ssh defaults/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc6-63e2-68f2-d14561550000}6265/bin/dash/bin/shubuntu 534500x8000000000000000721190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.851{ec244aba-6cc6-63e2-582a-2f48b9550000}6266/usr/bin/getoptubuntu 154100x8000000000000000721192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.859{ec244aba-6cc6-63e2-d03c-58ae4d560000}6268/bin/systemctl-----systemctl daemon-reload/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc6-63e2-d84a-9ead7e550000}6267/usr/bin/perl/usr/bin/perlubuntu 534500x8000000000000000721193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.874{ec244aba-6cc6-63e2-d03c-58ae4d560000}6268/bin/systemctlubuntu 154100x8000000000000000721195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.875{ec244aba-6cc6-63e2-d85a-ae7191550000}6269/usr/bin/perl-----/usr/bin/perl /usr/sbin/update-rc.d ssh disable/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc6-63e2-68f2-d14561550000}6265/bin/dash/bin/shubuntu 534500x8000000000000000721194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.875{ec244aba-6cc6-63e2-d84a-9ead7e550000}6267/usr/bin/perlubuntu 534500x8000000000000000721197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.889{ec244aba-6cc6-63e2-68f2-d14561550000}6265/bin/dashubuntu 534500x8000000000000000721196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.889{ec244aba-6cc6-63e2-d85a-ae7191550000}6269/usr/bin/perlubuntu 154100x8000000000000000721199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.890{ec244aba-6cc6-63e2-70c3-e71117560000}6270/bin/rm-----rm /lib/systemd/system/ssh.service/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.890{ec244aba-6cc6-63e2-d0dc-e71f83550000}6264/bin/systemctlubuntu 154100x8000000000000000721201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.892{ec244aba-6cc6-63e2-d04c-9874eb550000}6271/bin/systemctl-----systemctl daemon-reload/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.892{ec244aba-6cc6-63e2-70c3-e71117560000}6270/bin/rmubuntu 534500x8000000000000000721202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.901{ec244aba-6cc6-63e2-d04c-9874eb550000}6271/bin/systemctlubuntu 154100x8000000000000000721203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.902{ec244aba-6cc6-63e2-d0cc-5b5c8a550000}6272/bin/systemctl-----systemctl reset-failed/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.908{ec244aba-6cc6-63e2-d0cc-5b5c8a550000}6272/bin/systemctlubuntu 154100x8000000000000000721206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.909{ec244aba-6cc6-63e2-7063-c3d1db550000}6274/bin/rm-----rm /usr/bin/ssh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.909{00000000-0000-0000-0000-000000000000}6273<unknown process>ubuntu 154100x8000000000000000721208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.910{ec244aba-6cc6-63e2-702f-33802a560000}6275/usr/bin/pgrep-----pkill ssh/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 534500x8000000000000000721207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.910{ec244aba-6cc6-63e2-7063-c3d1db550000}6274/bin/rmubuntu 534500x8000000000000000721209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.920{ec244aba-6cc6-63e2-702f-33802a560000}6275/usr/bin/pgrepubuntu 534500x8000000000000000721210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.921{ec244aba-6be1-63e2-0000-000000000000}6208-ubuntu 154100x8000000000000000721215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.924{ec244aba-6cc6-63e2-7063-e3906e550000}6276/bin/rm-----rm -rf /boot --no-preserve-root/home/ubuntu/wiperubuntu{ec244aba-6be1-63e2-e803-000000000000}10009no level-{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bash/bin/bashubuntu 11241100x8000000000000000721213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.924{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccfb64827b341102023-02-07 15:22:46.924root 11241100x8000000000000000721212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.924{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53e5b98c896c9ad2023-02-07 15:22:46.924root 11241100x8000000000000000721211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.924{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e970437d10d1b92023-02-07 15:22:46.924root 11241100x8000000000000000721219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.925{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d31eaf5727be5f2023-02-07 15:22:46.925root 11241100x8000000000000000721218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.925{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7cc13f82063b802023-02-07 15:22:46.925root 11241100x8000000000000000721217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.925{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4fe2b1b39d244b2023-02-07 15:22:46.925root 11241100x8000000000000000721216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.925{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e6d528317558b72023-02-07 15:22:46.925root 11241100x8000000000000000721214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.925{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa98ef2093427a12023-02-07 15:22:46.925root 23542300x8000000000000000721234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.926{ec244aba-3078-63e2-8033-dd06ae550000}1074root/lib/systemd/systemd-logind/run/systemd/sessions/9.ref--- 534500x8000000000000000721222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.926{00000000-0000-0000-0000-000000000000}6115<unknown process>root 11241100x8000000000000000721221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.926{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d493eba7d8db5df2023-02-07 15:22:46.926root 11241100x8000000000000000721220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.926{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c78b161df27fd52023-02-07 15:22:46.926root 534500x8000000000000000721236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.928{ec244aba-6cc4-63e2-4874-afa016560000}6240/bin/bashubuntu 534500x8000000000000000721235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.928{ec244aba-6cc6-63e2-7063-e3906e550000}6276/bin/rmubuntu 11241100x8000000000000000721226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.928{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d1a02732d6d6092023-02-07 15:22:46.928root 11241100x8000000000000000721225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.928{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156300b47068e0dd2023-02-07 15:22:46.928root 11241100x8000000000000000721224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.928{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7843e6752c3586df2023-02-07 15:22:46.928root 534500x8000000000000000721223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.928{ec244aba-6be1-63e2-4874-5465c2550000}6209/bin/bashubuntu 11241100x8000000000000000721227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.929{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f0ef6c147878a02023-02-07 15:22:46.929root 11241100x8000000000000000721237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.930{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1a763152ab19f62023-02-07 15:22:46.930root 11241100x8000000000000000721233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.930{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0003ecc5b64dd5a22023-02-07 15:22:46.930root 11241100x8000000000000000721232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.930{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae09261d707c39f52023-02-07 15:22:46.930root 11241100x8000000000000000721231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.930{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc217e6a0de41e2023-02-07 15:22:46.930root 11241100x8000000000000000721230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.930{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359ae62460910f392023-02-07 15:22:46.930root 11241100x8000000000000000721229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.930{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ff25da7d55c6b42023-02-07 15:22:46.930root 11241100x8000000000000000721228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.930{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2e73f03c0b7f92023-02-07 15:22:46.930root 11241100x8000000000000000721246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f7a0ac2828dbca2023-02-07 15:22:46.931root 11241100x8000000000000000721245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcaa114fd7ecd0d2023-02-07 15:22:46.931root 11241100x8000000000000000721244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a57f96626029f512023-02-07 15:22:46.931root 11241100x8000000000000000721243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab8abc0dc0b47e62023-02-07 15:22:46.931root 11241100x8000000000000000721242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcee140240299c6b2023-02-07 15:22:46.931root 11241100x8000000000000000721241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eb964874b98f712023-02-07 15:22:46.931root 11241100x8000000000000000721240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a0e115cf22b0c42023-02-07 15:22:46.931root 11241100x8000000000000000721239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6eed2f27235c6a2023-02-07 15:22:46.931root 11241100x8000000000000000721238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.931{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b7521e81decad32023-02-07 15:22:46.931root 11241100x8000000000000000721251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.932{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c71b48558953c72023-02-07 15:22:46.932root 11241100x8000000000000000721250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.932{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdbefb10bec58292023-02-07 15:22:46.932root 11241100x8000000000000000721249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.932{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edd6652ae5ad8932023-02-07 15:22:46.932root 11241100x8000000000000000721248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.932{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e25100306824d82023-02-07 15:22:46.932root 11241100x8000000000000000721247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.932{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d03e8d7fb70f02d2023-02-07 15:22:46.932root 11241100x8000000000000000721261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6590849619c5c0602023-02-07 15:22:46.933root 11241100x8000000000000000721260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e166770a704eb5652023-02-07 15:22:46.933root 11241100x8000000000000000721259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97bf7549d5e55502023-02-07 15:22:46.933root 11241100x8000000000000000721258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a4b49650269602023-02-07 15:22:46.933root 11241100x8000000000000000721257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247ffb6cd6dc8d8d2023-02-07 15:22:46.933root 11241100x8000000000000000721256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a7608b3724fb8e2023-02-07 15:22:46.933root 11241100x8000000000000000721255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c6d8ef65de3d1a2023-02-07 15:22:46.933root 11241100x8000000000000000721254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747a384fcd5e6f7b2023-02-07 15:22:46.933root 11241100x8000000000000000721253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e54357a95c2752023-02-07 15:22:46.933root 11241100x8000000000000000721252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.933{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c25b555c0a9b88d2023-02-07 15:22:46.933root 23542300x8000000000000000721271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.934{ec244aba-306a-63e2-58b9-c1ac64550000}1root/lib/systemd/systemd/run/systemd/transient/session-9.scope--- 23542300x8000000000000000721270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.934{ec244aba-306a-63e2-58b9-c1ac64550000}1root/lib/systemd/systemd/run/systemd/units/invocation:session-9.scope--- 11241100x8000000000000000721266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.934{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5681db23f8a651bd2023-02-07 15:22:46.934root 11241100x8000000000000000721265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.934{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6756aaba6c099fb2023-02-07 15:22:46.934root 11241100x8000000000000000721264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.934{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3caef6d7c6c826f2023-02-07 15:22:46.934root 11241100x8000000000000000721263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.934{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bc49ef39f3eb312023-02-07 15:22:46.934root 11241100x8000000000000000721262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.934{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5978f85d3b473e22023-02-07 15:22:46.934root 11241100x8000000000000000721277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.935{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d447b669e8ed72e12023-02-07 15:22:46.935root 11241100x8000000000000000721276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.935{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e128443403a7225c2023-02-07 15:22:46.935root 11241100x8000000000000000721273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.935{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/users/.#1000UXsmim2023-02-07 15:22:46.935root 11241100x8000000000000000721272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.935{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/sessions/.#9cGhKD42023-02-07 15:22:46.935root 11241100x8000000000000000721269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.935{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9120dd9bfd4bdf62023-02-07 15:22:46.935root 11241100x8000000000000000721268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.935{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc234fa1cb03fbc2023-02-07 15:22:46.935root 11241100x8000000000000000721267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.935{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4130fca731b2e292023-02-07 15:22:46.935root 11241100x8000000000000000721281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.936{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638410a4372a2662023-02-07 15:22:46.936root 11241100x8000000000000000721280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.936{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52384cd24a9230c2023-02-07 15:22:46.936root 11241100x8000000000000000721279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.936{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1580041e5341f16a2023-02-07 15:22:46.936root 11241100x8000000000000000721278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.936{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b8b8ab7e331f9f2023-02-07 15:22:46.936root 11241100x8000000000000000721287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.937{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2a7b91a042401f2023-02-07 15:22:46.937root 11241100x8000000000000000721286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.937{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c083132f3682b8b2023-02-07 15:22:46.937root 11241100x8000000000000000721285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.937{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0032e3b6fc22131c2023-02-07 15:22:46.937root 11241100x8000000000000000721284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.937{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6330589db91daf202023-02-07 15:22:46.937root 11241100x8000000000000000721283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.937{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36b4c20fecd20442023-02-07 15:22:46.937root 11241100x8000000000000000721282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.937{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601999196f46ac8f2023-02-07 15:22:46.937root 11241100x8000000000000000721297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0556b40a4e64e2023-02-07 15:22:46.938root 11241100x8000000000000000721296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345c284297b7fc512023-02-07 15:22:46.938root 11241100x8000000000000000721295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d2bc1b9f71d1a2023-02-07 15:22:46.938root 11241100x8000000000000000721294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5f42bc87ba7562023-02-07 15:22:46.938root 11241100x8000000000000000721293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc987714e057ba72023-02-07 15:22:46.938root 11241100x8000000000000000721292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99b0dc25a04db5c2023-02-07 15:22:46.938root 11241100x8000000000000000721291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7490ce960eebfcc82023-02-07 15:22:46.938root 11241100x8000000000000000721290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f471e832b39de222023-02-07 15:22:46.938root 11241100x8000000000000000721289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566079fb6bf252902023-02-07 15:22:46.938root 11241100x8000000000000000721288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.938{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db5d980e5d00faf2023-02-07 15:22:46.938root 11241100x8000000000000000721309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59118dc2832ff2192023-02-07 15:22:46.939root 11241100x8000000000000000721308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464a308aca63121b2023-02-07 15:22:46.939root 11241100x8000000000000000721307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b23647598a053d72023-02-07 15:22:46.939root 11241100x8000000000000000721306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b249c210ea02657b2023-02-07 15:22:46.939root 11241100x8000000000000000721305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3025f978cbff18b42023-02-07 15:22:46.939root 11241100x8000000000000000721304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3af1dc53ed1dbba2023-02-07 15:22:46.939root 11241100x8000000000000000721303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41216bff46d2de712023-02-07 15:22:46.939root 11241100x8000000000000000721302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bbca20f8e072fb2023-02-07 15:22:46.939root 11241100x8000000000000000721301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d824819c62ab1e2023-02-07 15:22:46.939root 11241100x8000000000000000721300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa9dfe0ee02d2962023-02-07 15:22:46.939root 11241100x8000000000000000721299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29cdabb1307b19f2023-02-07 15:22:46.939root 11241100x8000000000000000721298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.939{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79947d2340fdac62023-02-07 15:22:46.939root 11241100x8000000000000000721320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f10450022369d8e2023-02-07 15:22:46.940root 11241100x8000000000000000721319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccf9315a6f4dff72023-02-07 15:22:46.940root 11241100x8000000000000000721318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93aad2ead466af92023-02-07 15:22:46.940root 11241100x8000000000000000721317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad50efb6204aa4f2023-02-07 15:22:46.940root 11241100x8000000000000000721316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87be35d94bb534082023-02-07 15:22:46.940root 11241100x8000000000000000721315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b4653c860f58ba2023-02-07 15:22:46.940root 11241100x8000000000000000721314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c5ca03659f75ca2023-02-07 15:22:46.940root 11241100x8000000000000000721313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285669429dcdca572023-02-07 15:22:46.940root 11241100x8000000000000000721312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f174e3f64f61e612023-02-07 15:22:46.940root 11241100x8000000000000000721311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd937eba3e9912a2023-02-07 15:22:46.940root 11241100x8000000000000000721310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.940{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b503a5969983c0db2023-02-07 15:22:46.940root 11241100x8000000000000000721322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.941{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcdc9d11169c0f82023-02-07 15:22:46.941root 11241100x8000000000000000721321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.941{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdb960108e9e5022023-02-07 15:22:46.941root 11241100x8000000000000000721275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.941{ec244aba-3078-63e2-8033-dd06ae550000}1074/lib/systemd/systemd-logind/run/systemd/users/.#1000iQNQXD2023-02-07 15:22:46.941root 23542300x8000000000000000721274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:22:46.941{ec244aba-3078-63e2-8033-dd06ae550000}1074root/lib/systemd/systemd-logind/run/systemd/sessions/9--- 154100x8000000000000000721436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:01.453{ec244aba-6cd5-63e2-68e4-9a9aaf550000}6278/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 534500x8000000000000000721437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:01.464{ec244aba-6cd5-63e2-68e4-9a9aaf550000}6278/bin/psroot 11241100x8000000000000000721439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e35efc9c4d2cea2023-02-07 15:23:01.845root 11241100x8000000000000000721438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:01.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bafab91a066d4e32023-02-07 15:23:01.845root 354300x8000000000000000721440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:02.093{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42074-false10.0.1.12-8000- 11241100x8000000000000000721443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485ba51566b070a22023-02-07 15:23:02.345root 11241100x8000000000000000721442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9e8323b4b7c1372023-02-07 15:23:02.345root 11241100x8000000000000000721441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:02.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccedd438d02e9fc82023-02-07 15:23:02.345root 11241100x8000000000000000721446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e09188a12c41bd2023-02-07 15:23:02.845root 11241100x8000000000000000721445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c92fdbf093df8f2023-02-07 15:23:02.845root 11241100x8000000000000000721444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:02.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c84e32bda210372023-02-07 15:23:02.845root 11241100x8000000000000000721449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aaaa03dc77e3252023-02-07 15:23:03.345root 11241100x8000000000000000721448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b2836d445771702023-02-07 15:23:03.345root 11241100x8000000000000000721447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:03.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f40a12d5e843fd2023-02-07 15:23:03.345root 11241100x8000000000000000721452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01bdcf6d90760a12023-02-07 15:23:03.845root 11241100x8000000000000000721451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f816e693beadc2c2023-02-07 15:23:03.845root 11241100x8000000000000000721450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:03.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85756290cf628f222023-02-07 15:23:03.845root 11241100x8000000000000000721455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d2c317d3b261c92023-02-07 15:23:04.345root 11241100x8000000000000000721454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc3b700ce3da1742023-02-07 15:23:04.345root 11241100x8000000000000000721453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:04.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e59563cb602d0b92023-02-07 15:23:04.345root 11241100x8000000000000000721458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b375e997078a72023-02-07 15:23:04.845root 11241100x8000000000000000721457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06339d81c46d2dfb2023-02-07 15:23:04.845root 11241100x8000000000000000721456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:04.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2720920f0f499bfe2023-02-07 15:23:04.845root 11241100x8000000000000000721461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e94b3b82aa9b32023-02-07 15:23:05.345root 11241100x8000000000000000721460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121a34b51b3a637c2023-02-07 15:23:05.345root 11241100x8000000000000000721459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:05.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22b128d9842d96d2023-02-07 15:23:05.345root 11241100x8000000000000000721464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60cc834654e35782023-02-07 15:23:05.845root 11241100x8000000000000000721463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59ad5fcba05f4cf2023-02-07 15:23:05.845root 11241100x8000000000000000721462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:05.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1a8b6f19bf9ed52023-02-07 15:23:05.845root 11241100x8000000000000000721467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a203a517e622e2e62023-02-07 15:23:06.345root 11241100x8000000000000000721466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0abed33b139db42023-02-07 15:23:06.345root 11241100x8000000000000000721465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:06.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382326097a9c11b92023-02-07 15:23:06.345root 11241100x8000000000000000721470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed44be3d0d8b6d82023-02-07 15:23:06.845root 11241100x8000000000000000721469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08be319ccfb3b12023-02-07 15:23:06.845root 11241100x8000000000000000721468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:06.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5355a3b8eb25c3c2023-02-07 15:23:06.845root 354300x8000000000000000721471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.187{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42868-false10.0.1.12-8000- 11241100x8000000000000000721473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.188{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcf23fd481d042b2023-02-07 15:23:07.188root 11241100x8000000000000000721472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.188{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d234a1a1ef59f08f2023-02-07 15:23:07.188root 11241100x8000000000000000721475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f21de398e145522023-02-07 15:23:07.191root 11241100x8000000000000000721474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.191{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637403f2436d31ed2023-02-07 15:23:07.191root 11241100x8000000000000000721479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c7c19a1759bdac2023-02-07 15:23:07.595root 11241100x8000000000000000721478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf7525157b699a62023-02-07 15:23:07.595root 11241100x8000000000000000721477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb485d8e1c466e12023-02-07 15:23:07.595root 11241100x8000000000000000721476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c6e35f5aa06a202023-02-07 15:23:07.595root 11241100x8000000000000000721483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a41bf9d26f71a92023-02-07 15:23:08.095root 11241100x8000000000000000721482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989eb155046a92e12023-02-07 15:23:08.095root 11241100x8000000000000000721481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95261377d37147aa2023-02-07 15:23:08.095root 11241100x8000000000000000721480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428c26ff087ca74e2023-02-07 15:23:08.095root 11241100x8000000000000000721487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e62554165be8d02023-02-07 15:23:08.595root 11241100x8000000000000000721486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f614351ffedf5b2023-02-07 15:23:08.595root 11241100x8000000000000000721485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce5e2ad1c25797b2023-02-07 15:23:08.595root 11241100x8000000000000000721484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:08.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d605a8d25f77b33d2023-02-07 15:23:08.595root 11241100x8000000000000000721491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c8cb803e3914182023-02-07 15:23:09.095root 11241100x8000000000000000721490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c539b4079de4e66c2023-02-07 15:23:09.095root 11241100x8000000000000000721489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e678c67ac6114f2023-02-07 15:23:09.095root 11241100x8000000000000000721488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406209c6833575f82023-02-07 15:23:09.095root 11241100x8000000000000000721495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4a88ca569fc3612023-02-07 15:23:09.595root 11241100x8000000000000000721494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ba3677b98652a2023-02-07 15:23:09.595root 11241100x8000000000000000721493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61761b6a58c38b432023-02-07 15:23:09.595root 11241100x8000000000000000721492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550bba52b75e46a02023-02-07 15:23:09.595root 11241100x8000000000000000721499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6634e83470692b422023-02-07 15:23:10.095root 11241100x8000000000000000721498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c26c15fc97b49f52023-02-07 15:23:10.095root 11241100x8000000000000000721497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbc46a8c814454a2023-02-07 15:23:10.095root 11241100x8000000000000000721496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa238c71af52dd02023-02-07 15:23:10.095root 11241100x8000000000000000721503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6f3705029e086f2023-02-07 15:23:10.595root 11241100x8000000000000000721502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1086986bce2e1612023-02-07 15:23:10.595root 11241100x8000000000000000721501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4232214f24ce80ca2023-02-07 15:23:10.595root 11241100x8000000000000000721500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:10.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d4f81837e73beb2023-02-07 15:23:10.595root 11241100x8000000000000000721507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630dfeff81bafb7d2023-02-07 15:23:11.095root 11241100x8000000000000000721506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5e8f748a702d102023-02-07 15:23:11.095root 11241100x8000000000000000721505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba6860bd925f83b2023-02-07 15:23:11.095root 11241100x8000000000000000721504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2250a305faeca6302023-02-07 15:23:11.095root 11241100x8000000000000000721511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767515ea6f98458b2023-02-07 15:23:11.595root 11241100x8000000000000000721510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac811be9c727d432023-02-07 15:23:11.595root 11241100x8000000000000000721509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6715e1c548daa52023-02-07 15:23:11.595root 11241100x8000000000000000721508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:11.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c7c2c6ad658b082023-02-07 15:23:11.595root 11241100x8000000000000000721515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c156038c855c02023-02-07 15:23:12.095root 11241100x8000000000000000721514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70d8e5463ff1e322023-02-07 15:23:12.095root 11241100x8000000000000000721513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9df15a44be12cdf2023-02-07 15:23:12.095root 11241100x8000000000000000721512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d328b3a464416862023-02-07 15:23:12.095root 11241100x8000000000000000721519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cceac11da235622023-02-07 15:23:12.595root 11241100x8000000000000000721518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac6cfb8b9111b552023-02-07 15:23:12.595root 11241100x8000000000000000721517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e92487e18fb2862023-02-07 15:23:12.595root 11241100x8000000000000000721516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:12.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5996c08f8ab8f882023-02-07 15:23:12.595root 354300x8000000000000000721520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.052{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42880-false10.0.1.12-8000- 11241100x8000000000000000721522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57977c5a75d7a78f2023-02-07 15:23:13.053root 11241100x8000000000000000721521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.053{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce1f241fd791fab2023-02-07 15:23:13.053root 11241100x8000000000000000721525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4786535ba53f70b22023-02-07 15:23:13.054root 11241100x8000000000000000721524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0d7b3615e27ee72023-02-07 15:23:13.054root 11241100x8000000000000000721523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.054{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c028b8d1aaa17d292023-02-07 15:23:13.054root 11241100x8000000000000000721527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade1fc0507fb0aff2023-02-07 15:23:13.345root 11241100x8000000000000000721526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7e703b512eadb52023-02-07 15:23:13.345root 11241100x8000000000000000721530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa123b29935399b12023-02-07 15:23:13.346root 11241100x8000000000000000721529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc0157312722f412023-02-07 15:23:13.346root 11241100x8000000000000000721528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1bbab56b2d9a2b2023-02-07 15:23:13.346root 11241100x8000000000000000721535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a658612984a78e2023-02-07 15:23:13.845root 11241100x8000000000000000721534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9f92c0639c4cd62023-02-07 15:23:13.845root 11241100x8000000000000000721533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f11c12b34b090952023-02-07 15:23:13.845root 11241100x8000000000000000721532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1dab17a1a4f17d2023-02-07 15:23:13.845root 11241100x8000000000000000721531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:13.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bc86fcf3ebc4c02023-02-07 15:23:13.845root 11241100x8000000000000000721540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571ec7ce34ccfddd2023-02-07 15:23:14.345root 11241100x8000000000000000721539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6704e261e4b8b082023-02-07 15:23:14.345root 11241100x8000000000000000721538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388254e44ffd1fad2023-02-07 15:23:14.345root 11241100x8000000000000000721537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9359702250e84d22023-02-07 15:23:14.345root 11241100x8000000000000000721536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01138591c941cda42023-02-07 15:23:14.345root 354300x8000000000000000721541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.612{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-46144-false10.0.1.12-8089- 11241100x8000000000000000721546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574b3d32389f581e2023-02-07 15:23:14.613root 11241100x8000000000000000721545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a9835411e5861d2023-02-07 15:23:14.613root 11241100x8000000000000000721544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32bd8088cb5c14c2023-02-07 15:23:14.613root 11241100x8000000000000000721543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b725ac5eb24b012023-02-07 15:23:14.613root 11241100x8000000000000000721542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.613{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e08ab7f8a08d9ec2023-02-07 15:23:14.613root 11241100x8000000000000000721547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:14.614{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b795c97008edc352023-02-07 15:23:14.614root 11241100x8000000000000000721553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358a314a496575532023-02-07 15:23:15.095root 11241100x8000000000000000721552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e5fcea2ac8dc212023-02-07 15:23:15.095root 11241100x8000000000000000721551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadc52fcadac64352023-02-07 15:23:15.095root 11241100x8000000000000000721550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aac827db39510012023-02-07 15:23:15.095root 11241100x8000000000000000721549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f4bdcd557d2f22023-02-07 15:23:15.095root 11241100x8000000000000000721548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac1ecaf36bb4a192023-02-07 15:23:15.095root 11241100x8000000000000000721556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b2241da03686412023-02-07 15:23:15.595root 11241100x8000000000000000721555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69a0af4a2a1fc5a2023-02-07 15:23:15.595root 11241100x8000000000000000721554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad43dfc213d54332023-02-07 15:23:15.595root 11241100x8000000000000000721559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfdbbc76a99a9152023-02-07 15:23:15.596root 11241100x8000000000000000721558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109669e92b39e0722023-02-07 15:23:15.596root 11241100x8000000000000000721557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:15.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4198e4c0a4e0f82023-02-07 15:23:15.596root 11241100x8000000000000000721565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb9c8621dd5908e2023-02-07 15:23:16.095root 11241100x8000000000000000721564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c488e3c229b8c102023-02-07 15:23:16.095root 11241100x8000000000000000721563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6898ed4d65589b42023-02-07 15:23:16.095root 11241100x8000000000000000721562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769244dea7f2fca92023-02-07 15:23:16.095root 11241100x8000000000000000721561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcc549dfe5b43222023-02-07 15:23:16.095root 11241100x8000000000000000721560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeb27c05f44d24d2023-02-07 15:23:16.095root 11241100x8000000000000000721570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaad9362446268f2023-02-07 15:23:16.595root 11241100x8000000000000000721569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cbad928bbe45c92023-02-07 15:23:16.595root 11241100x8000000000000000721568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a113d863ef84f2b2023-02-07 15:23:16.595root 11241100x8000000000000000721567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ce6b7f5e8de1e32023-02-07 15:23:16.595root 11241100x8000000000000000721566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9387f499a09d572023-02-07 15:23:16.595root 11241100x8000000000000000721571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:16.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f8fc4d73b989372023-02-07 15:23:16.596root 11241100x8000000000000000721572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2160b8adca9e8aa82023-02-07 15:23:17.096root 11241100x8000000000000000721577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fee6753ea0aeca72023-02-07 15:23:17.097root 11241100x8000000000000000721576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db4edefa277fc352023-02-07 15:23:17.097root 11241100x8000000000000000721575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94efef13f5eb024c2023-02-07 15:23:17.097root 11241100x8000000000000000721574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042f9215b32dad8f2023-02-07 15:23:17.097root 11241100x8000000000000000721573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d593e1496c4f6b022023-02-07 15:23:17.097root 11241100x8000000000000000721583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f126e5af3443b42023-02-07 15:23:17.595root 11241100x8000000000000000721582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e13bf7ea94c1e62023-02-07 15:23:17.595root 11241100x8000000000000000721581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0312532ddf76e4482023-02-07 15:23:17.595root 11241100x8000000000000000721580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f70c70a2e4b6422023-02-07 15:23:17.595root 11241100x8000000000000000721579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266327cac4f127152023-02-07 15:23:17.595root 11241100x8000000000000000721578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:17.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3f8f8327a6ec5d2023-02-07 15:23:17.595root 11241100x8000000000000000721586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac0753bf67bac6c2023-02-07 15:23:18.095root 11241100x8000000000000000721585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfc4cec820d4fdd2023-02-07 15:23:18.095root 11241100x8000000000000000721584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924a4e57b5ff51442023-02-07 15:23:18.095root 11241100x8000000000000000721589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeaea15f9450e212023-02-07 15:23:18.096root 11241100x8000000000000000721588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b814c6c90bcb5d2023-02-07 15:23:18.096root 11241100x8000000000000000721587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc03a808a35e4e62023-02-07 15:23:18.096root 354300x8000000000000000721590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.231{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45788-false10.0.1.12-8000- 11241100x8000000000000000721594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ab15a8a1d746c22023-02-07 15:23:18.595root 11241100x8000000000000000721593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1cf193b2fc189c2023-02-07 15:23:18.595root 11241100x8000000000000000721592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348ea7e02876bc202023-02-07 15:23:18.595root 11241100x8000000000000000721591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce24e36754c87e42023-02-07 15:23:18.595root 11241100x8000000000000000721597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568c6bc33c1e62a72023-02-07 15:23:18.596root 11241100x8000000000000000721596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8593e2e358d42872023-02-07 15:23:18.596root 11241100x8000000000000000721595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:18.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c2f0429b92eff2023-02-07 15:23:18.596root 11241100x8000000000000000721598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23b70c95a4a1af12023-02-07 15:23:19.095root 11241100x8000000000000000721604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525d057684051be42023-02-07 15:23:19.096root 11241100x8000000000000000721603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958cccd1bbda39a32023-02-07 15:23:19.096root 11241100x8000000000000000721602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a21f99439d52f62023-02-07 15:23:19.096root 11241100x8000000000000000721601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646738526f53c8522023-02-07 15:23:19.096root 11241100x8000000000000000721600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124fe053d4f7b9862023-02-07 15:23:19.096root 11241100x8000000000000000721599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317ac5befa38b1762023-02-07 15:23:19.096root 11241100x8000000000000000721609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5224acbcdc9452202023-02-07 15:23:19.595root 11241100x8000000000000000721608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e92887847026f82023-02-07 15:23:19.595root 11241100x8000000000000000721607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea2f2e70793bfb62023-02-07 15:23:19.595root 11241100x8000000000000000721606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa98ee0b79b263662023-02-07 15:23:19.595root 11241100x8000000000000000721605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf87d01d5a0cd8f2023-02-07 15:23:19.595root 11241100x8000000000000000721611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30526846985115fe2023-02-07 15:23:19.596root 11241100x8000000000000000721610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:19.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64622f348a8034ce2023-02-07 15:23:19.596root 11241100x8000000000000000721613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451082bfa417221c2023-02-07 15:23:20.095root 11241100x8000000000000000721612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a71d2d746f0b8ac2023-02-07 15:23:20.095root 11241100x8000000000000000721618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da57bdbaa3be710f2023-02-07 15:23:20.096root 11241100x8000000000000000721617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ecb1e552cdab552023-02-07 15:23:20.096root 11241100x8000000000000000721616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd80954b622df32d2023-02-07 15:23:20.096root 11241100x8000000000000000721615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70bb3e8eab84f02023-02-07 15:23:20.096root 11241100x8000000000000000721614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e372262dfb6fd06a2023-02-07 15:23:20.096root 11241100x8000000000000000721622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1bb7ecc93ea6b62023-02-07 15:23:20.595root 11241100x8000000000000000721621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4237657abafb9ed22023-02-07 15:23:20.595root 11241100x8000000000000000721620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc2ac3aab7d06d72023-02-07 15:23:20.595root 11241100x8000000000000000721619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbc76a3362354c72023-02-07 15:23:20.595root 11241100x8000000000000000721625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3a8163b3b9022f2023-02-07 15:23:20.596root 11241100x8000000000000000721624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f0c12c3c3710092023-02-07 15:23:20.596root 11241100x8000000000000000721623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:20.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986e0a80b1d98e32023-02-07 15:23:20.596root 11241100x8000000000000000721630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fdf59a9d99474b2023-02-07 15:23:21.095root 11241100x8000000000000000721629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8dcf6f9ea24d792023-02-07 15:23:21.095root 11241100x8000000000000000721628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1931984b008d8bc2023-02-07 15:23:21.095root 11241100x8000000000000000721627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b58db150a90d6e2023-02-07 15:23:21.095root 11241100x8000000000000000721626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb88f03db114a7792023-02-07 15:23:21.095root 11241100x8000000000000000721632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d635aedce33c892023-02-07 15:23:21.096root 11241100x8000000000000000721631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cebb8ded5db98c2023-02-07 15:23:21.096root 11241100x8000000000000000721635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b969bb3fe8e7e2023-02-07 15:23:21.595root 11241100x8000000000000000721634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53515b84902570a2023-02-07 15:23:21.595root 11241100x8000000000000000721633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eba20b9a6046f0c2023-02-07 15:23:21.595root 11241100x8000000000000000721639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9df6c8d2bb61a62023-02-07 15:23:21.596root 11241100x8000000000000000721638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6703d66428577aab2023-02-07 15:23:21.596root 11241100x8000000000000000721637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af6553b302b13862023-02-07 15:23:21.596root 11241100x8000000000000000721636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:21.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc52f145292b3aeb2023-02-07 15:23:21.596root 11241100x8000000000000000721645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c24f3ee7aca1a22023-02-07 15:23:22.095root 11241100x8000000000000000721644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ee69236152cb4f2023-02-07 15:23:22.095root 11241100x8000000000000000721643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50727804957195d2023-02-07 15:23:22.095root 11241100x8000000000000000721642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b4518220caf6912023-02-07 15:23:22.095root 11241100x8000000000000000721641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce79e169145eea862023-02-07 15:23:22.095root 11241100x8000000000000000721640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c024db2e3d09b82023-02-07 15:23:22.095root 11241100x8000000000000000721646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9494b74d6556782023-02-07 15:23:22.096root 11241100x8000000000000000721651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881c08db1ede44ef2023-02-07 15:23:22.595root 11241100x8000000000000000721650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde2873b9272d6082023-02-07 15:23:22.595root 11241100x8000000000000000721649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef19458aa64fe72023-02-07 15:23:22.595root 11241100x8000000000000000721648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4a9b38b79977b12023-02-07 15:23:22.595root 11241100x8000000000000000721647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab9536dff3abacf2023-02-07 15:23:22.595root 11241100x8000000000000000721653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86465f0feec542e92023-02-07 15:23:22.596root 11241100x8000000000000000721652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:22.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8da0abbc1c47222023-02-07 15:23:22.596root 11241100x8000000000000000721656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e606637c423d08392023-02-07 15:23:23.095root 11241100x8000000000000000721655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c4235b5ab1c0872023-02-07 15:23:23.095root 11241100x8000000000000000721654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c90948376651272023-02-07 15:23:23.095root 11241100x8000000000000000721660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c727b1e90148fbd72023-02-07 15:23:23.096root 11241100x8000000000000000721659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11672413916672932023-02-07 15:23:23.096root 11241100x8000000000000000721658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7007c23dcf10a8682023-02-07 15:23:23.096root 11241100x8000000000000000721657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ea5137d5a2175f2023-02-07 15:23:23.096root 11241100x8000000000000000721665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b513bdcd663b725a2023-02-07 15:23:23.595root 11241100x8000000000000000721664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766b12cc028286fb2023-02-07 15:23:23.595root 11241100x8000000000000000721663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3192b667ca5982023-02-07 15:23:23.595root 11241100x8000000000000000721662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db769f9822f3e8bf2023-02-07 15:23:23.595root 11241100x8000000000000000721661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0921b2b51e3939562023-02-07 15:23:23.595root 11241100x8000000000000000721667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8d2b65c59b1f022023-02-07 15:23:23.596root 11241100x8000000000000000721666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:23.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeab46197b6eb5ab2023-02-07 15:23:23.596root 11241100x8000000000000000721671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d23c7ce31bdd9c2023-02-07 15:23:24.095root 11241100x8000000000000000721670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6bb31b0070a3e2023-02-07 15:23:24.095root 11241100x8000000000000000721669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074d0e5f134889932023-02-07 15:23:24.095root 11241100x8000000000000000721668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9623520d2bdcfb4b2023-02-07 15:23:24.095root 11241100x8000000000000000721674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcfbaea93d8b74a2023-02-07 15:23:24.096root 11241100x8000000000000000721673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcec2190ea3c0002023-02-07 15:23:24.096root 11241100x8000000000000000721672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1ad44627862a082023-02-07 15:23:24.096root 354300x8000000000000000721675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.152{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45796-false10.0.1.12-8000- 11241100x8000000000000000721677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e416c24797e028b2023-02-07 15:23:24.595root 11241100x8000000000000000721676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be944031b3e42e082023-02-07 15:23:24.595root 11241100x8000000000000000721683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9dae0949b9260b2023-02-07 15:23:24.596root 11241100x8000000000000000721682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1adba3a43401c92023-02-07 15:23:24.596root 11241100x8000000000000000721681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383ab1d9323372ec2023-02-07 15:23:24.596root 11241100x8000000000000000721680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e57572d51f3ee2c2023-02-07 15:23:24.596root 11241100x8000000000000000721679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feef8c742af5845a2023-02-07 15:23:24.596root 11241100x8000000000000000721678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cbc483789e526c2023-02-07 15:23:24.596root 11241100x8000000000000000721684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:24.727{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:23:24.727root 11241100x8000000000000000721685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a9e79b3c05fcf62023-02-07 15:23:25.095root 11241100x8000000000000000721693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52ce1f4412a42872023-02-07 15:23:25.096root 11241100x8000000000000000721692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19cb7b9346692062023-02-07 15:23:25.096root 11241100x8000000000000000721691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7df4640c79d1d62023-02-07 15:23:25.096root 11241100x8000000000000000721690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8654352667f065072023-02-07 15:23:25.096root 11241100x8000000000000000721689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf6b0c45da42b052023-02-07 15:23:25.096root 11241100x8000000000000000721688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ea0efcfb9efe422023-02-07 15:23:25.096root 11241100x8000000000000000721687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db33cbb7d90703f2023-02-07 15:23:25.096root 11241100x8000000000000000721686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d063e372fd95672023-02-07 15:23:25.096root 11241100x8000000000000000721695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66db9bbe61ea47492023-02-07 15:23:25.595root 11241100x8000000000000000721694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa0ed077d2253612023-02-07 15:23:25.595root 11241100x8000000000000000721702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a326876cd8af7e82023-02-07 15:23:25.596root 11241100x8000000000000000721701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48cdf48b64741fa2023-02-07 15:23:25.596root 11241100x8000000000000000721700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d002e638b6192a022023-02-07 15:23:25.596root 11241100x8000000000000000721699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682538f48e6baf822023-02-07 15:23:25.596root 11241100x8000000000000000721698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a80f3272fdee3872023-02-07 15:23:25.596root 11241100x8000000000000000721697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c712a5caa12163da2023-02-07 15:23:25.596root 11241100x8000000000000000721696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:25.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b79f983172bdd5b2023-02-07 15:23:25.596root 11241100x8000000000000000721705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4dbde68e0ca7212023-02-07 15:23:26.095root 11241100x8000000000000000721704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a423dba8b277882023-02-07 15:23:26.095root 11241100x8000000000000000721703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2243c591385b0772023-02-07 15:23:26.095root 11241100x8000000000000000721711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d4d966f32f61422023-02-07 15:23:26.096root 11241100x8000000000000000721710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed9a658ed2176602023-02-07 15:23:26.096root 11241100x8000000000000000721709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74daa982ea4a16902023-02-07 15:23:26.096root 11241100x8000000000000000721708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8326c090f6f4caf62023-02-07 15:23:26.096root 11241100x8000000000000000721707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecfdfe6d7ffbed72023-02-07 15:23:26.096root 11241100x8000000000000000721706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d090c599ab468e092023-02-07 15:23:26.096root 11241100x8000000000000000721715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b369217ff15d5a2023-02-07 15:23:26.595root 11241100x8000000000000000721714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e529a02d28deee92023-02-07 15:23:26.595root 11241100x8000000000000000721713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a715220c7f0f24db2023-02-07 15:23:26.595root 11241100x8000000000000000721712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4343925a19089772023-02-07 15:23:26.595root 11241100x8000000000000000721720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f055dfa831c599032023-02-07 15:23:26.596root 11241100x8000000000000000721719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc42c50a36e89da2023-02-07 15:23:26.596root 11241100x8000000000000000721718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac02b7b62d10d82023-02-07 15:23:26.596root 11241100x8000000000000000721717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73207af79b193122023-02-07 15:23:26.596root 11241100x8000000000000000721716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:26.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593bea0e53c90b252023-02-07 15:23:26.596root 11241100x8000000000000000721722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b595420f1331982023-02-07 15:23:27.095root 11241100x8000000000000000721721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd44691c42ecf9c2023-02-07 15:23:27.095root 11241100x8000000000000000721729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea84f26b6bba0eb22023-02-07 15:23:27.096root 11241100x8000000000000000721728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddad889a4e9ccff2023-02-07 15:23:27.096root 11241100x8000000000000000721727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fcf59ae354d6ae2023-02-07 15:23:27.096root 11241100x8000000000000000721726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b4a59827cebe4e2023-02-07 15:23:27.096root 11241100x8000000000000000721725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff75cbcb13ab7f902023-02-07 15:23:27.096root 11241100x8000000000000000721724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94aa7c6a59623cd2023-02-07 15:23:27.096root 11241100x8000000000000000721723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff8053afae94ca2023-02-07 15:23:27.096root 11241100x8000000000000000721736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34fe34b59ce8fa52023-02-07 15:23:27.595root 11241100x8000000000000000721735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47442afd404da1a02023-02-07 15:23:27.595root 11241100x8000000000000000721734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bf9b92008a99352023-02-07 15:23:27.595root 11241100x8000000000000000721733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0ce20a67490db72023-02-07 15:23:27.595root 11241100x8000000000000000721732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c79ed501a3158a42023-02-07 15:23:27.595root 11241100x8000000000000000721731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8fcfcaa151a02a2023-02-07 15:23:27.595root 11241100x8000000000000000721730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2430d51ebaacd5b02023-02-07 15:23:27.595root 11241100x8000000000000000721738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748ba9d5fe0befcd2023-02-07 15:23:27.596root 11241100x8000000000000000721737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9847abad374d1b2023-02-07 15:23:27.596root 23542300x8000000000000000721739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:27.728{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000721745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259405c7c08ea51f2023-02-07 15:23:28.095root 11241100x8000000000000000721744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83096cb02c9eab132023-02-07 15:23:28.095root 11241100x8000000000000000721743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75525cf951d0f6bc2023-02-07 15:23:28.095root 11241100x8000000000000000721742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fa76bc2fef0e182023-02-07 15:23:28.095root 11241100x8000000000000000721741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94726129bca98dfa2023-02-07 15:23:28.095root 11241100x8000000000000000721740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813cc3c718595262023-02-07 15:23:28.095root 11241100x8000000000000000721749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa4269962d69322023-02-07 15:23:28.096root 11241100x8000000000000000721748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73ecf8cef94be992023-02-07 15:23:28.096root 11241100x8000000000000000721747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6574506d7619ab2023-02-07 15:23:28.096root 11241100x8000000000000000721746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc083acf3d1cf5c82023-02-07 15:23:28.096root 11241100x8000000000000000721755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14adabd81be8c41b2023-02-07 15:23:28.595root 11241100x8000000000000000721754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dc4406dc1ff4162023-02-07 15:23:28.595root 11241100x8000000000000000721753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0704eafcaf41cd352023-02-07 15:23:28.595root 11241100x8000000000000000721752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbbea3ee99ed7812023-02-07 15:23:28.595root 11241100x8000000000000000721751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239fe30b6c5628622023-02-07 15:23:28.595root 11241100x8000000000000000721750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e72f163da3494472023-02-07 15:23:28.595root 11241100x8000000000000000721759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dd225a6e304cdf2023-02-07 15:23:28.596root 11241100x8000000000000000721758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228d70c53b729bf92023-02-07 15:23:28.596root 11241100x8000000000000000721757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c275aef5b296b992023-02-07 15:23:28.596root 11241100x8000000000000000721756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:28.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd913c07d12dabb62023-02-07 15:23:28.596root 11241100x8000000000000000721761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059834053baae4492023-02-07 15:23:29.095root 11241100x8000000000000000721760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c2b97c04bd459c2023-02-07 15:23:29.095root 11241100x8000000000000000721769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889534df4a1fb4d12023-02-07 15:23:29.096root 11241100x8000000000000000721768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2077b7abbf9613702023-02-07 15:23:29.096root 11241100x8000000000000000721767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5678705908cce622023-02-07 15:23:29.096root 11241100x8000000000000000721766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db600a2aef1547772023-02-07 15:23:29.096root 11241100x8000000000000000721765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea2a2874692ed62023-02-07 15:23:29.096root 11241100x8000000000000000721764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6287f30a8d9cdb882023-02-07 15:23:29.096root 11241100x8000000000000000721763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6487601f60d8d5932023-02-07 15:23:29.096root 11241100x8000000000000000721762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8ddbcc163a53cb2023-02-07 15:23:29.096root 11241100x8000000000000000721771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b332b99f1149231e2023-02-07 15:23:29.595root 11241100x8000000000000000721770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd33b973a2d92f9a2023-02-07 15:23:29.595root 11241100x8000000000000000721779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5128c575f0144dc52023-02-07 15:23:29.596root 11241100x8000000000000000721778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c55ec139a0ff422023-02-07 15:23:29.596root 11241100x8000000000000000721777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6836c0a91d4a142023-02-07 15:23:29.596root 11241100x8000000000000000721776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766431a866ed98b32023-02-07 15:23:29.596root 11241100x8000000000000000721775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c246d5a5437b552023-02-07 15:23:29.596root 11241100x8000000000000000721774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8a47d897ac24962023-02-07 15:23:29.596root 11241100x8000000000000000721773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae62bb61a81b48a2023-02-07 15:23:29.596root 11241100x8000000000000000721772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:29.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ccbfa655a1cc1a2023-02-07 15:23:29.596root 11241100x8000000000000000721784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989607a973772f522023-02-07 15:23:30.095root 11241100x8000000000000000721783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1c67dc6be63ce42023-02-07 15:23:30.095root 11241100x8000000000000000721782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cb6b70660072bc2023-02-07 15:23:30.095root 11241100x8000000000000000721781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db48b51ad649f8672023-02-07 15:23:30.095root 11241100x8000000000000000721780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b35baa319f853852023-02-07 15:23:30.095root 11241100x8000000000000000721789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8a6ff55df4926b2023-02-07 15:23:30.096root 11241100x8000000000000000721788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de9e0b4be86398e2023-02-07 15:23:30.096root 11241100x8000000000000000721787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87166bcddc2909772023-02-07 15:23:30.096root 11241100x8000000000000000721786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e9050caa9374492023-02-07 15:23:30.096root 11241100x8000000000000000721785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320a2229ef313d0c2023-02-07 15:23:30.096root 354300x8000000000000000721790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.097{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47008-false10.0.1.12-8000- 11241100x8000000000000000721796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb5f420f4ce4f982023-02-07 15:23:30.595root 11241100x8000000000000000721795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34f6e0a4a12d0dc2023-02-07 15:23:30.595root 11241100x8000000000000000721794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbc6901788e70812023-02-07 15:23:30.595root 11241100x8000000000000000721793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852745f9c78042002023-02-07 15:23:30.595root 11241100x8000000000000000721792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d262111118493392023-02-07 15:23:30.595root 11241100x8000000000000000721791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0daba69c372af32023-02-07 15:23:30.595root 11241100x8000000000000000721801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db94678513250462023-02-07 15:23:30.596root 11241100x8000000000000000721800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de94890225ce6c22023-02-07 15:23:30.596root 11241100x8000000000000000721799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393dce21b0dcf3562023-02-07 15:23:30.596root 11241100x8000000000000000721798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a020786b99141012023-02-07 15:23:30.596root 11241100x8000000000000000721797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:30.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da39fdec49fb8e92023-02-07 15:23:30.596root 11241100x8000000000000000721803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ce5cd4e4dab7382023-02-07 15:23:31.095root 11241100x8000000000000000721802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026cc5320c5138c72023-02-07 15:23:31.095root 11241100x8000000000000000721809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58acab2fe3f831982023-02-07 15:23:31.096root 11241100x8000000000000000721808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51592f71bc6ec0182023-02-07 15:23:31.096root 11241100x8000000000000000721807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e2ea34fb8c5f842023-02-07 15:23:31.096root 11241100x8000000000000000721806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a769db08741a432023-02-07 15:23:31.096root 11241100x8000000000000000721805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567bc36a83dc56b62023-02-07 15:23:31.096root 11241100x8000000000000000721804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98c32899c0af9932023-02-07 15:23:31.096root 11241100x8000000000000000721812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2a3dbc8e00f9592023-02-07 15:23:31.097root 11241100x8000000000000000721811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64dd18915c0fe992023-02-07 15:23:31.097root 11241100x8000000000000000721810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf31682cbd5bb7e52023-02-07 15:23:31.097root 11241100x8000000000000000721814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161a8f619fb10d462023-02-07 15:23:31.595root 11241100x8000000000000000721813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d11566a1dc6cb02023-02-07 15:23:31.595root 11241100x8000000000000000721823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801f082a50cc1e132023-02-07 15:23:31.596root 11241100x8000000000000000721822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181f989d65b445e2023-02-07 15:23:31.596root 11241100x8000000000000000721821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8f136400bd8ff42023-02-07 15:23:31.596root 11241100x8000000000000000721820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c838116407eeba2023-02-07 15:23:31.596root 11241100x8000000000000000721819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb67aae47e5a2cf2023-02-07 15:23:31.596root 11241100x8000000000000000721818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aea5a972230eb792023-02-07 15:23:31.596root 11241100x8000000000000000721817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d84ca439334a522023-02-07 15:23:31.596root 11241100x8000000000000000721816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77d0a4da27c696e2023-02-07 15:23:31.596root 11241100x8000000000000000721815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:31.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092064395d2a1f322023-02-07 15:23:31.596root 11241100x8000000000000000721828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318b1bb2675454352023-02-07 15:23:32.095root 11241100x8000000000000000721827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47927613ac0bd38b2023-02-07 15:23:32.095root 11241100x8000000000000000721826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c5a480c48fced2023-02-07 15:23:32.095root 11241100x8000000000000000721825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb93c28346414e62023-02-07 15:23:32.095root 11241100x8000000000000000721824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a410c9251fbc282023-02-07 15:23:32.095root 11241100x8000000000000000721834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eba93ab14d25bc2023-02-07 15:23:32.096root 11241100x8000000000000000721833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdf469a295a96852023-02-07 15:23:32.096root 11241100x8000000000000000721832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1799eb37b75c76832023-02-07 15:23:32.096root 11241100x8000000000000000721831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1ef589fb4839372023-02-07 15:23:32.096root 11241100x8000000000000000721830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a21e109315094c2023-02-07 15:23:32.096root 11241100x8000000000000000721829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860a23e24152391d2023-02-07 15:23:32.096root 11241100x8000000000000000721840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda84b1a3fc2b7f22023-02-07 15:23:32.595root 11241100x8000000000000000721839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c9d9f96e9ca40d2023-02-07 15:23:32.595root 11241100x8000000000000000721838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e02c67112f77332023-02-07 15:23:32.595root 11241100x8000000000000000721837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480d6e124cf78a6f2023-02-07 15:23:32.595root 11241100x8000000000000000721836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022b0b1efd7b51a32023-02-07 15:23:32.595root 11241100x8000000000000000721835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e027927e40752ba2023-02-07 15:23:32.595root 11241100x8000000000000000721845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4925a129eba1fe5c2023-02-07 15:23:32.596root 11241100x8000000000000000721844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9cb6a3054961f32023-02-07 15:23:32.596root 11241100x8000000000000000721843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e99feedf1a168452023-02-07 15:23:32.596root 11241100x8000000000000000721842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561024542a05c2362023-02-07 15:23:32.596root 11241100x8000000000000000721841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:32.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038de42135a175062023-02-07 15:23:32.596root 11241100x8000000000000000721851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cd3d86a93d22932023-02-07 15:23:33.095root 11241100x8000000000000000721850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1bb726b404a9882023-02-07 15:23:33.095root 11241100x8000000000000000721849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6a89ecdbeda2fd2023-02-07 15:23:33.095root 11241100x8000000000000000721848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77301a27bea41fa12023-02-07 15:23:33.095root 11241100x8000000000000000721847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839952ce86e1c8d52023-02-07 15:23:33.095root 11241100x8000000000000000721846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f978784a54c1c2023-02-07 15:23:33.095root 11241100x8000000000000000721856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9075c31d0b82241b2023-02-07 15:23:33.096root 11241100x8000000000000000721855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274968fc2a5f7db62023-02-07 15:23:33.096root 11241100x8000000000000000721854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1b927d9130f10e2023-02-07 15:23:33.096root 11241100x8000000000000000721853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b38c7e35c96282023-02-07 15:23:33.096root 11241100x8000000000000000721852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debf0e3e9dc2ed412023-02-07 15:23:33.096root 11241100x8000000000000000721860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be35962758d54e2023-02-07 15:23:33.595root 11241100x8000000000000000721859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd70003cfee3d89b2023-02-07 15:23:33.595root 11241100x8000000000000000721858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13514923e079f6922023-02-07 15:23:33.595root 11241100x8000000000000000721857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25d17f7df52cafc2023-02-07 15:23:33.595root 11241100x8000000000000000721867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc3f03164c03e002023-02-07 15:23:33.596root 11241100x8000000000000000721866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97434fe32c6510b32023-02-07 15:23:33.596root 11241100x8000000000000000721865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a2d2d00781757a2023-02-07 15:23:33.596root 11241100x8000000000000000721864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a268e7ee6246caab2023-02-07 15:23:33.596root 11241100x8000000000000000721863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3131a172b538d69a2023-02-07 15:23:33.596root 11241100x8000000000000000721862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aec167a3f1d04d2023-02-07 15:23:33.596root 11241100x8000000000000000721861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:33.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacec471c689ab302023-02-07 15:23:33.596root 11241100x8000000000000000721873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f833c478421817d2023-02-07 15:23:34.095root 11241100x8000000000000000721872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7642d0917033f312023-02-07 15:23:34.095root 11241100x8000000000000000721871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc3ab441bfab4ba2023-02-07 15:23:34.095root 11241100x8000000000000000721870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5769cedfb77aa1e62023-02-07 15:23:34.095root 11241100x8000000000000000721869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f427a3298719eb2023-02-07 15:23:34.095root 11241100x8000000000000000721868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00555d75731f9672023-02-07 15:23:34.095root 11241100x8000000000000000721878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d917f1d79867aa52023-02-07 15:23:34.096root 11241100x8000000000000000721877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6a84486ef5cf9e2023-02-07 15:23:34.096root 11241100x8000000000000000721876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad399386280af5622023-02-07 15:23:34.096root 11241100x8000000000000000721875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d700ca2bf518f9b02023-02-07 15:23:34.096root 11241100x8000000000000000721874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff33553294111822023-02-07 15:23:34.096root 11241100x8000000000000000721883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff14b99fa0790252023-02-07 15:23:34.595root 11241100x8000000000000000721882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da56c40ee11a08f92023-02-07 15:23:34.595root 11241100x8000000000000000721881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd18b71d896058d2023-02-07 15:23:34.595root 11241100x8000000000000000721880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03445af933e5aa52023-02-07 15:23:34.595root 11241100x8000000000000000721879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18afd5a59c0a68952023-02-07 15:23:34.595root 11241100x8000000000000000721889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edb90f8ed88dfc72023-02-07 15:23:34.596root 11241100x8000000000000000721888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea4b6058b2182fb2023-02-07 15:23:34.596root 11241100x8000000000000000721887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188db3e8c6dc0e9b2023-02-07 15:23:34.596root 11241100x8000000000000000721886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99d7377ca0d36b2023-02-07 15:23:34.596root 11241100x8000000000000000721885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b794082a9b59e022023-02-07 15:23:34.596root 11241100x8000000000000000721884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:34.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502ec8dc58ddbfd52023-02-07 15:23:34.596root 11241100x8000000000000000721893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf13886aba936c92023-02-07 15:23:35.095root 11241100x8000000000000000721892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65760168f0c95a52023-02-07 15:23:35.095root 11241100x8000000000000000721891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4189a351b78be9102023-02-07 15:23:35.095root 11241100x8000000000000000721890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce2560f7a45ad9f2023-02-07 15:23:35.095root 11241100x8000000000000000721897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bd8292c08b658a2023-02-07 15:23:35.097root 11241100x8000000000000000721896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d9e2a1fc63bf62023-02-07 15:23:35.097root 11241100x8000000000000000721895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4549613377369f3c2023-02-07 15:23:35.097root 11241100x8000000000000000721894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454541633405cf322023-02-07 15:23:35.097root 11241100x8000000000000000721900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b16aa7c4aa814d12023-02-07 15:23:35.098root 11241100x8000000000000000721899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8f0af0df6de90a2023-02-07 15:23:35.098root 11241100x8000000000000000721898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8389bbdfe01575532023-02-07 15:23:35.098root 11241100x8000000000000000721902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50e90fb873917102023-02-07 15:23:35.595root 11241100x8000000000000000721901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2477e38f3d74db602023-02-07 15:23:35.595root 11241100x8000000000000000721911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c80a65faed92e02023-02-07 15:23:35.596root 11241100x8000000000000000721910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b5f8c7636df27d2023-02-07 15:23:35.596root 11241100x8000000000000000721909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d85fdd0571fd3d2023-02-07 15:23:35.596root 11241100x8000000000000000721908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71dffb8c5f023f62023-02-07 15:23:35.596root 11241100x8000000000000000721907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11acd1950ce21bdf2023-02-07 15:23:35.596root 11241100x8000000000000000721906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4e4d3472ed18712023-02-07 15:23:35.596root 11241100x8000000000000000721905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52338575ffd7b8c82023-02-07 15:23:35.596root 11241100x8000000000000000721904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93258bccc25b82162023-02-07 15:23:35.596root 11241100x8000000000000000721903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:35.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca0e516400f2a072023-02-07 15:23:35.596root 354300x8000000000000000721912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.046{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48100-false10.0.1.12-8000- 11241100x8000000000000000721918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f946a317763f302023-02-07 15:23:36.047root 11241100x8000000000000000721917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44a8b4a515490482023-02-07 15:23:36.047root 11241100x8000000000000000721916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b12e73a1d5eb3d72023-02-07 15:23:36.047root 11241100x8000000000000000721915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5d8787882032592023-02-07 15:23:36.047root 11241100x8000000000000000721914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d233742fc51d62023-02-07 15:23:36.047root 11241100x8000000000000000721913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.047{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dffa7d819a4a692023-02-07 15:23:36.047root 11241100x8000000000000000721927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa5d31dd523bf002023-02-07 15:23:36.048root 11241100x8000000000000000721926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc308a77ce1d1c72023-02-07 15:23:36.048root 11241100x8000000000000000721925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc550dd6d51377022023-02-07 15:23:36.048root 11241100x8000000000000000721924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a85d0b88789fee2023-02-07 15:23:36.048root 11241100x8000000000000000721923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c316629a193a7ca2023-02-07 15:23:36.048root 11241100x8000000000000000721922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0444350d89e1c1c52023-02-07 15:23:36.048root 11241100x8000000000000000721921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2189aac00514fd2023-02-07 15:23:36.048root 11241100x8000000000000000721920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cc185ebbabe6042023-02-07 15:23:36.048root 11241100x8000000000000000721919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.048{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379a5827410934d52023-02-07 15:23:36.048root 11241100x8000000000000000721930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6012bd0151b9dabb2023-02-07 15:23:36.345root 11241100x8000000000000000721929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953ac6dd73ccb01b2023-02-07 15:23:36.345root 11241100x8000000000000000721928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd557bff5dc3ad32023-02-07 15:23:36.345root 11241100x8000000000000000721936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bebe5831f1134b2023-02-07 15:23:36.346root 11241100x8000000000000000721935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0fa477e6c8349c2023-02-07 15:23:36.346root 11241100x8000000000000000721934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c347904539c25f2023-02-07 15:23:36.346root 11241100x8000000000000000721933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dd5b70a4adcd2d2023-02-07 15:23:36.346root 11241100x8000000000000000721932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded6d57c2f0c0fcc2023-02-07 15:23:36.346root 11241100x8000000000000000721931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eea8a5dc1b02662023-02-07 15:23:36.346root 11241100x8000000000000000721939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad74c52ba18405942023-02-07 15:23:36.347root 11241100x8000000000000000721938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7313414f8d983cd72023-02-07 15:23:36.347root 11241100x8000000000000000721937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3f4f42dd1fa50c2023-02-07 15:23:36.347root 11241100x8000000000000000721940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f008a5877cf9a01c2023-02-07 15:23:36.845root 11241100x8000000000000000721945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991e747d36177042023-02-07 15:23:36.846root 11241100x8000000000000000721944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92adb36069f70c22023-02-07 15:23:36.846root 11241100x8000000000000000721943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a1a9ae1f89d1e32023-02-07 15:23:36.846root 11241100x8000000000000000721942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18facb16a66e32d32023-02-07 15:23:36.846root 11241100x8000000000000000721941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e336e97e8351522023-02-07 15:23:36.846root 11241100x8000000000000000721951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3124b3b5faf251442023-02-07 15:23:36.847root 11241100x8000000000000000721950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ee680672d0ce872023-02-07 15:23:36.847root 11241100x8000000000000000721949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3b06f68b0209f62023-02-07 15:23:36.847root 11241100x8000000000000000721948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c3eb4a1773e1bb2023-02-07 15:23:36.847root 11241100x8000000000000000721947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df96a43bf0ea84f2023-02-07 15:23:36.847root 11241100x8000000000000000721946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:36.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f355f40a344323ae2023-02-07 15:23:36.847root 11241100x8000000000000000721963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a36b14cb47445932023-02-07 15:23:37.346root 11241100x8000000000000000721962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634daf9ff73524ef2023-02-07 15:23:37.346root 11241100x8000000000000000721961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ee52c76ffce162023-02-07 15:23:37.346root 11241100x8000000000000000721960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e365a49f03f39a2023-02-07 15:23:37.346root 11241100x8000000000000000721959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2febdafabb4a5f642023-02-07 15:23:37.346root 11241100x8000000000000000721958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8268b34308a9aa0a2023-02-07 15:23:37.346root 11241100x8000000000000000721957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c72aa1eafe97ba2023-02-07 15:23:37.346root 11241100x8000000000000000721956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5f7c27fbcc01e82023-02-07 15:23:37.346root 11241100x8000000000000000721955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdbe0a4af895aaa2023-02-07 15:23:37.346root 11241100x8000000000000000721954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd746756414285d2023-02-07 15:23:37.346root 11241100x8000000000000000721953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afedff6466e670672023-02-07 15:23:37.346root 11241100x8000000000000000721952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8504fcb0bf838f2023-02-07 15:23:37.346root 11241100x8000000000000000721965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19f276ec9f018b62023-02-07 15:23:37.845root 11241100x8000000000000000721964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab972f96c014e09a2023-02-07 15:23:37.845root 11241100x8000000000000000721974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087951f059cb48522023-02-07 15:23:37.846root 11241100x8000000000000000721973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beac6aa90b710c512023-02-07 15:23:37.846root 11241100x8000000000000000721972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb22fa01f5c2b422023-02-07 15:23:37.846root 11241100x8000000000000000721971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd4d48e3cccc1d02023-02-07 15:23:37.846root 11241100x8000000000000000721970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c9bfa4d01c56a32023-02-07 15:23:37.846root 11241100x8000000000000000721969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3c2a36e169d1cc2023-02-07 15:23:37.846root 11241100x8000000000000000721968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a66e2de2daaec2023-02-07 15:23:37.846root 11241100x8000000000000000721967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef1c121b114ac2b2023-02-07 15:23:37.846root 11241100x8000000000000000721966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce18012509c8d672023-02-07 15:23:37.846root 11241100x8000000000000000721975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:37.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85c50146d1e20fb2023-02-07 15:23:37.847root 11241100x8000000000000000721976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13c71154a94f7392023-02-07 15:23:38.345root 11241100x8000000000000000721980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442e044471cdd01a2023-02-07 15:23:38.346root 11241100x8000000000000000721979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b138bf152e6816442023-02-07 15:23:38.346root 11241100x8000000000000000721978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2d3897cfbb8a3d2023-02-07 15:23:38.346root 11241100x8000000000000000721977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb72d490e56f97162023-02-07 15:23:38.346root 11241100x8000000000000000721983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e46ec0f38e58182023-02-07 15:23:38.347root 11241100x8000000000000000721982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3031fc3267741a002023-02-07 15:23:38.347root 11241100x8000000000000000721981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef6904371cbae0a2023-02-07 15:23:38.347root 11241100x8000000000000000721986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1ac7ca0dd197562023-02-07 15:23:38.348root 11241100x8000000000000000721985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f9c2b8086ed8562023-02-07 15:23:38.348root 11241100x8000000000000000721984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f5be883e22bec72023-02-07 15:23:38.348root 11241100x8000000000000000721987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723cafa706fedb092023-02-07 15:23:38.349root 11241100x8000000000000000721990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c926495a0ea8b9432023-02-07 15:23:38.845root 11241100x8000000000000000721989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853d68e986c5d8532023-02-07 15:23:38.845root 11241100x8000000000000000721988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1270e22cbb981d2023-02-07 15:23:38.845root 11241100x8000000000000000721999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a726c07cd35b9dce2023-02-07 15:23:38.846root 11241100x8000000000000000721998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d5b7ab603183d2023-02-07 15:23:38.846root 11241100x8000000000000000721997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4228012747d1f4f42023-02-07 15:23:38.846root 11241100x8000000000000000721996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e1530c3d67e49c2023-02-07 15:23:38.846root 11241100x8000000000000000721995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130f36e4ce2d90322023-02-07 15:23:38.846root 11241100x8000000000000000721994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1563967e36f9ab2023-02-07 15:23:38.846root 11241100x8000000000000000721993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0e198e5d469162023-02-07 15:23:38.846root 11241100x8000000000000000721992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1104e0df254b0fca2023-02-07 15:23:38.846root 11241100x8000000000000000721991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:38.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b55797e4150c7132023-02-07 15:23:38.846root 11241100x8000000000000000722004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8847ced3f8700f72023-02-07 15:23:39.345root 11241100x8000000000000000722003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0886820a9211d072023-02-07 15:23:39.345root 11241100x8000000000000000722002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2e0fdc9d3d3dcd2023-02-07 15:23:39.345root 11241100x8000000000000000722001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2ef3190b4a1752023-02-07 15:23:39.345root 11241100x8000000000000000722000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c055e42b114fb1b2023-02-07 15:23:39.345root 11241100x8000000000000000722011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f78e33ce19562f62023-02-07 15:23:39.346root 11241100x8000000000000000722010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b039b7052980e2cf2023-02-07 15:23:39.346root 11241100x8000000000000000722009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7138fdc842d803032023-02-07 15:23:39.346root 11241100x8000000000000000722008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670955d3e507dada2023-02-07 15:23:39.346root 11241100x8000000000000000722007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9f96ae49a8b0ec2023-02-07 15:23:39.346root 11241100x8000000000000000722006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1ab817a07883ea2023-02-07 15:23:39.346root 11241100x8000000000000000722005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6f4fe38920034b2023-02-07 15:23:39.346root 11241100x8000000000000000722016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee751d255f11c472023-02-07 15:23:39.845root 11241100x8000000000000000722015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2ae0bad0633a9b2023-02-07 15:23:39.845root 11241100x8000000000000000722014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09b6bf0b0a5ae5d2023-02-07 15:23:39.845root 11241100x8000000000000000722013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66372151300f8ec32023-02-07 15:23:39.845root 11241100x8000000000000000722012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f0a9ca515a8b0c2023-02-07 15:23:39.845root 11241100x8000000000000000722020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6c48aefb50e6362023-02-07 15:23:39.846root 11241100x8000000000000000722019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afee66b224f739a72023-02-07 15:23:39.846root 11241100x8000000000000000722018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac773e5d05a77b152023-02-07 15:23:39.846root 11241100x8000000000000000722017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e16180139547762023-02-07 15:23:39.846root 11241100x8000000000000000722027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339b4ab8a773de792023-02-07 15:23:39.847root 11241100x8000000000000000722026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa88f5102d965002023-02-07 15:23:39.847root 11241100x8000000000000000722025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f5de390de0d1622023-02-07 15:23:39.847root 11241100x8000000000000000722024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467c4f75b3ef46472023-02-07 15:23:39.847root 11241100x8000000000000000722023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d3ed4b1a91a0532023-02-07 15:23:39.847root 11241100x8000000000000000722022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1efb94c991b61a22023-02-07 15:23:39.847root 11241100x8000000000000000722021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecff42e58fae717e2023-02-07 15:23:39.847root 11241100x8000000000000000722030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27f33d3ace4a802023-02-07 15:23:39.848root 11241100x8000000000000000722029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39858bcf42fdb3b22023-02-07 15:23:39.848root 11241100x8000000000000000722028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:39.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386ea8ccc65068342023-02-07 15:23:39.848root 11241100x8000000000000000722033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4769e3df39cf01f2023-02-07 15:23:40.345root 11241100x8000000000000000722032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5508b86a8d1a32802023-02-07 15:23:40.345root 11241100x8000000000000000722031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3aa6c33f944e942023-02-07 15:23:40.345root 11241100x8000000000000000722040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e34ae98946834752023-02-07 15:23:40.346root 11241100x8000000000000000722039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c1de9da64ea3082023-02-07 15:23:40.346root 11241100x8000000000000000722038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31226a6ecd7e420c2023-02-07 15:23:40.346root 11241100x8000000000000000722037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55afb9ae1c9e88e12023-02-07 15:23:40.346root 11241100x8000000000000000722036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1015c6c0114baf2023-02-07 15:23:40.346root 11241100x8000000000000000722035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3efacee1519e052023-02-07 15:23:40.346root 11241100x8000000000000000722034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a396944ddec4b03c2023-02-07 15:23:40.346root 11241100x8000000000000000722042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca839712721b8592023-02-07 15:23:40.347root 11241100x8000000000000000722041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5e3c2ed3470ca62023-02-07 15:23:40.347root 11241100x8000000000000000722043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713e4aef78ca76e12023-02-07 15:23:40.845root 11241100x8000000000000000722051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839a5eb3823990b82023-02-07 15:23:40.846root 11241100x8000000000000000722050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e538ed3ab77d038e2023-02-07 15:23:40.846root 11241100x8000000000000000722049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bc1292617505ad2023-02-07 15:23:40.846root 11241100x8000000000000000722048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ca25e225897ce2023-02-07 15:23:40.846root 11241100x8000000000000000722047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43308a644265d132023-02-07 15:23:40.846root 11241100x8000000000000000722046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea3a1c7e6aaff92023-02-07 15:23:40.846root 11241100x8000000000000000722045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab713114eb8841402023-02-07 15:23:40.846root 11241100x8000000000000000722044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f469ca8dde2f062023-02-07 15:23:40.846root 11241100x8000000000000000722054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaa200166db89de2023-02-07 15:23:40.847root 11241100x8000000000000000722053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e665f898400c62023-02-07 15:23:40.847root 11241100x8000000000000000722052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:40.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c50f33e5895b432023-02-07 15:23:40.847root 354300x8000000000000000722055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.147{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48106-false10.0.1.12-8000- 11241100x8000000000000000722062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82497e184b6cfcc82023-02-07 15:23:41.148root 11241100x8000000000000000722061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec2f428a97bc0682023-02-07 15:23:41.148root 11241100x8000000000000000722060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4738f067884bd5372023-02-07 15:23:41.148root 11241100x8000000000000000722059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38337849bccc7df2023-02-07 15:23:41.148root 11241100x8000000000000000722058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556223d104c744302023-02-07 15:23:41.148root 11241100x8000000000000000722057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa37cf30364aa22023-02-07 15:23:41.148root 11241100x8000000000000000722056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.148{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be70812db8134aa2023-02-07 15:23:41.148root 11241100x8000000000000000722070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f42c2bbcc70a802023-02-07 15:23:41.149root 11241100x8000000000000000722069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fe35de18442ee32023-02-07 15:23:41.149root 11241100x8000000000000000722068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd72931f3accd0782023-02-07 15:23:41.149root 11241100x8000000000000000722067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670e600cd04dd48c2023-02-07 15:23:41.149root 11241100x8000000000000000722066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ce7d22473566da2023-02-07 15:23:41.149root 11241100x8000000000000000722065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf0ae9d29871f9d2023-02-07 15:23:41.149root 11241100x8000000000000000722064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facd9be9dd793cbc2023-02-07 15:23:41.149root 11241100x8000000000000000722063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.149{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f782ffdf8ee650f2023-02-07 15:23:41.149root 11241100x8000000000000000722073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89c8af289d7a8642023-02-07 15:23:41.595root 11241100x8000000000000000722072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c89a8a04036258f2023-02-07 15:23:41.595root 11241100x8000000000000000722071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035d4d997abbf82e2023-02-07 15:23:41.595root 11241100x8000000000000000722079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848cea6defb2c862023-02-07 15:23:41.596root 11241100x8000000000000000722078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebb6c52cafdc5f22023-02-07 15:23:41.596root 11241100x8000000000000000722077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81f2c63324f57272023-02-07 15:23:41.596root 11241100x8000000000000000722076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4343231c2ab6f4a2023-02-07 15:23:41.596root 11241100x8000000000000000722075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c25ba935db73e22023-02-07 15:23:41.596root 11241100x8000000000000000722074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8bef0d55f7951a2023-02-07 15:23:41.596root 11241100x8000000000000000722083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f474b88c499ac892023-02-07 15:23:41.597root 11241100x8000000000000000722082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaa81897c6990982023-02-07 15:23:41.597root 11241100x8000000000000000722081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3f9755ee91a60c2023-02-07 15:23:41.597root 11241100x8000000000000000722080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:41.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6004292dee7c78e2023-02-07 15:23:41.597root 11241100x8000000000000000722087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0ce57a98cbfaca2023-02-07 15:23:42.095root 11241100x8000000000000000722086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e1725e0e64614a2023-02-07 15:23:42.095root 11241100x8000000000000000722085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b4c396ea6d93fb2023-02-07 15:23:42.095root 11241100x8000000000000000722084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f4b0281b9afcc92023-02-07 15:23:42.095root 11241100x8000000000000000722093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac878b7d9bcca552023-02-07 15:23:42.096root 11241100x8000000000000000722092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8111d8f38667eefa2023-02-07 15:23:42.096root 11241100x8000000000000000722091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e5d245f944cea82023-02-07 15:23:42.096root 11241100x8000000000000000722090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97b6d7439ff7c412023-02-07 15:23:42.096root 11241100x8000000000000000722089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e790e4c931fdc22023-02-07 15:23:42.096root 11241100x8000000000000000722088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be7766feb18ca742023-02-07 15:23:42.096root 11241100x8000000000000000722096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55c8165ddba274a2023-02-07 15:23:42.097root 11241100x8000000000000000722095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dea7b74f0c0c112023-02-07 15:23:42.097root 11241100x8000000000000000722094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50ef25447b22bac2023-02-07 15:23:42.097root 11241100x8000000000000000722103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3494bf3220d8868e2023-02-07 15:23:42.595root 11241100x8000000000000000722102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e5de4417e37aee2023-02-07 15:23:42.595root 11241100x8000000000000000722101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de5908a385466f2023-02-07 15:23:42.595root 11241100x8000000000000000722100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ca28312e7adc662023-02-07 15:23:42.595root 11241100x8000000000000000722099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12348a48c9f6eb1a2023-02-07 15:23:42.595root 11241100x8000000000000000722098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8684c2fe0e1f35162023-02-07 15:23:42.595root 11241100x8000000000000000722097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bb701b616b0c0f2023-02-07 15:23:42.595root 11241100x8000000000000000722109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c914f87a167561a2023-02-07 15:23:42.596root 11241100x8000000000000000722108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8954db8ba0b2222023-02-07 15:23:42.596root 11241100x8000000000000000722107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf22af76934e97482023-02-07 15:23:42.596root 11241100x8000000000000000722106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2aef1646f566892023-02-07 15:23:42.596root 11241100x8000000000000000722105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d7460538048c572023-02-07 15:23:42.596root 11241100x8000000000000000722104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:42.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3df0662ad1da8932023-02-07 15:23:42.596root 11241100x8000000000000000722110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce4850aa2c6fe1e2023-02-07 15:23:43.095root 11241100x8000000000000000722115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fd88b438efb1552023-02-07 15:23:43.096root 11241100x8000000000000000722114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff3eff0247c81342023-02-07 15:23:43.096root 11241100x8000000000000000722113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adbd54fcec623b02023-02-07 15:23:43.096root 11241100x8000000000000000722112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58435d662bd5e22b2023-02-07 15:23:43.096root 11241100x8000000000000000722111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ade8c2236054c82023-02-07 15:23:43.096root 11241100x8000000000000000722118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfd887289d6608e2023-02-07 15:23:43.097root 11241100x8000000000000000722117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc74a70059032ee22023-02-07 15:23:43.097root 11241100x8000000000000000722116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4393890966d017312023-02-07 15:23:43.097root 11241100x8000000000000000722122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79305418bf69c5392023-02-07 15:23:43.098root 11241100x8000000000000000722121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a22041d834b7242023-02-07 15:23:43.098root 11241100x8000000000000000722120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831afcaf86074f702023-02-07 15:23:43.098root 11241100x8000000000000000722119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ad8ff29f96f76a2023-02-07 15:23:43.098root 11241100x8000000000000000722127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30fb5d31ecdbf082023-02-07 15:23:43.595root 11241100x8000000000000000722126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88425ee958018252023-02-07 15:23:43.595root 11241100x8000000000000000722125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a4a4d0c0358742023-02-07 15:23:43.595root 11241100x8000000000000000722124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a44b590b156740b2023-02-07 15:23:43.595root 11241100x8000000000000000722123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623f498aa1bc39772023-02-07 15:23:43.595root 11241100x8000000000000000722135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708350761fc042122023-02-07 15:23:43.596root 11241100x8000000000000000722134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a78ab54dbb61d82023-02-07 15:23:43.596root 11241100x8000000000000000722133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a278efbb5418db092023-02-07 15:23:43.596root 11241100x8000000000000000722132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafb353a83478d042023-02-07 15:23:43.596root 11241100x8000000000000000722131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8a31b46c3b0f2e2023-02-07 15:23:43.596root 11241100x8000000000000000722130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27695aca7b3bc5b22023-02-07 15:23:43.596root 11241100x8000000000000000722129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21cf529eea3bb6e2023-02-07 15:23:43.596root 11241100x8000000000000000722128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:43.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c9ca20caabada82023-02-07 15:23:43.596root 11241100x8000000000000000722136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245878f45f334382023-02-07 15:23:44.095root 11241100x8000000000000000722148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc96bfb26cb323b2023-02-07 15:23:44.096root 11241100x8000000000000000722147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1857c5d02160e01d2023-02-07 15:23:44.096root 11241100x8000000000000000722146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59ff61a6856d0182023-02-07 15:23:44.096root 11241100x8000000000000000722145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75eda93caf23b172023-02-07 15:23:44.096root 11241100x8000000000000000722144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02d7492541ba63e2023-02-07 15:23:44.096root 11241100x8000000000000000722143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72857b74b2b0c2f02023-02-07 15:23:44.096root 11241100x8000000000000000722142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e38f836e97224332023-02-07 15:23:44.096root 11241100x8000000000000000722141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f57041524566f342023-02-07 15:23:44.096root 11241100x8000000000000000722140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c690da4ffd089442023-02-07 15:23:44.096root 11241100x8000000000000000722139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc68498c0af46332023-02-07 15:23:44.096root 11241100x8000000000000000722138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb312df9352036cd2023-02-07 15:23:44.096root 11241100x8000000000000000722137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245639916f72e8562023-02-07 15:23:44.096root 11241100x8000000000000000722152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1a3c0ce7d3c9bc2023-02-07 15:23:44.595root 11241100x8000000000000000722151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22f63f3b07ec4ec2023-02-07 15:23:44.595root 11241100x8000000000000000722150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca96377233b64362023-02-07 15:23:44.595root 11241100x8000000000000000722149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c227fa685e94192023-02-07 15:23:44.595root 11241100x8000000000000000722160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc1724607463d642023-02-07 15:23:44.596root 11241100x8000000000000000722159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97bf00e4dece252023-02-07 15:23:44.596root 11241100x8000000000000000722158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9cb05560db674e2023-02-07 15:23:44.596root 11241100x8000000000000000722157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6958306680e3b28f2023-02-07 15:23:44.596root 11241100x8000000000000000722156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8290cdd9daba48012023-02-07 15:23:44.596root 11241100x8000000000000000722155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e90d49b3f6c3382023-02-07 15:23:44.596root 11241100x8000000000000000722154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67f8ca237bec6942023-02-07 15:23:44.596root 11241100x8000000000000000722153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b217763d290786002023-02-07 15:23:44.596root 11241100x8000000000000000722161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:44.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b694858e023f7e2023-02-07 15:23:44.597root 11241100x8000000000000000722167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad179b006ef934c2023-02-07 15:23:45.095root 11241100x8000000000000000722166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598113d7cedac5ad2023-02-07 15:23:45.095root 11241100x8000000000000000722165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1608eeb6bfc1cdee2023-02-07 15:23:45.095root 11241100x8000000000000000722164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e342edbc75e92ca2023-02-07 15:23:45.095root 11241100x8000000000000000722163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e7d12b4c0b4902023-02-07 15:23:45.095root 11241100x8000000000000000722162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edfdc5882cfab172023-02-07 15:23:45.095root 11241100x8000000000000000722174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527ecab7125ec0352023-02-07 15:23:45.096root 11241100x8000000000000000722173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d36f962b0ffcb92023-02-07 15:23:45.096root 11241100x8000000000000000722172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b42d0f56e5c18d2023-02-07 15:23:45.096root 11241100x8000000000000000722171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64471dcc1c61a282023-02-07 15:23:45.096root 11241100x8000000000000000722170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec48485645153b3a2023-02-07 15:23:45.096root 11241100x8000000000000000722169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caafa259db42a8482023-02-07 15:23:45.096root 11241100x8000000000000000722168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81952a97f17289ee2023-02-07 15:23:45.096root 11241100x8000000000000000722179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e0a2da1e8781712023-02-07 15:23:45.595root 11241100x8000000000000000722178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5b4fd77b353c702023-02-07 15:23:45.595root 11241100x8000000000000000722177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d897b0beb657a95f2023-02-07 15:23:45.595root 11241100x8000000000000000722176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c20da35c3b240392023-02-07 15:23:45.595root 11241100x8000000000000000722175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170296917016a8af2023-02-07 15:23:45.595root 11241100x8000000000000000722187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8117e6ccb6e6482023-02-07 15:23:45.596root 11241100x8000000000000000722186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac8b68f246792642023-02-07 15:23:45.596root 11241100x8000000000000000722185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58938650dbb464a62023-02-07 15:23:45.596root 11241100x8000000000000000722184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d2b374824f3ce32023-02-07 15:23:45.596root 11241100x8000000000000000722183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8a51ec247722322023-02-07 15:23:45.596root 11241100x8000000000000000722182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c80821ffaa9c7a2023-02-07 15:23:45.596root 11241100x8000000000000000722181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b4127ca508228d2023-02-07 15:23:45.596root 11241100x8000000000000000722180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:45.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8047bab4c8804e242023-02-07 15:23:45.596root 11241100x8000000000000000722192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32659adff4988912023-02-07 15:23:46.095root 11241100x8000000000000000722191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5871f876f128ba2023-02-07 15:23:46.095root 11241100x8000000000000000722190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc45f7b34d5c3a012023-02-07 15:23:46.095root 11241100x8000000000000000722189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7391c3cea065976c2023-02-07 15:23:46.095root 11241100x8000000000000000722188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19b956381544dd2023-02-07 15:23:46.095root 11241100x8000000000000000722199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b5c0a20651f0b22023-02-07 15:23:46.096root 11241100x8000000000000000722198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61987b40304aebb2023-02-07 15:23:46.096root 11241100x8000000000000000722197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d55d95f5601c4e2023-02-07 15:23:46.096root 11241100x8000000000000000722196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2061a61da07c0d2023-02-07 15:23:46.096root 11241100x8000000000000000722195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8055416a7e9b0cbb2023-02-07 15:23:46.096root 11241100x8000000000000000722194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f73d33c867e517d2023-02-07 15:23:46.096root 11241100x8000000000000000722193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bd187d7fce41242023-02-07 15:23:46.096root 11241100x8000000000000000722200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc176ca133b776b02023-02-07 15:23:46.097root 11241100x8000000000000000722205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac6f9a1a85280482023-02-07 15:23:46.595root 11241100x8000000000000000722204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bb154a1f04fcb22023-02-07 15:23:46.595root 11241100x8000000000000000722203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fd73281a7cfcfe2023-02-07 15:23:46.595root 11241100x8000000000000000722202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1575698b0b9636442023-02-07 15:23:46.595root 11241100x8000000000000000722201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5058b69f0e9bbc72023-02-07 15:23:46.595root 11241100x8000000000000000722213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6513c92d4d4f5c2023-02-07 15:23:46.596root 11241100x8000000000000000722212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc66c4800059e3e2023-02-07 15:23:46.596root 11241100x8000000000000000722211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec295d3dcdba21b2023-02-07 15:23:46.596root 11241100x8000000000000000722210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7198bfef9dd976502023-02-07 15:23:46.596root 11241100x8000000000000000722209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68baed1ed5e0cb42023-02-07 15:23:46.596root 11241100x8000000000000000722208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9916d3bfc770c52023-02-07 15:23:46.596root 11241100x8000000000000000722207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef41a55fe3b6cf72023-02-07 15:23:46.596root 11241100x8000000000000000722206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:46.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0d07ba472c7caa2023-02-07 15:23:46.596root 354300x8000000000000000722214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.068{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59870-false10.0.1.12-8000- 11241100x8000000000000000722216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6214f59a6900cfe82023-02-07 15:23:47.069root 11241100x8000000000000000722215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.069{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21747b91d363762e2023-02-07 15:23:47.069root 11241100x8000000000000000722225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5092c1d0264597b72023-02-07 15:23:47.070root 11241100x8000000000000000722224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca2dc29b782576f2023-02-07 15:23:47.070root 11241100x8000000000000000722223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcc924f05e2890e2023-02-07 15:23:47.070root 11241100x8000000000000000722222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e4fb41d00b06e22023-02-07 15:23:47.070root 11241100x8000000000000000722221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e669ae2da4ca01fc2023-02-07 15:23:47.070root 11241100x8000000000000000722220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcd15fe44600de32023-02-07 15:23:47.070root 11241100x8000000000000000722219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0461fcc786bcee2023-02-07 15:23:47.070root 11241100x8000000000000000722218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d47e318eaba99772023-02-07 15:23:47.070root 11241100x8000000000000000722217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.070{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3090b9dbfc68512023-02-07 15:23:47.070root 11241100x8000000000000000722228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f603685dd7e78132023-02-07 15:23:47.071root 11241100x8000000000000000722227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4577b73bf9e7450d2023-02-07 15:23:47.071root 11241100x8000000000000000722226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.071{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545a9d22b82e40eb2023-02-07 15:23:47.071root 11241100x8000000000000000722229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b59b66d4b2fdfa12023-02-07 15:23:47.346root 11241100x8000000000000000722239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a348cfab96a2b5c92023-02-07 15:23:47.347root 11241100x8000000000000000722238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06861ea905370072023-02-07 15:23:47.347root 11241100x8000000000000000722237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc7b3c599a0acb72023-02-07 15:23:47.347root 11241100x8000000000000000722236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db8f9a4637b776c2023-02-07 15:23:47.347root 11241100x8000000000000000722235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e34cda2157ed492023-02-07 15:23:47.347root 11241100x8000000000000000722234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74aa4157bbd8b0912023-02-07 15:23:47.347root 11241100x8000000000000000722233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff45e59a80162fec2023-02-07 15:23:47.347root 11241100x8000000000000000722232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634554b40436ae392023-02-07 15:23:47.347root 11241100x8000000000000000722231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8c6507cb8fea802023-02-07 15:23:47.347root 11241100x8000000000000000722230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c518c81728cc98422023-02-07 15:23:47.347root 11241100x8000000000000000722242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eb68bf27f1dd822023-02-07 15:23:47.348root 11241100x8000000000000000722241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20486f4a51a45c7c2023-02-07 15:23:47.348root 11241100x8000000000000000722240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d055c753008a54ff2023-02-07 15:23:47.348root 11241100x8000000000000000722243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f084d18beba3b3c2023-02-07 15:23:47.845root 11241100x8000000000000000722251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efe9586c169ad802023-02-07 15:23:47.846root 11241100x8000000000000000722250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed65a6473338272023-02-07 15:23:47.846root 11241100x8000000000000000722249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0d304a8f088aa42023-02-07 15:23:47.846root 11241100x8000000000000000722248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46f4e650655da142023-02-07 15:23:47.846root 11241100x8000000000000000722247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf27efcae547acb2023-02-07 15:23:47.846root 11241100x8000000000000000722246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac3cbe6532c77b12023-02-07 15:23:47.846root 11241100x8000000000000000722245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32342babcad1b5b2023-02-07 15:23:47.846root 11241100x8000000000000000722244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d18a2c291579f8a2023-02-07 15:23:47.846root 11241100x8000000000000000722256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1542a46c236504ad2023-02-07 15:23:47.847root 11241100x8000000000000000722255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b300af4f071740e12023-02-07 15:23:47.847root 11241100x8000000000000000722254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eda6c4d4e15b942023-02-07 15:23:47.847root 11241100x8000000000000000722253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a0e741d60bc2b32023-02-07 15:23:47.847root 11241100x8000000000000000722252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:47.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef401f4bcd5a87342023-02-07 15:23:47.847root 11241100x8000000000000000722257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41e3b582822b3212023-02-07 15:23:48.345root 11241100x8000000000000000722261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435c54d5499d4aa22023-02-07 15:23:48.346root 11241100x8000000000000000722260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04167eab92bd5662023-02-07 15:23:48.346root 11241100x8000000000000000722259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cd98b132bcd18c2023-02-07 15:23:48.346root 11241100x8000000000000000722258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8027b1311523febc2023-02-07 15:23:48.346root 11241100x8000000000000000722262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79dc2f3d945b2d52023-02-07 15:23:48.347root 11241100x8000000000000000722266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f51c68261d1732023-02-07 15:23:48.348root 11241100x8000000000000000722265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2580731dafd80b2023-02-07 15:23:48.348root 11241100x8000000000000000722264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9216ba3049c412f2023-02-07 15:23:48.348root 11241100x8000000000000000722263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4dd81a217cf6072023-02-07 15:23:48.348root 11241100x8000000000000000722270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b61b2790afc3c42023-02-07 15:23:48.349root 11241100x8000000000000000722269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0be8ddc8b3b162023-02-07 15:23:48.349root 11241100x8000000000000000722268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831e4a9baa87506f2023-02-07 15:23:48.349root 11241100x8000000000000000722267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4df4e039ccd4afc2023-02-07 15:23:48.349root 11241100x8000000000000000722273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9acb1fd4db21b472023-02-07 15:23:48.845root 11241100x8000000000000000722272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71707595f56be3602023-02-07 15:23:48.845root 11241100x8000000000000000722271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b1f53bbc048fc2023-02-07 15:23:48.845root 11241100x8000000000000000722283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3929237ec81fd92023-02-07 15:23:48.846root 11241100x8000000000000000722282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ad32b0d1dfbc612023-02-07 15:23:48.846root 11241100x8000000000000000722281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d003e36567b7ba7e2023-02-07 15:23:48.846root 11241100x8000000000000000722280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bf05537c4734702023-02-07 15:23:48.846root 11241100x8000000000000000722279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53d0f7137df73b2023-02-07 15:23:48.846root 11241100x8000000000000000722278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbb8d345beed7912023-02-07 15:23:48.846root 11241100x8000000000000000722277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943a8c31693519d42023-02-07 15:23:48.846root 11241100x8000000000000000722276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7387af38d9afba2023-02-07 15:23:48.846root 11241100x8000000000000000722275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6070b9b2e5f61a12023-02-07 15:23:48.846root 11241100x8000000000000000722274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd655c8fe936f4472023-02-07 15:23:48.846root 11241100x8000000000000000722284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:48.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454eabb4c88dbdb22023-02-07 15:23:48.847root 11241100x8000000000000000722287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebbcc82f81270ac2023-02-07 15:23:49.345root 11241100x8000000000000000722286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac69310c5265a542023-02-07 15:23:49.345root 11241100x8000000000000000722285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7675aed8f7aa1612023-02-07 15:23:49.345root 11241100x8000000000000000722298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ad9b0c57709e6d2023-02-07 15:23:49.346root 11241100x8000000000000000722297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3c3e6832ab5d642023-02-07 15:23:49.346root 11241100x8000000000000000722296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aed156523f879882023-02-07 15:23:49.346root 11241100x8000000000000000722295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bafe80ca877d5b2023-02-07 15:23:49.346root 11241100x8000000000000000722294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03294fa6f28c56222023-02-07 15:23:49.346root 11241100x8000000000000000722293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f76db336f8ef0aa2023-02-07 15:23:49.346root 11241100x8000000000000000722292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb512638bd998e5c2023-02-07 15:23:49.346root 11241100x8000000000000000722291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366fe94c310e3bd52023-02-07 15:23:49.346root 11241100x8000000000000000722290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc42f1312d3471dd2023-02-07 15:23:49.346root 11241100x8000000000000000722289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9724e2f627f7d99b2023-02-07 15:23:49.346root 11241100x8000000000000000722288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d714add3ea92ca52023-02-07 15:23:49.346root 11241100x8000000000000000722300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2f2f6db549ee552023-02-07 15:23:49.845root 11241100x8000000000000000722299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba843d5380d4c8d2023-02-07 15:23:49.845root 11241100x8000000000000000722310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1e83af75deb94d2023-02-07 15:23:49.846root 11241100x8000000000000000722309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6651196f686e6f762023-02-07 15:23:49.846root 11241100x8000000000000000722308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d9e668079898c32023-02-07 15:23:49.846root 11241100x8000000000000000722307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef85886c10f23b82023-02-07 15:23:49.846root 11241100x8000000000000000722306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599230a604df2e422023-02-07 15:23:49.846root 11241100x8000000000000000722305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e995cc64b5c62e82023-02-07 15:23:49.846root 11241100x8000000000000000722304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7785f6649879ec42023-02-07 15:23:49.846root 11241100x8000000000000000722303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c896eb721c572c2023-02-07 15:23:49.846root 11241100x8000000000000000722302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6303eafcb4b8692023-02-07 15:23:49.846root 11241100x8000000000000000722301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4522d7d0505cde5b2023-02-07 15:23:49.846root 11241100x8000000000000000722312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f370592c644a56fc2023-02-07 15:23:49.847root 11241100x8000000000000000722311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:49.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf18273f04c4cc72023-02-07 15:23:49.847root 11241100x8000000000000000722313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957e9af6599f73502023-02-07 15:23:50.345root 11241100x8000000000000000722323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e5e1be2382904c2023-02-07 15:23:50.346root 11241100x8000000000000000722322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bd4aad4c7a5bd82023-02-07 15:23:50.346root 11241100x8000000000000000722321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa4d89054ad98672023-02-07 15:23:50.346root 11241100x8000000000000000722320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdfd01c3f78a3c22023-02-07 15:23:50.346root 11241100x8000000000000000722319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb68a1e6f8338312023-02-07 15:23:50.346root 11241100x8000000000000000722318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d8bba0742dd89b2023-02-07 15:23:50.346root 11241100x8000000000000000722317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30a4592355cac112023-02-07 15:23:50.346root 11241100x8000000000000000722316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fb9bcddc527e312023-02-07 15:23:50.346root 11241100x8000000000000000722315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd9093d6018c80e2023-02-07 15:23:50.346root 11241100x8000000000000000722314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721ab14bd59d29f42023-02-07 15:23:50.346root 11241100x8000000000000000722326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6e0097de60e4c12023-02-07 15:23:50.347root 11241100x8000000000000000722325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21059f1eaf0cec7d2023-02-07 15:23:50.347root 11241100x8000000000000000722324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d233988907b8ee12023-02-07 15:23:50.347root 11241100x8000000000000000722328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5514a9209f2a71722023-02-07 15:23:50.845root 11241100x8000000000000000722327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042166f9f706a8942023-02-07 15:23:50.845root 11241100x8000000000000000722340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190212b0838e94602023-02-07 15:23:50.846root 11241100x8000000000000000722339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fbb7f5261061c02023-02-07 15:23:50.846root 11241100x8000000000000000722338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c7bf9c81c3090d2023-02-07 15:23:50.846root 11241100x8000000000000000722337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def311a21e58b6d92023-02-07 15:23:50.846root 11241100x8000000000000000722336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad67a6a5ebe4b77f2023-02-07 15:23:50.846root 11241100x8000000000000000722335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413bde97139fd4702023-02-07 15:23:50.846root 11241100x8000000000000000722334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c09207e64a499bf2023-02-07 15:23:50.846root 11241100x8000000000000000722333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da4402fc89293502023-02-07 15:23:50.846root 11241100x8000000000000000722332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c8d1585f68df92023-02-07 15:23:50.846root 11241100x8000000000000000722331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b6bd9b036775cb2023-02-07 15:23:50.846root 11241100x8000000000000000722330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829f15a562ff7e7c2023-02-07 15:23:50.846root 11241100x8000000000000000722329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:50.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8915b01258b1c52023-02-07 15:23:50.846root 11241100x8000000000000000722353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1944fc07c82bbe5c2023-02-07 15:23:51.346root 11241100x8000000000000000722352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da6abe9dcc37302023-02-07 15:23:51.346root 11241100x8000000000000000722351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f383866c0995252023-02-07 15:23:51.346root 11241100x8000000000000000722350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6a88d4f6c4da402023-02-07 15:23:51.346root 11241100x8000000000000000722349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb10bd2b37c034882023-02-07 15:23:51.346root 11241100x8000000000000000722348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4382276efec7d1e92023-02-07 15:23:51.346root 11241100x8000000000000000722347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff37b97b5f7c7c7f2023-02-07 15:23:51.346root 11241100x8000000000000000722346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408768d311d96edc2023-02-07 15:23:51.346root 11241100x8000000000000000722345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597e6f3a49a0666e2023-02-07 15:23:51.346root 11241100x8000000000000000722344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb600a81887e18472023-02-07 15:23:51.346root 11241100x8000000000000000722343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0d7023302169d12023-02-07 15:23:51.346root 11241100x8000000000000000722342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb8739ecaa4ac3c2023-02-07 15:23:51.346root 11241100x8000000000000000722341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801e72d82b089f262023-02-07 15:23:51.346root 11241100x8000000000000000722354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c397c05406777f2023-02-07 15:23:51.347root 11241100x8000000000000000722359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb89d006f3f6e902023-02-07 15:23:51.846root 11241100x8000000000000000722358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64f732aaaef5e8c2023-02-07 15:23:51.846root 11241100x8000000000000000722357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b705351bd6303e2023-02-07 15:23:51.846root 11241100x8000000000000000722356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce62979285d32bf2023-02-07 15:23:51.846root 11241100x8000000000000000722355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba248cf0f0098fc2023-02-07 15:23:51.846root 11241100x8000000000000000722366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f6ee6edc022fe82023-02-07 15:23:51.847root 11241100x8000000000000000722365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c2ec6bebd7ae1b2023-02-07 15:23:51.847root 11241100x8000000000000000722364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2251c228b2aac39c2023-02-07 15:23:51.847root 11241100x8000000000000000722363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28edc45cbc702bde2023-02-07 15:23:51.847root 11241100x8000000000000000722362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9d99cb8e93c2712023-02-07 15:23:51.847root 11241100x8000000000000000722361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5874e5b9968c81f02023-02-07 15:23:51.847root 11241100x8000000000000000722360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4668bf1c4f38bcb32023-02-07 15:23:51.847root 11241100x8000000000000000722368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f66aa8a42e6ee572023-02-07 15:23:51.848root 11241100x8000000000000000722367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:51.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dc4f7072714f5c2023-02-07 15:23:51.848root 11241100x8000000000000000722369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2df0649d2bb8f6a2023-02-07 15:23:52.345root 11241100x8000000000000000722382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bc4fd3bc84072c2023-02-07 15:23:52.346root 11241100x8000000000000000722381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa5bdfc8bc0e3de2023-02-07 15:23:52.346root 11241100x8000000000000000722380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831463436abcf0af2023-02-07 15:23:52.346root 11241100x8000000000000000722379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef1fdbfaf27f9a02023-02-07 15:23:52.346root 11241100x8000000000000000722378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889eec50c41276252023-02-07 15:23:52.346root 11241100x8000000000000000722377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7cffb3d5e505982023-02-07 15:23:52.346root 11241100x8000000000000000722376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787abb7d5b5706242023-02-07 15:23:52.346root 11241100x8000000000000000722375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430754da7e2c3c032023-02-07 15:23:52.346root 11241100x8000000000000000722374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8068f78787dbb4182023-02-07 15:23:52.346root 11241100x8000000000000000722373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d63daded632e262023-02-07 15:23:52.346root 11241100x8000000000000000722372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c944b6a4be3c32d2023-02-07 15:23:52.346root 11241100x8000000000000000722371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e64d13092be607b2023-02-07 15:23:52.346root 11241100x8000000000000000722370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5614f9b47380f1fe2023-02-07 15:23:52.346root 11241100x8000000000000000722383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de6173bd7289e7d2023-02-07 15:23:52.845root 11241100x8000000000000000722396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913f03e13e2666252023-02-07 15:23:52.846root 11241100x8000000000000000722395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b3327b93478ee62023-02-07 15:23:52.846root 11241100x8000000000000000722394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25c803af48bd2912023-02-07 15:23:52.846root 11241100x8000000000000000722393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c18f14a033cbde72023-02-07 15:23:52.846root 11241100x8000000000000000722392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e6d4b7cad3aed92023-02-07 15:23:52.846root 11241100x8000000000000000722391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2c5278205cf8452023-02-07 15:23:52.846root 11241100x8000000000000000722390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe20ccd84dbe5de2023-02-07 15:23:52.846root 11241100x8000000000000000722389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c898bc7a0d0a5abb2023-02-07 15:23:52.846root 11241100x8000000000000000722388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11237cea86949b032023-02-07 15:23:52.846root 11241100x8000000000000000722387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecf8a10d80decd82023-02-07 15:23:52.846root 11241100x8000000000000000722386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71652c1045fead3c2023-02-07 15:23:52.846root 11241100x8000000000000000722385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b8a34f01b5bb772023-02-07 15:23:52.846root 11241100x8000000000000000722384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:52.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f607ff9b0e6018082023-02-07 15:23:52.846root 354300x8000000000000000722397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.055{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59886-false10.0.1.12-8000- 11241100x8000000000000000722403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5487742e5f59940a2023-02-07 15:23:53.346root 11241100x8000000000000000722402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea815bf3c27c9122023-02-07 15:23:53.346root 11241100x8000000000000000722401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72b9d699d44e67e2023-02-07 15:23:53.346root 11241100x8000000000000000722400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c5caa900b00d382023-02-07 15:23:53.346root 11241100x8000000000000000722399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d94c4db9300d0e2023-02-07 15:23:53.346root 11241100x8000000000000000722398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2925516cf9b39ca72023-02-07 15:23:53.346root 11241100x8000000000000000722412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee6ebda6a284d222023-02-07 15:23:53.347root 11241100x8000000000000000722411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccc5a38b55fe78a2023-02-07 15:23:53.347root 11241100x8000000000000000722410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5501ef6652b387d72023-02-07 15:23:53.347root 11241100x8000000000000000722409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815e2a30283a36702023-02-07 15:23:53.347root 11241100x8000000000000000722408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e747b311b04dd92023-02-07 15:23:53.347root 11241100x8000000000000000722407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3253556c0b4e8aa62023-02-07 15:23:53.347root 11241100x8000000000000000722406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df847d650ff694002023-02-07 15:23:53.347root 11241100x8000000000000000722405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a31d293ea2f57662023-02-07 15:23:53.347root 11241100x8000000000000000722404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b494f3c2ad85f8ce2023-02-07 15:23:53.347root 11241100x8000000000000000722421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab93caf1dfc9b4e2023-02-07 15:23:53.846root 11241100x8000000000000000722420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086160079f93b1b82023-02-07 15:23:53.846root 11241100x8000000000000000722419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1539e41ee2b82c102023-02-07 15:23:53.846root 11241100x8000000000000000722418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad97a4b3694f4cde2023-02-07 15:23:53.846root 11241100x8000000000000000722417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee4bb28eea038f42023-02-07 15:23:53.846root 11241100x8000000000000000722416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa067904bc6a4f2023-02-07 15:23:53.846root 11241100x8000000000000000722415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f89421d8e47b5b2023-02-07 15:23:53.846root 11241100x8000000000000000722414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dda6592b07933942023-02-07 15:23:53.846root 11241100x8000000000000000722413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9f6916b0fe33e92023-02-07 15:23:53.846root 11241100x8000000000000000722427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e373392053496f5d2023-02-07 15:23:53.847root 11241100x8000000000000000722426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d793395c665e04c52023-02-07 15:23:53.847root 11241100x8000000000000000722425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce60767d26e8c7f72023-02-07 15:23:53.847root 11241100x8000000000000000722424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779fbde1840b77052023-02-07 15:23:53.847root 11241100x8000000000000000722423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bde54b4d651f47b2023-02-07 15:23:53.847root 11241100x8000000000000000722422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:53.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50df6e697f789c6d2023-02-07 15:23:53.847root 11241100x8000000000000000722428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd9bd311f5a9ff92023-02-07 15:23:54.345root 11241100x8000000000000000722438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0183de2b9a67e22023-02-07 15:23:54.346root 11241100x8000000000000000722437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f099bc17d5df3c2023-02-07 15:23:54.346root 11241100x8000000000000000722436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d639341c0324ae2023-02-07 15:23:54.346root 11241100x8000000000000000722435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5706f242a6fc49322023-02-07 15:23:54.346root 11241100x8000000000000000722434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e107f199a8666d012023-02-07 15:23:54.346root 11241100x8000000000000000722433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f330ff1aab673d32023-02-07 15:23:54.346root 11241100x8000000000000000722432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ba84c6762962ab2023-02-07 15:23:54.346root 11241100x8000000000000000722431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b093de92c8b49632023-02-07 15:23:54.346root 11241100x8000000000000000722430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edaf9b92e5e06f92023-02-07 15:23:54.346root 11241100x8000000000000000722429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893107d637cfdb32023-02-07 15:23:54.346root 11241100x8000000000000000722442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf83118ab8fc714c2023-02-07 15:23:54.347root 11241100x8000000000000000722441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112a5a2e8f7a1dd92023-02-07 15:23:54.347root 11241100x8000000000000000722440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79eeb23de12c09f2023-02-07 15:23:54.347root 11241100x8000000000000000722439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d41c57528f6ed912023-02-07 15:23:54.347root 11241100x8000000000000000722444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.727{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433f22fa78e327c62023-02-07 15:23:54.727root 11241100x8000000000000000722443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.727{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-07 15:23:54.727root 11241100x8000000000000000722455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9172343287125ef02023-02-07 15:23:54.728root 11241100x8000000000000000722454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b721ef237c23b942023-02-07 15:23:54.728root 11241100x8000000000000000722453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e01f20da4110c322023-02-07 15:23:54.728root 11241100x8000000000000000722452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553b62dc130a615e2023-02-07 15:23:54.728root 11241100x8000000000000000722451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8238eb34052202023-02-07 15:23:54.728root 11241100x8000000000000000722450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fadba9a4295c8a2023-02-07 15:23:54.728root 11241100x8000000000000000722449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e3a972e9b034ce2023-02-07 15:23:54.728root 11241100x8000000000000000722448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c6ea73eabecbfa2023-02-07 15:23:54.728root 11241100x8000000000000000722447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baac6cf73330d54f2023-02-07 15:23:54.728root 11241100x8000000000000000722446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57047721d6a4343e2023-02-07 15:23:54.728root 11241100x8000000000000000722445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.728{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2fe50be8fcafda2023-02-07 15:23:54.728root 11241100x8000000000000000722459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a4c25c1328800b2023-02-07 15:23:54.729root 11241100x8000000000000000722458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624ff9909a8f15c22023-02-07 15:23:54.729root 11241100x8000000000000000722457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3336b14b937bb21d2023-02-07 15:23:54.729root 11241100x8000000000000000722456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:54.729{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80345ddb692c38312023-02-07 15:23:54.729root 11241100x8000000000000000722471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619ecc5c0089fcee2023-02-07 15:23:55.096root 11241100x8000000000000000722470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c717a5aeee7e52023-02-07 15:23:55.096root 11241100x8000000000000000722469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2d5b6cf408f3822023-02-07 15:23:55.096root 11241100x8000000000000000722468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17943fc9e35ce2242023-02-07 15:23:55.096root 11241100x8000000000000000722467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27db20b68b34308d2023-02-07 15:23:55.096root 11241100x8000000000000000722466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daed1653cac57142023-02-07 15:23:55.096root 11241100x8000000000000000722465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1ed16cf60f0ab22023-02-07 15:23:55.096root 11241100x8000000000000000722464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b247afb792773d842023-02-07 15:23:55.096root 11241100x8000000000000000722463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99e32c5f274e33a2023-02-07 15:23:55.096root 11241100x8000000000000000722462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8164f08fe87f0852023-02-07 15:23:55.096root 11241100x8000000000000000722461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5526b58b787d706c2023-02-07 15:23:55.096root 11241100x8000000000000000722460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe34f1139cc6d832023-02-07 15:23:55.096root 11241100x8000000000000000722475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7d656c4a2426b32023-02-07 15:23:55.097root 11241100x8000000000000000722474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74482c20a0b8b3f12023-02-07 15:23:55.097root 11241100x8000000000000000722473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959f2e980c7c90922023-02-07 15:23:55.097root 11241100x8000000000000000722472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b3c221ffe326322023-02-07 15:23:55.097root 11241100x8000000000000000722480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03308217da5930a42023-02-07 15:23:55.595root 11241100x8000000000000000722479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765b5cc2f9c7f9ed2023-02-07 15:23:55.595root 11241100x8000000000000000722478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad6adeb74b563602023-02-07 15:23:55.595root 11241100x8000000000000000722477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f43f9461d109f722023-02-07 15:23:55.595root 11241100x8000000000000000722476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f36125f067c55a02023-02-07 15:23:55.595root 11241100x8000000000000000722484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535566623b49a26d2023-02-07 15:23:55.596root 11241100x8000000000000000722483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2eccbd0df03c282023-02-07 15:23:55.596root 11241100x8000000000000000722482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374fbe6ce5965fd62023-02-07 15:23:55.596root 11241100x8000000000000000722481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8b3fa3f8bd9c492023-02-07 15:23:55.596root 11241100x8000000000000000722489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3f10dd0220a55a2023-02-07 15:23:55.597root 11241100x8000000000000000722488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9196d62d63b9227f2023-02-07 15:23:55.597root 11241100x8000000000000000722487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5f55eb59b20d482023-02-07 15:23:55.597root 11241100x8000000000000000722486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bca989ef1ba41d02023-02-07 15:23:55.597root 11241100x8000000000000000722485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d8ebf79a886fa82023-02-07 15:23:55.597root 11241100x8000000000000000722491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d87a8db8f1a0a42023-02-07 15:23:55.598root 11241100x8000000000000000722490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9259636df1fc452c2023-02-07 15:23:55.598root 11241100x8000000000000000722492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:55.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c3feae2d3397f62023-02-07 15:23:55.601root 11241100x8000000000000000722505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf32bfe193435fc2023-02-07 15:23:56.096root 11241100x8000000000000000722504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095c27a496e16d3b2023-02-07 15:23:56.096root 11241100x8000000000000000722503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ddf9ed5008a0d12023-02-07 15:23:56.096root 11241100x8000000000000000722502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58c6cfcbb3529dc2023-02-07 15:23:56.096root 11241100x8000000000000000722501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c450c8ad28779cf2023-02-07 15:23:56.096root 11241100x8000000000000000722500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b312ff8b188cceed2023-02-07 15:23:56.096root 11241100x8000000000000000722499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898b1303f964296e2023-02-07 15:23:56.096root 11241100x8000000000000000722498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b2872622ca09eb2023-02-07 15:23:56.096root 11241100x8000000000000000722497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc99a0654cf624da2023-02-07 15:23:56.096root 11241100x8000000000000000722496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3617c62193143a662023-02-07 15:23:56.096root 11241100x8000000000000000722495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b1750578ad98072023-02-07 15:23:56.096root 11241100x8000000000000000722494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b15ff25c7070f172023-02-07 15:23:56.096root 11241100x8000000000000000722493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cf180615b53b832023-02-07 15:23:56.096root 11241100x8000000000000000722508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39bd8606fe3d10d2023-02-07 15:23:56.097root 11241100x8000000000000000722507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f9490860c80e602023-02-07 15:23:56.097root 11241100x8000000000000000722506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd62db449364f5e22023-02-07 15:23:56.097root 11241100x8000000000000000722509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68f1fe513f7ce3e2023-02-07 15:23:56.595root 11241100x8000000000000000722520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f997a0c731a0cdd2023-02-07 15:23:56.596root 11241100x8000000000000000722519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc2d1edbbf35d9f2023-02-07 15:23:56.596root 11241100x8000000000000000722518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30beaa3ea20cce62023-02-07 15:23:56.596root 11241100x8000000000000000722517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350d19c869898fe02023-02-07 15:23:56.596root 11241100x8000000000000000722516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763c0b84d4cefcad2023-02-07 15:23:56.596root 11241100x8000000000000000722515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9e45b2a809c8e22023-02-07 15:23:56.596root 11241100x8000000000000000722514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39088f187c8a94122023-02-07 15:23:56.596root 11241100x8000000000000000722513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9de69ad0cb92792023-02-07 15:23:56.596root 11241100x8000000000000000722512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861ed3077a62d1bb2023-02-07 15:23:56.596root 11241100x8000000000000000722511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae660153ca52e5c2023-02-07 15:23:56.596root 11241100x8000000000000000722510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dbe6a771f4c1d72023-02-07 15:23:56.596root 11241100x8000000000000000722524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3abde8147282f72023-02-07 15:23:56.597root 11241100x8000000000000000722523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a646ade1488491e42023-02-07 15:23:56.597root 11241100x8000000000000000722522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687fdd362997bc122023-02-07 15:23:56.597root 11241100x8000000000000000722521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:56.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460288b290eb5a8c2023-02-07 15:23:56.597root 11241100x8000000000000000722528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635aa9cc58b634552023-02-07 15:23:57.095root 11241100x8000000000000000722527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473c64268b843fda2023-02-07 15:23:57.095root 11241100x8000000000000000722526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba30573e6877d70e2023-02-07 15:23:57.095root 11241100x8000000000000000722525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6930bf573927f1b82023-02-07 15:23:57.095root 11241100x8000000000000000722535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7a9bfd6150ad392023-02-07 15:23:57.096root 11241100x8000000000000000722534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401aa5536f1fe85d2023-02-07 15:23:57.096root 11241100x8000000000000000722533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0122c699c244762023-02-07 15:23:57.096root 11241100x8000000000000000722532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46fa9052a7492322023-02-07 15:23:57.096root 11241100x8000000000000000722531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549d2f81b2811422023-02-07 15:23:57.096root 11241100x8000000000000000722530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6347c5bd942c7122023-02-07 15:23:57.096root 11241100x8000000000000000722529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264afb1e965a3fcb2023-02-07 15:23:57.096root 11241100x8000000000000000722540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abda851d1eb44792023-02-07 15:23:57.097root 11241100x8000000000000000722539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f94e226293d0b22023-02-07 15:23:57.097root 11241100x8000000000000000722538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2759cbdacabf764d2023-02-07 15:23:57.097root 11241100x8000000000000000722537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d6fd96bbab58842023-02-07 15:23:57.097root 11241100x8000000000000000722536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44be34712ad21ae2023-02-07 15:23:57.097root 11241100x8000000000000000722544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddf090426cd3ee82023-02-07 15:23:57.595root 11241100x8000000000000000722543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158d48b012c8dc102023-02-07 15:23:57.595root 11241100x8000000000000000722542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e51f3e2289d76c2023-02-07 15:23:57.595root 11241100x8000000000000000722541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba2f669a88888f22023-02-07 15:23:57.595root 11241100x8000000000000000722549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351193398fd724472023-02-07 15:23:57.596root 11241100x8000000000000000722548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc49e46384fee9c2023-02-07 15:23:57.596root 11241100x8000000000000000722547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bd46d788636e2b2023-02-07 15:23:57.596root 11241100x8000000000000000722546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30047729fa8daf2023-02-07 15:23:57.596root 11241100x8000000000000000722545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f8d5ed260007b62023-02-07 15:23:57.596root 11241100x8000000000000000722554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d146d52cf8a320912023-02-07 15:23:57.597root 11241100x8000000000000000722553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aed58888d41ade2023-02-07 15:23:57.597root 11241100x8000000000000000722552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c6aa75f664d5702023-02-07 15:23:57.597root 11241100x8000000000000000722551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d99d1f8f6b2a622023-02-07 15:23:57.597root 11241100x8000000000000000722550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d6a2b1f4755fb92023-02-07 15:23:57.597root 11241100x8000000000000000722556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c437320b1ab2a592023-02-07 15:23:57.598root 11241100x8000000000000000722555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6b8e1b01cdfce32023-02-07 15:23:57.598root 23542300x8000000000000000722557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:57.728{ec244aba-32ca-63e2-605c-1e356e550000}5624root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000722561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ccf53219262f262023-02-07 15:23:58.095root 11241100x8000000000000000722560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26bdf09b3ee0b172023-02-07 15:23:58.095root 11241100x8000000000000000722559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9fc8c4784a5b202023-02-07 15:23:58.095root 11241100x8000000000000000722558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4ee3b8fcc815532023-02-07 15:23:58.095root 11241100x8000000000000000722569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8793dca20925d022023-02-07 15:23:58.096root 11241100x8000000000000000722568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b8bbed8a8935832023-02-07 15:23:58.096root 11241100x8000000000000000722567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e8ef8936a2f6e82023-02-07 15:23:58.096root 11241100x8000000000000000722566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332384cf5d657dae2023-02-07 15:23:58.096root 11241100x8000000000000000722565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865a751b592878222023-02-07 15:23:58.096root 11241100x8000000000000000722564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcafd8577bc86e7e2023-02-07 15:23:58.096root 11241100x8000000000000000722563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a5e8e3f5599f072023-02-07 15:23:58.096root 11241100x8000000000000000722562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e41326fbcdadce82023-02-07 15:23:58.096root 11241100x8000000000000000722574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c827f280a3ff14f2023-02-07 15:23:58.097root 11241100x8000000000000000722573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7b0b8cd8ffd00d2023-02-07 15:23:58.097root 11241100x8000000000000000722572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9062a22111fddbf92023-02-07 15:23:58.097root 11241100x8000000000000000722571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e38625216d3a7a12023-02-07 15:23:58.097root 11241100x8000000000000000722570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55930e669001d252023-02-07 15:23:58.097root 11241100x8000000000000000722576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bb48d6b44662072023-02-07 15:23:58.098root 11241100x8000000000000000722575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471b91b5b81bc7f82023-02-07 15:23:58.098root 11241100x8000000000000000722577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ae540ec21cc8ad2023-02-07 15:23:58.099root 354300x8000000000000000722578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.132{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60240-false10.0.1.12-8000- 11241100x8000000000000000722583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad53ef9afa5ff7302023-02-07 15:23:58.595root 11241100x8000000000000000722582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545bbc552e8764bb2023-02-07 15:23:58.595root 11241100x8000000000000000722581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04155f91f0b4a422023-02-07 15:23:58.595root 11241100x8000000000000000722580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a90e326531251212023-02-07 15:23:58.595root 11241100x8000000000000000722579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dc59c887cf755f2023-02-07 15:23:58.595root 11241100x8000000000000000722592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0f1464a48b43f22023-02-07 15:23:58.596root 11241100x8000000000000000722591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5268d312e250a42023-02-07 15:23:58.596root 11241100x8000000000000000722590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98093e7f9ed77b232023-02-07 15:23:58.596root 11241100x8000000000000000722589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcaed029f4cf2532023-02-07 15:23:58.596root 11241100x8000000000000000722588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffc0db1d6068ee22023-02-07 15:23:58.596root 11241100x8000000000000000722587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da77a9aa9a028f12023-02-07 15:23:58.596root 11241100x8000000000000000722586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13a722b708a17c02023-02-07 15:23:58.596root 11241100x8000000000000000722585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5ea3d416c352fa2023-02-07 15:23:58.596root 11241100x8000000000000000722584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74ec22043e2384b2023-02-07 15:23:58.596root 11241100x8000000000000000722598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f727bcf2ef409db62023-02-07 15:23:58.597root 11241100x8000000000000000722597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e05fc71dac1ee562023-02-07 15:23:58.597root 11241100x8000000000000000722596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdb2f7a0deafa602023-02-07 15:23:58.597root 11241100x8000000000000000722595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bfdfe901e9e92c2023-02-07 15:23:58.597root 11241100x8000000000000000722594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a163f971118c97d2023-02-07 15:23:58.597root 11241100x8000000000000000722593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:58.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dfce9aa67d43ac2023-02-07 15:23:58.597root 11241100x8000000000000000722608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92485ebf937d68dc2023-02-07 15:23:59.096root 11241100x8000000000000000722607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1729909cb527ca2023-02-07 15:23:59.096root 11241100x8000000000000000722606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075d8b9e0a42bbd22023-02-07 15:23:59.096root 11241100x8000000000000000722605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165efdd94bc80de02023-02-07 15:23:59.096root 11241100x8000000000000000722604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0bd2656de2af7c2023-02-07 15:23:59.096root 11241100x8000000000000000722603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443e1e4cc4e296d62023-02-07 15:23:59.096root 11241100x8000000000000000722602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a98a57d1c394452023-02-07 15:23:59.096root 11241100x8000000000000000722601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8abad5ac2b57582023-02-07 15:23:59.096root 11241100x8000000000000000722600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3254d778c75a91c2023-02-07 15:23:59.096root 11241100x8000000000000000722599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c39ee7a41686c302023-02-07 15:23:59.096root 11241100x8000000000000000722616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290df3783bec36182023-02-07 15:23:59.097root 11241100x8000000000000000722615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082b2f771e3187812023-02-07 15:23:59.097root 11241100x8000000000000000722614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ecb3ff4f2689bd2023-02-07 15:23:59.097root 11241100x8000000000000000722613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3283edc35f56ba2023-02-07 15:23:59.097root 11241100x8000000000000000722612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f36b942e07416b32023-02-07 15:23:59.097root 11241100x8000000000000000722611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a78371be19e12f2023-02-07 15:23:59.097root 11241100x8000000000000000722610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c871696879b7fb92023-02-07 15:23:59.097root 11241100x8000000000000000722609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e223c8aa4d9d23e22023-02-07 15:23:59.097root 11241100x8000000000000000722621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c492021dbb597d2023-02-07 15:23:59.595root 11241100x8000000000000000722620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a823fd0f74f216a52023-02-07 15:23:59.595root 11241100x8000000000000000722619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8c91e662ac68252023-02-07 15:23:59.595root 11241100x8000000000000000722618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc64b8f49af694c2023-02-07 15:23:59.595root 11241100x8000000000000000722617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccafa643106d56ef2023-02-07 15:23:59.595root 11241100x8000000000000000722628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4480d9573e42c72023-02-07 15:23:59.596root 11241100x8000000000000000722627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b949d00690fe312023-02-07 15:23:59.596root 11241100x8000000000000000722626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e662b4c704f65712023-02-07 15:23:59.596root 11241100x8000000000000000722625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836fccc15c6434832023-02-07 15:23:59.596root 11241100x8000000000000000722624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789b86c6a43c73392023-02-07 15:23:59.596root 11241100x8000000000000000722623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1fb2dbac0ce9282023-02-07 15:23:59.596root 11241100x8000000000000000722622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbce86e8fb50a042023-02-07 15:23:59.596root 11241100x8000000000000000722632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fffe877f5c80322023-02-07 15:23:59.597root 11241100x8000000000000000722631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc26715dce30aaaa2023-02-07 15:23:59.597root 11241100x8000000000000000722630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934eea2e47e7fa312023-02-07 15:23:59.597root 11241100x8000000000000000722629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5c1c1f615f88402023-02-07 15:23:59.597root 11241100x8000000000000000722635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4681ad33512ab5102023-02-07 15:23:59.598root 11241100x8000000000000000722634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe0f4727017f0312023-02-07 15:23:59.598root 11241100x8000000000000000722633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:23:59.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fc9092767325162023-02-07 15:23:59.598root 11241100x8000000000000000722639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789e1987973c41722023-02-07 15:24:00.097root 11241100x8000000000000000722638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb67cb9de596bb9e2023-02-07 15:24:00.097root 11241100x8000000000000000722637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0966d2ce46252f12023-02-07 15:24:00.097root 11241100x8000000000000000722636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dda8b2b0bc596222023-02-07 15:24:00.097root 11241100x8000000000000000722648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1781ffb2a7b660732023-02-07 15:24:00.098root 11241100x8000000000000000722647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e2e03bcf073e3d2023-02-07 15:24:00.098root 11241100x8000000000000000722646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebaee4c5730e8842023-02-07 15:24:00.098root 11241100x8000000000000000722645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82f5575f5312dc02023-02-07 15:24:00.098root 11241100x8000000000000000722644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b15a356550144e62023-02-07 15:24:00.098root 11241100x8000000000000000722643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8f1e0e9b00dd152023-02-07 15:24:00.098root 11241100x8000000000000000722642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfecea7e0cca46a2023-02-07 15:24:00.098root 11241100x8000000000000000722641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93a618e08c7b4ff2023-02-07 15:24:00.098root 11241100x8000000000000000722640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64f916c358ec30d2023-02-07 15:24:00.098root 11241100x8000000000000000722653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc7c8154dbf728f2023-02-07 15:24:00.099root 11241100x8000000000000000722652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fc7e23f9548a1e2023-02-07 15:24:00.099root 11241100x8000000000000000722651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7fcb1119f654a82023-02-07 15:24:00.099root 11241100x8000000000000000722650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8afc1ed4a25c62023-02-07 15:24:00.099root 11241100x8000000000000000722649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766998d09b3b4fd82023-02-07 15:24:00.099root 11241100x8000000000000000722655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be7309ef48b96f62023-02-07 15:24:00.595root 11241100x8000000000000000722654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba2a564417292092023-02-07 15:24:00.595root 11241100x8000000000000000722660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eacccd2acdb6ce62023-02-07 15:24:00.596root 11241100x8000000000000000722659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632bdb6896587e4a2023-02-07 15:24:00.596root 11241100x8000000000000000722658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397da0d99248caed2023-02-07 15:24:00.596root 11241100x8000000000000000722657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f517ac54818390e32023-02-07 15:24:00.596root 11241100x8000000000000000722656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358cc7cede693c602023-02-07 15:24:00.596root 11241100x8000000000000000722664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635f0b639d49b8e42023-02-07 15:24:00.597root 11241100x8000000000000000722663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6ab781b58cb5002023-02-07 15:24:00.597root 11241100x8000000000000000722662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b76e173c57e40682023-02-07 15:24:00.597root 11241100x8000000000000000722661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755343951585ce92023-02-07 15:24:00.597root 11241100x8000000000000000722668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee10bf88391626c02023-02-07 15:24:00.598root 11241100x8000000000000000722667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca7285e65d417d32023-02-07 15:24:00.598root 11241100x8000000000000000722666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd908102b87c48e82023-02-07 15:24:00.598root 11241100x8000000000000000722665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcef77c6e19242f2023-02-07 15:24:00.598root 11241100x8000000000000000722669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.601{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f162b2ed9c34af212023-02-07 15:24:00.601root 11241100x8000000000000000722672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c40f1ad11503732023-02-07 15:24:00.602root 11241100x8000000000000000722671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ce045d5c5e312b2023-02-07 15:24:00.602root 11241100x8000000000000000722670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:00.602{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672d963864ed8f02023-02-07 15:24:00.602root 11241100x8000000000000000722675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5b443c0144edf72023-02-07 15:24:01.096root 11241100x8000000000000000722674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d345b94fbff90b2023-02-07 15:24:01.096root 11241100x8000000000000000722673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b5dfcaec50a4842023-02-07 15:24:01.096root 11241100x8000000000000000722687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bfabd2c19a4f352023-02-07 15:24:01.097root 11241100x8000000000000000722686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bc075807f8f41d2023-02-07 15:24:01.097root 11241100x8000000000000000722685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f261d273eef97b2023-02-07 15:24:01.097root 11241100x8000000000000000722684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3e095bb34154f92023-02-07 15:24:01.097root 11241100x8000000000000000722683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0499a96508a74122023-02-07 15:24:01.097root 11241100x8000000000000000722682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5898b0fd7f63da6b2023-02-07 15:24:01.097root 11241100x8000000000000000722681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29261a0d1ca537242023-02-07 15:24:01.097root 11241100x8000000000000000722680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ce45080543feeb2023-02-07 15:24:01.097root 11241100x8000000000000000722679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632dbbfafc6b506e2023-02-07 15:24:01.097root 11241100x8000000000000000722678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3856a56ce3e942023-02-07 15:24:01.097root 11241100x8000000000000000722677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e13f3da53760cb02023-02-07 15:24:01.097root 11241100x8000000000000000722676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bed0a5b3ab5b82d2023-02-07 15:24:01.097root 11241100x8000000000000000722690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab72ec34f21fba2023-02-07 15:24:01.098root 11241100x8000000000000000722689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815d1cf3b295978b2023-02-07 15:24:01.098root 11241100x8000000000000000722688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a92123813798bb2023-02-07 15:24:01.098root 11241100x8000000000000000722696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6516374a017156b02023-02-07 15:24:01.595root 11241100x8000000000000000722695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7622af98735ff1782023-02-07 15:24:01.595root 11241100x8000000000000000722694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff39098b795fad02023-02-07 15:24:01.595root 11241100x8000000000000000722693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850e780a087535752023-02-07 15:24:01.595root 11241100x8000000000000000722692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e2d07e0a72e9342023-02-07 15:24:01.595root 11241100x8000000000000000722691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2f36c9111712b2023-02-07 15:24:01.595root 11241100x8000000000000000722701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d426708c73c219992023-02-07 15:24:01.596root 11241100x8000000000000000722700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1320ed0134a1a0302023-02-07 15:24:01.596root 11241100x8000000000000000722699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba54ea8267aaa8c2023-02-07 15:24:01.596root 11241100x8000000000000000722698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1def128f642439962023-02-07 15:24:01.596root 11241100x8000000000000000722697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e05b6447eeb7f92023-02-07 15:24:01.596root 11241100x8000000000000000722705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8f9b4af13443b2023-02-07 15:24:01.597root 11241100x8000000000000000722704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c0f0f579f367232023-02-07 15:24:01.597root 11241100x8000000000000000722703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6cc16e508099442023-02-07 15:24:01.597root 11241100x8000000000000000722702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce09639d7cd61582023-02-07 15:24:01.597root 11241100x8000000000000000722708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5ff1bbacec0af72023-02-07 15:24:01.598root 11241100x8000000000000000722707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f8f41440145a862023-02-07 15:24:01.598root 11241100x8000000000000000722706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:01.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3662b0cd71863af62023-02-07 15:24:01.598root 11241100x8000000000000000722712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2591e7f8e8169b592023-02-07 15:24:02.095root 11241100x8000000000000000722711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a038c0ee991ef8cb2023-02-07 15:24:02.095root 11241100x8000000000000000722710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b165cf4076b6912023-02-07 15:24:02.095root 11241100x8000000000000000722709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1855cba55789b962023-02-07 15:24:02.095root 11241100x8000000000000000722721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65dab8afcb5936d2023-02-07 15:24:02.096root 11241100x8000000000000000722720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88744af3a19c86742023-02-07 15:24:02.096root 11241100x8000000000000000722719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5a34fa7f302ba42023-02-07 15:24:02.096root 11241100x8000000000000000722718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b9307cd50631972023-02-07 15:24:02.096root 11241100x8000000000000000722717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d43d09f6c287fe2023-02-07 15:24:02.096root 11241100x8000000000000000722716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6553b7d3cc613322023-02-07 15:24:02.096root 11241100x8000000000000000722715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a271338cc2dfce5f2023-02-07 15:24:02.096root 11241100x8000000000000000722714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207722ec599de2ed2023-02-07 15:24:02.096root 11241100x8000000000000000722713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b6eb660aed209f2023-02-07 15:24:02.096root 11241100x8000000000000000722726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8bc6c373b941532023-02-07 15:24:02.097root 11241100x8000000000000000722725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30b0a67b57fa7752023-02-07 15:24:02.097root 11241100x8000000000000000722724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64a3765660ddf6b2023-02-07 15:24:02.097root 11241100x8000000000000000722723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe145c08e39a902023-02-07 15:24:02.097root 11241100x8000000000000000722722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85e902748e42cc72023-02-07 15:24:02.097root 154100x8000000000000000722727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.466{ec244aba-6d12-63e2-6884-e4a9f4550000}6279/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec244aba-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2393--- 11241100x8000000000000000722728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.468{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eeab7d96a648bd2023-02-07 15:24:02.468root 11241100x8000000000000000722737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7f8348758a79552023-02-07 15:24:02.469root 11241100x8000000000000000722736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74607e2b713812382023-02-07 15:24:02.469root 11241100x8000000000000000722735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99addc83dae9be92023-02-07 15:24:02.469root 11241100x8000000000000000722734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0a6207e1c339682023-02-07 15:24:02.469root 11241100x8000000000000000722733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7689e0a2ad4f0662023-02-07 15:24:02.469root 11241100x8000000000000000722732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f31f2319c611e152023-02-07 15:24:02.469root 11241100x8000000000000000722731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291ed178225c1bbd2023-02-07 15:24:02.469root 11241100x8000000000000000722730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce32660ece362d62023-02-07 15:24:02.469root 11241100x8000000000000000722729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.469{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4b995c85c7dc512023-02-07 15:24:02.469root 11241100x8000000000000000722746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2688f866cb33b82023-02-07 15:24:02.470root 11241100x8000000000000000722745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e749699bd2d1142023-02-07 15:24:02.470root 11241100x8000000000000000722744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f118c20ba67b972023-02-07 15:24:02.470root 11241100x8000000000000000722743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d648472112d7412d2023-02-07 15:24:02.470root 11241100x8000000000000000722742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b569590ac238342023-02-07 15:24:02.470root 11241100x8000000000000000722741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26953144a767c8202023-02-07 15:24:02.470root 11241100x8000000000000000722740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9533c3ebecc53f2023-02-07 15:24:02.470root 11241100x8000000000000000722739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07137f603ff19862023-02-07 15:24:02.470root 11241100x8000000000000000722738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.470{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f80ea69bb1ecff72023-02-07 15:24:02.470root 534500x8000000000000000722747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.483{ec244aba-6d12-63e2-6884-e4a9f4550000}6279/bin/psroot 11241100x8000000000000000722757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e125b06292fad742023-02-07 15:24:02.846root 11241100x8000000000000000722756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa21c115524d2222023-02-07 15:24:02.846root 11241100x8000000000000000722755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a36798c232b739a2023-02-07 15:24:02.846root 11241100x8000000000000000722754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dc9c24cf6a74ac2023-02-07 15:24:02.846root 11241100x8000000000000000722753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70560dd01a57ad92023-02-07 15:24:02.846root 11241100x8000000000000000722752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4e024b78141bd42023-02-07 15:24:02.846root 11241100x8000000000000000722751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89549f2cc1881a9a2023-02-07 15:24:02.846root 11241100x8000000000000000722750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b9b8beb701e1242023-02-07 15:24:02.846root 11241100x8000000000000000722749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f8d8d63333d092023-02-07 15:24:02.846root 11241100x8000000000000000722748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1385dda09869b8682023-02-07 15:24:02.846root 11241100x8000000000000000722767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9ee8a39c414b982023-02-07 15:24:02.847root 11241100x8000000000000000722766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13b40d9508c4d162023-02-07 15:24:02.847root 11241100x8000000000000000722765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c47f270b03cdf62023-02-07 15:24:02.847root 11241100x8000000000000000722764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75456b81e255b962023-02-07 15:24:02.847root 11241100x8000000000000000722763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802bf854a05fc4ba2023-02-07 15:24:02.847root 11241100x8000000000000000722762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08d9aac2ec3ed0b2023-02-07 15:24:02.847root 11241100x8000000000000000722761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d670d75250370a7e2023-02-07 15:24:02.847root 11241100x8000000000000000722760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7069ffed62c1ee62023-02-07 15:24:02.847root 11241100x8000000000000000722759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b203a1c0e2557cd2023-02-07 15:24:02.847root 11241100x8000000000000000722758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:02.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78210a55b31583af2023-02-07 15:24:02.847root 11241100x8000000000000000722775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ca38616579cdf72023-02-07 15:24:03.346root 11241100x8000000000000000722774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca454330913dd7c12023-02-07 15:24:03.346root 11241100x8000000000000000722773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8409a4bd9533ee2023-02-07 15:24:03.346root 11241100x8000000000000000722772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b0a6d885ac60e32023-02-07 15:24:03.346root 11241100x8000000000000000722771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf13deec99b1623e2023-02-07 15:24:03.346root 11241100x8000000000000000722770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e170d31c1d57d82023-02-07 15:24:03.346root 11241100x8000000000000000722769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfbd9ce134fe7ec2023-02-07 15:24:03.346root 11241100x8000000000000000722768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1014f7d99288a0a2023-02-07 15:24:03.346root 11241100x8000000000000000722777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e5ef3f5f41f2ac2023-02-07 15:24:03.347root 11241100x8000000000000000722776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af24e17f12f55f712023-02-07 15:24:03.347root 11241100x8000000000000000722784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71963ec1db0f5a632023-02-07 15:24:03.348root 11241100x8000000000000000722783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0c7a43e4f9e7f12023-02-07 15:24:03.348root 11241100x8000000000000000722782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86926b19ffaff6c2023-02-07 15:24:03.348root 11241100x8000000000000000722781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f58c37878a5a32e2023-02-07 15:24:03.348root 11241100x8000000000000000722780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a7217c14fa43192023-02-07 15:24:03.348root 11241100x8000000000000000722779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e87fc5a1321242023-02-07 15:24:03.348root 11241100x8000000000000000722778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bec6feffbf0ad7e2023-02-07 15:24:03.348root 11241100x8000000000000000722787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d58bb611c8a20eb2023-02-07 15:24:03.349root 11241100x8000000000000000722786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c1f804144145312023-02-07 15:24:03.349root 11241100x8000000000000000722785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c80bbbe82b3b8b2023-02-07 15:24:03.349root 11241100x8000000000000000722795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6b8c6b182417672023-02-07 15:24:03.846root 11241100x8000000000000000722794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a0e741f323b5cc2023-02-07 15:24:03.846root 11241100x8000000000000000722793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e0a6176da9dc362023-02-07 15:24:03.846root 11241100x8000000000000000722792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab284a35668a1222023-02-07 15:24:03.846root 11241100x8000000000000000722791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2a4fb7329270f42023-02-07 15:24:03.846root 11241100x8000000000000000722790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06859a9d7ab2daf52023-02-07 15:24:03.846root 11241100x8000000000000000722789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04ce52fad20f0fc2023-02-07 15:24:03.846root 11241100x8000000000000000722788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dce37c5ae637e92023-02-07 15:24:03.846root 11241100x8000000000000000722807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaf2874e1a4fe592023-02-07 15:24:03.847root 11241100x8000000000000000722806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe3ca65bda9eea22023-02-07 15:24:03.847root 11241100x8000000000000000722805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21c4714b3b903572023-02-07 15:24:03.847root 11241100x8000000000000000722804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9588b62a631efb2023-02-07 15:24:03.847root 11241100x8000000000000000722803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e3a97f482e507d2023-02-07 15:24:03.847root 11241100x8000000000000000722802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c368028df98d202023-02-07 15:24:03.847root 11241100x8000000000000000722801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b907dc8b75645992023-02-07 15:24:03.847root 11241100x8000000000000000722800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78196a4fcd64d7442023-02-07 15:24:03.847root 11241100x8000000000000000722799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda7c24aec0a8d7c2023-02-07 15:24:03.847root 11241100x8000000000000000722798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4162373860f3124c2023-02-07 15:24:03.847root 11241100x8000000000000000722797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c48fd304f9e44e2023-02-07 15:24:03.847root 11241100x8000000000000000722796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:03.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a9b2f46c6659d12023-02-07 15:24:03.847root 354300x8000000000000000722808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.101{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60256-false10.0.1.12-8000- 11241100x8000000000000000722812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708db506ba899f5a2023-02-07 15:24:04.102root 11241100x8000000000000000722811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42478020762b092b2023-02-07 15:24:04.102root 11241100x8000000000000000722810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4e5033527354412023-02-07 15:24:04.102root 11241100x8000000000000000722809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.102{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9291fe8b46bbdc362023-02-07 15:24:04.102root 11241100x8000000000000000722815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5c41b40c919a2b2023-02-07 15:24:04.103root 11241100x8000000000000000722814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c0e88259c50f732023-02-07 15:24:04.103root 11241100x8000000000000000722813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.103{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af28f8545015cffe2023-02-07 15:24:04.103root 11241100x8000000000000000722819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6c7a8a5c4658ed2023-02-07 15:24:04.104root 11241100x8000000000000000722818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1355c0d4d848d042023-02-07 15:24:04.104root 11241100x8000000000000000722817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf645ccd05512122023-02-07 15:24:04.104root 11241100x8000000000000000722816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.104{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a99fe1674939d42023-02-07 15:24:04.104root 11241100x8000000000000000722824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58199b33acf76812023-02-07 15:24:04.105root 11241100x8000000000000000722823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a05fa3557fd2b52023-02-07 15:24:04.105root 11241100x8000000000000000722822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b5b2957d5731a82023-02-07 15:24:04.105root 11241100x8000000000000000722821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f962917b720199342023-02-07 15:24:04.105root 11241100x8000000000000000722820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.105{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b615fef67594280f2023-02-07 15:24:04.105root 11241100x8000000000000000722833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bbfa955003bd212023-02-07 15:24:04.106root 11241100x8000000000000000722832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da02c1510da2c182023-02-07 15:24:04.106root 11241100x8000000000000000722831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878faa3fc3c2df132023-02-07 15:24:04.106root 11241100x8000000000000000722830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5495df3da529172023-02-07 15:24:04.106root 11241100x8000000000000000722829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a063840b6a42f472023-02-07 15:24:04.106root 11241100x8000000000000000722828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343e0ea0005c327d2023-02-07 15:24:04.106root 11241100x8000000000000000722827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a288b4a95b7a272023-02-07 15:24:04.106root 11241100x8000000000000000722826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd52a38c9643b752023-02-07 15:24:04.106root 11241100x8000000000000000722825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.106{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9ebe89bfc29a222023-02-07 15:24:04.106root 11241100x8000000000000000722839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f02baf08a9d72ce2023-02-07 15:24:04.595root 11241100x8000000000000000722838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7f53bed4283ba82023-02-07 15:24:04.595root 11241100x8000000000000000722837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bcce6584a5c78d2023-02-07 15:24:04.595root 11241100x8000000000000000722836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce39ce4c22850f2023-02-07 15:24:04.595root 11241100x8000000000000000722835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45432d424d5bac2023-02-07 15:24:04.595root 11241100x8000000000000000722834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f5dba2a74839be2023-02-07 15:24:04.595root 11241100x8000000000000000722846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a5a47f2fc673162023-02-07 15:24:04.596root 11241100x8000000000000000722845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4866d3b733519d2023-02-07 15:24:04.596root 11241100x8000000000000000722844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5144e6d18222d0cc2023-02-07 15:24:04.596root 11241100x8000000000000000722843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdea28e1dcf055652023-02-07 15:24:04.596root 11241100x8000000000000000722842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe3ac3230d2edd52023-02-07 15:24:04.596root 11241100x8000000000000000722841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdba22e6ee20b532023-02-07 15:24:04.596root 11241100x8000000000000000722840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8db3e0c960765e2023-02-07 15:24:04.596root 11241100x8000000000000000722852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348e94153e792af2023-02-07 15:24:04.597root 11241100x8000000000000000722851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed3f91ec75c07c2023-02-07 15:24:04.597root 11241100x8000000000000000722850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ef654b3756aa992023-02-07 15:24:04.597root 11241100x8000000000000000722849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7208103bde6b84e22023-02-07 15:24:04.597root 11241100x8000000000000000722848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f579442683964482023-02-07 15:24:04.597root 11241100x8000000000000000722847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa62296b489b2072023-02-07 15:24:04.597root 11241100x8000000000000000722856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b431b9d5ba9b1432023-02-07 15:24:04.598root 11241100x8000000000000000722855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda565b1976fe5682023-02-07 15:24:04.598root 11241100x8000000000000000722854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563495ca9f4ddab62023-02-07 15:24:04.598root 11241100x8000000000000000722853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:04.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eed2e9a50725af2023-02-07 15:24:04.598root 11241100x8000000000000000722863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f723270b37f332a32023-02-07 15:24:05.095root 11241100x8000000000000000722862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d3bac361006bfd2023-02-07 15:24:05.095root 11241100x8000000000000000722861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197806ef103f56bb2023-02-07 15:24:05.095root 11241100x8000000000000000722860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4938d94e570537bf2023-02-07 15:24:05.095root 11241100x8000000000000000722859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68191e4958214762023-02-07 15:24:05.095root 11241100x8000000000000000722858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bd3475bdfb9dd62023-02-07 15:24:05.095root 11241100x8000000000000000722857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46550567cf3221572023-02-07 15:24:05.095root 11241100x8000000000000000722868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2a1dd87e4b0bf92023-02-07 15:24:05.096root 11241100x8000000000000000722867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f782638c8430632023-02-07 15:24:05.096root 11241100x8000000000000000722866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4ccb0ab1090c322023-02-07 15:24:05.096root 11241100x8000000000000000722865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cc0c2ef53a2d0e2023-02-07 15:24:05.096root 11241100x8000000000000000722864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228d700212789d62023-02-07 15:24:05.096root 11241100x8000000000000000722874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c197340f4b472d6d2023-02-07 15:24:05.097root 11241100x8000000000000000722873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807ede33a4d4472f2023-02-07 15:24:05.097root 11241100x8000000000000000722872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd7f4b3d3e8c0692023-02-07 15:24:05.097root 11241100x8000000000000000722871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73b3e4ec0a3375b2023-02-07 15:24:05.097root 11241100x8000000000000000722870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6abacbd0300df3a2023-02-07 15:24:05.097root 11241100x8000000000000000722869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638bca6ab51a08152023-02-07 15:24:05.097root 11241100x8000000000000000722877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e34aed2e26d1f7c2023-02-07 15:24:05.098root 11241100x8000000000000000722876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b2b838250132ff2023-02-07 15:24:05.098root 11241100x8000000000000000722875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f814e3d4d273db2023-02-07 15:24:05.098root 11241100x8000000000000000722887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc7443fc5163f722023-02-07 15:24:05.596root 11241100x8000000000000000722886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b666333c99e2da2023-02-07 15:24:05.596root 11241100x8000000000000000722885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd772d78e9e0c3422023-02-07 15:24:05.596root 11241100x8000000000000000722884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ac519d14be44a22023-02-07 15:24:05.596root 11241100x8000000000000000722883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6ba11c96abc20a2023-02-07 15:24:05.596root 11241100x8000000000000000722882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fc0ed126dbad772023-02-07 15:24:05.596root 11241100x8000000000000000722881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb4d272f58009a52023-02-07 15:24:05.596root 11241100x8000000000000000722880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bcf779252e419b2023-02-07 15:24:05.596root 11241100x8000000000000000722879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae2d5cf6f23dc342023-02-07 15:24:05.596root 11241100x8000000000000000722878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e164ba6fbef38072023-02-07 15:24:05.596root 11241100x8000000000000000722897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486679060d0544e62023-02-07 15:24:05.597root 11241100x8000000000000000722896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3303f7024a1c5972023-02-07 15:24:05.597root 11241100x8000000000000000722895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7726799455bad332023-02-07 15:24:05.597root 11241100x8000000000000000722894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c19de1ab2dfe05b2023-02-07 15:24:05.597root 11241100x8000000000000000722893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3a3082e1f2ecab2023-02-07 15:24:05.597root 11241100x8000000000000000722892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8b8f4520dc752b2023-02-07 15:24:05.597root 11241100x8000000000000000722891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed71fa262f0dc0b62023-02-07 15:24:05.597root 11241100x8000000000000000722890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01347eb5fd4cd372023-02-07 15:24:05.597root 11241100x8000000000000000722889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baa5f6018822b462023-02-07 15:24:05.597root 11241100x8000000000000000722888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f95436120ad9372023-02-07 15:24:05.597root 11241100x8000000000000000722898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:05.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d737c14a94f465732023-02-07 15:24:05.598root 11241100x8000000000000000722901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb7d5c224899892023-02-07 15:24:06.096root 11241100x8000000000000000722900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9894451a5b87d8c92023-02-07 15:24:06.096root 11241100x8000000000000000722899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d06334a50fee832023-02-07 15:24:06.096root 11241100x8000000000000000722905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d9be6c223248d02023-02-07 15:24:06.097root 11241100x8000000000000000722904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9358b4f7067b62023-02-07 15:24:06.097root 11241100x8000000000000000722903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589ecd25bd40e4872023-02-07 15:24:06.097root 11241100x8000000000000000722902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58bada633716e442023-02-07 15:24:06.097root 11241100x8000000000000000722912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b38cdb6bb1f7282023-02-07 15:24:06.098root 11241100x8000000000000000722911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32846edb395841f2023-02-07 15:24:06.098root 11241100x8000000000000000722910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3872d50cfa875b462023-02-07 15:24:06.098root 11241100x8000000000000000722909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f708b38113337d2023-02-07 15:24:06.098root 11241100x8000000000000000722908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e1191a855718112023-02-07 15:24:06.098root 11241100x8000000000000000722907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eee505a14e17ab52023-02-07 15:24:06.098root 11241100x8000000000000000722906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e0c948f0331cd72023-02-07 15:24:06.098root 11241100x8000000000000000722919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b648f0a74fa6a02023-02-07 15:24:06.099root 11241100x8000000000000000722918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a6546a186e4ad42023-02-07 15:24:06.099root 11241100x8000000000000000722917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d830628fc04e8a22023-02-07 15:24:06.099root 11241100x8000000000000000722916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a0845b1e94a6142023-02-07 15:24:06.099root 11241100x8000000000000000722915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88030d6cb22d84362023-02-07 15:24:06.099root 11241100x8000000000000000722914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35deca19eea08002023-02-07 15:24:06.099root 11241100x8000000000000000722913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48960492f80df772023-02-07 15:24:06.099root 11241100x8000000000000000722925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f8670e5738d20d2023-02-07 15:24:06.595root 11241100x8000000000000000722924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369a4d551cd53f8e2023-02-07 15:24:06.595root 11241100x8000000000000000722923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72712589c070689b2023-02-07 15:24:06.595root 11241100x8000000000000000722922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22a851f821734ab2023-02-07 15:24:06.595root 11241100x8000000000000000722921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38390eb8b68b0c12023-02-07 15:24:06.595root 11241100x8000000000000000722920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0d738decf09fab2023-02-07 15:24:06.595root 11241100x8000000000000000722933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0774c08201b4902023-02-07 15:24:06.596root 11241100x8000000000000000722932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d3c630ad835e632023-02-07 15:24:06.596root 11241100x8000000000000000722931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47de876a3306ac512023-02-07 15:24:06.596root 11241100x8000000000000000722930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a742e5a3b90c4c502023-02-07 15:24:06.596root 11241100x8000000000000000722929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50685c1a15c3bc0c2023-02-07 15:24:06.596root 11241100x8000000000000000722928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5941483f1d5bdb2023-02-07 15:24:06.596root 11241100x8000000000000000722927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548ce51bb46838b52023-02-07 15:24:06.596root 11241100x8000000000000000722926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34a2b7999aa91bd2023-02-07 15:24:06.596root 11241100x8000000000000000722941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beef788ad29a70e2023-02-07 15:24:06.597root 11241100x8000000000000000722940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e61a81f5d7c52b2023-02-07 15:24:06.597root 11241100x8000000000000000722939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f6cbeefece02ca2023-02-07 15:24:06.597root 11241100x8000000000000000722938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae590cd7be1da7b2023-02-07 15:24:06.597root 11241100x8000000000000000722937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc10083afdcd0e52023-02-07 15:24:06.597root 11241100x8000000000000000722936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e124d6e4a09cdb2023-02-07 15:24:06.597root 11241100x8000000000000000722935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722ed15ab00bdbf32023-02-07 15:24:06.597root 11241100x8000000000000000722934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:06.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f983a32d5ffd90842023-02-07 15:24:06.597root 11241100x8000000000000000722946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efc856c161b3eb52023-02-07 15:24:07.095root 11241100x8000000000000000722945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa6e84ad4412bd2023-02-07 15:24:07.095root 11241100x8000000000000000722944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb5db93c71634e22023-02-07 15:24:07.095root 11241100x8000000000000000722943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6bdfe0be45750d2023-02-07 15:24:07.095root 11241100x8000000000000000722942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc8ddba1840032e2023-02-07 15:24:07.095root 11241100x8000000000000000722955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb22e6f8acc8d72023-02-07 15:24:07.096root 11241100x8000000000000000722954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d391eaf3af4172e32023-02-07 15:24:07.096root 11241100x8000000000000000722953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8abdd31722dc3d52023-02-07 15:24:07.096root 11241100x8000000000000000722952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0999b99d3b4c18d72023-02-07 15:24:07.096root 11241100x8000000000000000722951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c467c93fe3c70f2023-02-07 15:24:07.096root 11241100x8000000000000000722950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32964bae2c4f7d92023-02-07 15:24:07.096root 11241100x8000000000000000722949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631ba68c44d11b572023-02-07 15:24:07.096root 11241100x8000000000000000722948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17430cc07ad810da2023-02-07 15:24:07.096root 11241100x8000000000000000722947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb35097a806375d2023-02-07 15:24:07.096root 11241100x8000000000000000722960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b09b4be1be67742023-02-07 15:24:07.097root 11241100x8000000000000000722959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f975141c79ae8c2023-02-07 15:24:07.097root 11241100x8000000000000000722958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6998f7837839be1d2023-02-07 15:24:07.097root 11241100x8000000000000000722957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a490cda9fbcdd2023-02-07 15:24:07.097root 11241100x8000000000000000722956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fabfd7f4a9188f2023-02-07 15:24:07.097root 11241100x8000000000000000722962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abf6e854e9b82872023-02-07 15:24:07.098root 11241100x8000000000000000722961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a0242838080ad92023-02-07 15:24:07.098root 11241100x8000000000000000722966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca65afb687cd5242023-02-07 15:24:07.595root 11241100x8000000000000000722965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa7dc403e8c42b2023-02-07 15:24:07.595root 11241100x8000000000000000722964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b03869dcc1ff1392023-02-07 15:24:07.595root 11241100x8000000000000000722963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb02ff63320a4932023-02-07 15:24:07.595root 11241100x8000000000000000722972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c3a0e8b4429db72023-02-07 15:24:07.596root 11241100x8000000000000000722971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b91fe9f06dc23332023-02-07 15:24:07.596root 11241100x8000000000000000722970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118a28ab5f88e7872023-02-07 15:24:07.596root 11241100x8000000000000000722969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bec1c9ba33694d2023-02-07 15:24:07.596root 11241100x8000000000000000722968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e537a6b1e54f4aa2023-02-07 15:24:07.596root 11241100x8000000000000000722967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b69b4179c103902023-02-07 15:24:07.596root 11241100x8000000000000000722979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee8b5c1e3126b4e2023-02-07 15:24:07.597root 11241100x8000000000000000722978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a263504d0d02b4b22023-02-07 15:24:07.597root 11241100x8000000000000000722977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ad13d5f31ef61a2023-02-07 15:24:07.597root 11241100x8000000000000000722976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87bfcec72f15d442023-02-07 15:24:07.597root 11241100x8000000000000000722975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc17505af907fb02023-02-07 15:24:07.597root 11241100x8000000000000000722974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bcfad2f30a0fbd2023-02-07 15:24:07.597root 11241100x8000000000000000722973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7790e1cbc598645c2023-02-07 15:24:07.597root 11241100x8000000000000000722983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a7091ee80951e62023-02-07 15:24:07.598root 11241100x8000000000000000722982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5dd59457bfd742023-02-07 15:24:07.598root 11241100x8000000000000000722981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96672083c675c5a2023-02-07 15:24:07.598root 11241100x8000000000000000722980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:07.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d05c3dac60b1c82023-02-07 15:24:07.598root 11241100x8000000000000000722985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175d2c6e0166b9dc2023-02-07 15:24:08.095root 11241100x8000000000000000722984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d5e1dbba28bc062023-02-07 15:24:08.095root 11241100x8000000000000000722992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fbef31d8d7de482023-02-07 15:24:08.096root 11241100x8000000000000000722991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89896b9db26962152023-02-07 15:24:08.096root 11241100x8000000000000000722990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7ad9511bcead802023-02-07 15:24:08.096root 11241100x8000000000000000722989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efe80f91298e2282023-02-07 15:24:08.096root 11241100x8000000000000000722988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf43ade790dc1532023-02-07 15:24:08.096root 11241100x8000000000000000722987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccf1b36224788742023-02-07 15:24:08.096root 11241100x8000000000000000722986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112e50d8be134f242023-02-07 15:24:08.096root 11241100x8000000000000000723000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d3a94347df3de52023-02-07 15:24:08.097root 11241100x8000000000000000722999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e0cd56d5c577d2023-02-07 15:24:08.097root 11241100x8000000000000000722998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3126c03fd8aff9dc2023-02-07 15:24:08.097root 11241100x8000000000000000722997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd868112c4a7122d2023-02-07 15:24:08.097root 11241100x8000000000000000722996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd735d5199d59daf2023-02-07 15:24:08.097root 11241100x8000000000000000722995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2640141f5e176a52023-02-07 15:24:08.097root 11241100x8000000000000000722994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa6be8196917c592023-02-07 15:24:08.097root 11241100x8000000000000000722993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc0d2321a2aa42b2023-02-07 15:24:08.097root 11241100x8000000000000000723004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc12f1153dea1362023-02-07 15:24:08.098root 11241100x8000000000000000723003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8ca35c640d12872023-02-07 15:24:08.098root 11241100x8000000000000000723002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbdabbb6d6aa2892023-02-07 15:24:08.098root 11241100x8000000000000000723001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e0e472b60db88a2023-02-07 15:24:08.098root 11241100x8000000000000000723017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1121fc5fefcf945e2023-02-07 15:24:08.596root 11241100x8000000000000000723016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a85863e00300a322023-02-07 15:24:08.596root 11241100x8000000000000000723015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee25c5d909cf8c02023-02-07 15:24:08.596root 11241100x8000000000000000723014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900de0b616da97852023-02-07 15:24:08.596root 11241100x8000000000000000723013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846a829ac8817d052023-02-07 15:24:08.596root 11241100x8000000000000000723012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c62007faff05d362023-02-07 15:24:08.596root 11241100x8000000000000000723011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3692203ea5449d922023-02-07 15:24:08.596root 11241100x8000000000000000723010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ec0a7e241617c82023-02-07 15:24:08.596root 11241100x8000000000000000723009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea5a44a238c3f752023-02-07 15:24:08.596root 11241100x8000000000000000723008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29f2303bde428162023-02-07 15:24:08.596root 11241100x8000000000000000723007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507bcb6ddd32273b2023-02-07 15:24:08.596root 11241100x8000000000000000723006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ffb9cb88e768f52023-02-07 15:24:08.596root 11241100x8000000000000000723005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f372763128338dd72023-02-07 15:24:08.596root 11241100x8000000000000000723025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ecf8c3477e98742023-02-07 15:24:08.597root 11241100x8000000000000000723024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7a86c3aae54afe2023-02-07 15:24:08.597root 11241100x8000000000000000723023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f22b0abca5e67a2023-02-07 15:24:08.597root 11241100x8000000000000000723022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2a27df5cf57ae42023-02-07 15:24:08.597root 11241100x8000000000000000723021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b91cf6c541e48c2023-02-07 15:24:08.597root 11241100x8000000000000000723020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22274c77ee1f4a2f2023-02-07 15:24:08.597root 11241100x8000000000000000723019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8f595dbb72ce3b2023-02-07 15:24:08.597root 11241100x8000000000000000723018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:08.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a647af871ac925022023-02-07 15:24:08.597root 11241100x8000000000000000723027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7f4ea309f302fc2023-02-07 15:24:09.095root 11241100x8000000000000000723026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.095{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5b2978b944b4122023-02-07 15:24:09.095root 11241100x8000000000000000723030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5babd1d3980b0f0d2023-02-07 15:24:09.096root 11241100x8000000000000000723029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d436e99f22660cd2023-02-07 15:24:09.096root 11241100x8000000000000000723028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.096{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27178c3d489b43482023-02-07 15:24:09.096root 11241100x8000000000000000723033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b84646319751db2023-02-07 15:24:09.097root 11241100x8000000000000000723032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb66229073f59342023-02-07 15:24:09.097root 11241100x8000000000000000723031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.097{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b91d85870d67a02023-02-07 15:24:09.097root 11241100x8000000000000000723037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb7bba30fe8847d2023-02-07 15:24:09.098root 11241100x8000000000000000723036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3229174450d1ed2023-02-07 15:24:09.098root 11241100x8000000000000000723035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12704a80104a50ca2023-02-07 15:24:09.098root 11241100x8000000000000000723034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.098{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbceb75481ec8092023-02-07 15:24:09.098root 11241100x8000000000000000723039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602fba5d9a1d02f92023-02-07 15:24:09.099root 11241100x8000000000000000723038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.099{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08771c7ef7b38fc82023-02-07 15:24:09.099root 11241100x8000000000000000723043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b4ba0dfa970a52023-02-07 15:24:09.100root 11241100x8000000000000000723042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77500c972e722e242023-02-07 15:24:09.100root 11241100x8000000000000000723041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e632e0b5649cc62023-02-07 15:24:09.100root 11241100x8000000000000000723040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.100{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6827163f681dd3b2023-02-07 15:24:09.100root 11241100x8000000000000000723046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87553277c8e0922023-02-07 15:24:09.101root 11241100x8000000000000000723045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a7886f132904e12023-02-07 15:24:09.101root 11241100x8000000000000000723044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.101{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dfeec9f21a25cc2023-02-07 15:24:09.101root 11241100x8000000000000000723048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69939cf149b66a312023-02-07 15:24:09.595root 11241100x8000000000000000723047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.595{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13b2f2b7bea821e2023-02-07 15:24:09.595root 11241100x8000000000000000723051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6cf3469b4a3d262023-02-07 15:24:09.596root 11241100x8000000000000000723050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc11352bb02df5f2023-02-07 15:24:09.596root 11241100x8000000000000000723049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.596{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c631269dd5f3386b2023-02-07 15:24:09.596root 11241100x8000000000000000723053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b58aef3a8990bac2023-02-07 15:24:09.597root 11241100x8000000000000000723052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.597{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f6a6459246ee7c2023-02-07 15:24:09.597root 11241100x8000000000000000723057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb81d3c1a5f402a12023-02-07 15:24:09.598root 11241100x8000000000000000723056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e02f252c471ef52023-02-07 15:24:09.598root 11241100x8000000000000000723055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29a6bc23d4fb3fd2023-02-07 15:24:09.598root 11241100x8000000000000000723054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.598{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d27ea747694d752023-02-07 15:24:09.598root 11241100x8000000000000000723062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f5f0af75032d302023-02-07 15:24:09.599root 11241100x8000000000000000723061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61576b5c08f906f52023-02-07 15:24:09.599root 11241100x8000000000000000723060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a0219602e79bbe2023-02-07 15:24:09.599root 11241100x8000000000000000723059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b47d99ab10741892023-02-07 15:24:09.599root 11241100x8000000000000000723058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.599{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac205e9d7b9273d42023-02-07 15:24:09.599root 11241100x8000000000000000723067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975206b7530916b12023-02-07 15:24:09.600root 11241100x8000000000000000723066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b3db97ff6f08e42023-02-07 15:24:09.600root 11241100x8000000000000000723065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c7e46a9f0307562023-02-07 15:24:09.600root 11241100x8000000000000000723064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f196468533360b2023-02-07 15:24:09.600root 11241100x8000000000000000723063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:09.600{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d4c3a9cc2fa7c82023-02-07 15:24:09.600root 354300x8000000000000000723068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.048{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39136-false10.0.1.12-8000- 11241100x8000000000000000723075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198b911dfd6078d12023-02-07 15:24:10.049root 11241100x8000000000000000723074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb26e7d6722a6a0a2023-02-07 15:24:10.049root 11241100x8000000000000000723073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1671da7362c97b2023-02-07 15:24:10.049root 11241100x8000000000000000723072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c219969d374079a2023-02-07 15:24:10.049root 11241100x8000000000000000723071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffacfaf1b5e11362023-02-07 15:24:10.049root 11241100x8000000000000000723070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e76119c5a2420de2023-02-07 15:24:10.049root 11241100x8000000000000000723069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.049{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1aa6c44db2df862023-02-07 15:24:10.049root 11241100x8000000000000000723082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e026e4102ed615382023-02-07 15:24:10.050root 11241100x8000000000000000723081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb142aae2d9279432023-02-07 15:24:10.050root 11241100x8000000000000000723080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31f6ef522f858fd2023-02-07 15:24:10.050root 11241100x8000000000000000723079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21c44101af9750b2023-02-07 15:24:10.050root 11241100x8000000000000000723078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b318ff16d0562832023-02-07 15:24:10.050root 11241100x8000000000000000723077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340f579f540d9d712023-02-07 15:24:10.050root 11241100x8000000000000000723076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.050{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a922da66f7f2ac82023-02-07 15:24:10.050root 11241100x8000000000000000723089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa97b7fa6515ed622023-02-07 15:24:10.051root 11241100x8000000000000000723088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1aa7d025ea05262023-02-07 15:24:10.051root 11241100x8000000000000000723087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8b20692b40d4e72023-02-07 15:24:10.051root 11241100x8000000000000000723086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d843cfbbbd251f142023-02-07 15:24:10.051root 11241100x8000000000000000723085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63655179acd426ae2023-02-07 15:24:10.051root 11241100x8000000000000000723084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6515df20cbffbc02023-02-07 15:24:10.051root 11241100x8000000000000000723083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.051{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25163ede5c86360d2023-02-07 15:24:10.051root 11241100x8000000000000000723093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a1235a5568f12d2023-02-07 15:24:10.052root 11241100x8000000000000000723092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54e22618a5e8b732023-02-07 15:24:10.052root 11241100x8000000000000000723091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcf24524d1a7ec82023-02-07 15:24:10.052root 11241100x8000000000000000723090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.052{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901829fc10355d502023-02-07 15:24:10.052root 11241100x8000000000000000723094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc69754568b2891f2023-02-07 15:24:10.345root 11241100x8000000000000000723102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e404e5ccd03de98c2023-02-07 15:24:10.346root 11241100x8000000000000000723101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af24c3945f53456c2023-02-07 15:24:10.346root 11241100x8000000000000000723100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13504562103e1b432023-02-07 15:24:10.346root 11241100x8000000000000000723099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c270854faec9711f2023-02-07 15:24:10.346root 11241100x8000000000000000723098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72559e823f1cce292023-02-07 15:24:10.346root 11241100x8000000000000000723097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf07cab3650c91132023-02-07 15:24:10.346root 11241100x8000000000000000723096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab298f57f1c32ea2023-02-07 15:24:10.346root 11241100x8000000000000000723095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cca4cc8e34f0482023-02-07 15:24:10.346root 11241100x8000000000000000723105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bfdbb1327bc4dc2023-02-07 15:24:10.347root 11241100x8000000000000000723104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4130eaa6cf63392023-02-07 15:24:10.347root 11241100x8000000000000000723103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb77d37aba28e3be2023-02-07 15:24:10.347root 11241100x8000000000000000723110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38859e008fd09a772023-02-07 15:24:10.348root 11241100x8000000000000000723109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3e5f3412e1f8572023-02-07 15:24:10.348root 11241100x8000000000000000723108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f13b3c069817a762023-02-07 15:24:10.348root 11241100x8000000000000000723107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfb97ddc0d3691c2023-02-07 15:24:10.348root 11241100x8000000000000000723106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324da8956ac45b032023-02-07 15:24:10.348root 11241100x8000000000000000723115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cad64bf82539512023-02-07 15:24:10.349root 11241100x8000000000000000723114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04fe1cec030c45d2023-02-07 15:24:10.349root 11241100x8000000000000000723113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed99edf32840a52023-02-07 15:24:10.349root 11241100x8000000000000000723112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6009a6eb453f083d2023-02-07 15:24:10.349root 11241100x8000000000000000723111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fab9ba196ceb2a82023-02-07 15:24:10.349root 11241100x8000000000000000723120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12430538de41f0552023-02-07 15:24:10.845root 11241100x8000000000000000723119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7ca02c65a122d52023-02-07 15:24:10.845root 11241100x8000000000000000723118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdad48513a82d872023-02-07 15:24:10.845root 11241100x8000000000000000723117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d993c5bfa79fed2023-02-07 15:24:10.845root 11241100x8000000000000000723116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b572f2577087e52023-02-07 15:24:10.845root 11241100x8000000000000000723131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e49cce389b043e2023-02-07 15:24:10.846root 11241100x8000000000000000723130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092f43953df31d7e2023-02-07 15:24:10.846root 11241100x8000000000000000723129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f415f941db3a940a2023-02-07 15:24:10.846root 11241100x8000000000000000723128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1606bea4b5c5ca802023-02-07 15:24:10.846root 11241100x8000000000000000723127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e85d3d7389fc012023-02-07 15:24:10.846root 11241100x8000000000000000723126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008462b9772f6fc52023-02-07 15:24:10.846root 11241100x8000000000000000723125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed4e22b84d1eeec2023-02-07 15:24:10.846root 11241100x8000000000000000723124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03872a9a30efb3622023-02-07 15:24:10.846root 11241100x8000000000000000723123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb3ecbcaf1a67e42023-02-07 15:24:10.846root 11241100x8000000000000000723122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfbceff62bc45692023-02-07 15:24:10.846root 11241100x8000000000000000723121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132cb31fca0656f82023-02-07 15:24:10.846root 11241100x8000000000000000723137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8698dbd5fb13d2872023-02-07 15:24:10.847root 11241100x8000000000000000723136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c58f6dd916a94de2023-02-07 15:24:10.847root 11241100x8000000000000000723135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81f92afe2782b032023-02-07 15:24:10.847root 11241100x8000000000000000723134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38414ede7c0d58182023-02-07 15:24:10.847root 11241100x8000000000000000723133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff2a662054b5ec42023-02-07 15:24:10.847root 11241100x8000000000000000723132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:10.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e573701cb90172f22023-02-07 15:24:10.847root 11241100x8000000000000000723139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c59a46fec59b8b2023-02-07 15:24:11.345root 11241100x8000000000000000723138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0af176fc70dee52023-02-07 15:24:11.345root 11241100x8000000000000000723145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dff1ba58ea12972023-02-07 15:24:11.346root 11241100x8000000000000000723144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886c7a0e8b2fd3302023-02-07 15:24:11.346root 11241100x8000000000000000723143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8238f53173d75f72023-02-07 15:24:11.346root 11241100x8000000000000000723142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4eceabc4226eb82023-02-07 15:24:11.346root 11241100x8000000000000000723141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e981b49bf8ee096a2023-02-07 15:24:11.346root 11241100x8000000000000000723140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9760f8919687867f2023-02-07 15:24:11.346root 11241100x8000000000000000723153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e8b854a166dc822023-02-07 15:24:11.347root 11241100x8000000000000000723152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48674b9b4eac77982023-02-07 15:24:11.347root 11241100x8000000000000000723151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b40e045b99f1812023-02-07 15:24:11.347root 11241100x8000000000000000723150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17537aea382257e2023-02-07 15:24:11.347root 11241100x8000000000000000723149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6385b9d72c7bc17a2023-02-07 15:24:11.347root 11241100x8000000000000000723148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c91140b0afb4772023-02-07 15:24:11.347root 11241100x8000000000000000723147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e94e2aa7c9318672023-02-07 15:24:11.347root 11241100x8000000000000000723146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320c718589dae2c82023-02-07 15:24:11.347root 11241100x8000000000000000723159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2948c4ecec1b889e2023-02-07 15:24:11.348root 11241100x8000000000000000723158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d9c58db53db4e72023-02-07 15:24:11.348root 11241100x8000000000000000723157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837a8f78ac9f25be2023-02-07 15:24:11.348root 11241100x8000000000000000723156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0211bb1f9fd906f2023-02-07 15:24:11.348root 11241100x8000000000000000723155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830dc84cc7321b302023-02-07 15:24:11.348root 11241100x8000000000000000723154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961b6ea347d42ef2023-02-07 15:24:11.348root 11241100x8000000000000000723161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f00108c2b62e4172023-02-07 15:24:11.845root 11241100x8000000000000000723160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdac737f18267a52023-02-07 15:24:11.845root 11241100x8000000000000000723168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd33ec088028f38e2023-02-07 15:24:11.846root 11241100x8000000000000000723167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4e5ce3a23e528a2023-02-07 15:24:11.846root 11241100x8000000000000000723166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d699e97a522614162023-02-07 15:24:11.846root 11241100x8000000000000000723165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85c8806534926992023-02-07 15:24:11.846root 11241100x8000000000000000723164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52aedd931b741892023-02-07 15:24:11.846root 11241100x8000000000000000723163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1e9ac5c20e6af72023-02-07 15:24:11.846root 11241100x8000000000000000723162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f30da76c0a697e32023-02-07 15:24:11.846root 11241100x8000000000000000723176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89580ac17618a5342023-02-07 15:24:11.847root 11241100x8000000000000000723175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3d78f6e3f36afd2023-02-07 15:24:11.847root 11241100x8000000000000000723174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9f55462ce3e56e2023-02-07 15:24:11.847root 11241100x8000000000000000723173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedfac6b3786798a2023-02-07 15:24:11.847root 11241100x8000000000000000723172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056dc7ab49ce2da62023-02-07 15:24:11.847root 11241100x8000000000000000723171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7062a209d0135b972023-02-07 15:24:11.847root 11241100x8000000000000000723170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0d673642b1d4eb2023-02-07 15:24:11.847root 11241100x8000000000000000723169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464b475554ef7af62023-02-07 15:24:11.847root 11241100x8000000000000000723181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a90e10296abe5c2023-02-07 15:24:11.848root 11241100x8000000000000000723180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d0834e71d410be2023-02-07 15:24:11.848root 11241100x8000000000000000723179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1938534cc1e5d8ab2023-02-07 15:24:11.848root 11241100x8000000000000000723178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eca52114f4382642023-02-07 15:24:11.848root 11241100x8000000000000000723177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:11.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20d354f44b3cade2023-02-07 15:24:11.848root 11241100x8000000000000000723184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e536269a14c5b2023-02-07 15:24:12.345root 11241100x8000000000000000723183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ec32d844e02e752023-02-07 15:24:12.345root 11241100x8000000000000000723182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da737f2f100182702023-02-07 15:24:12.345root 11241100x8000000000000000723191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6225591aafff41372023-02-07 15:24:12.346root 11241100x8000000000000000723190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723609f5fab3174e2023-02-07 15:24:12.346root 11241100x8000000000000000723189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270d934fdb150a0f2023-02-07 15:24:12.346root 11241100x8000000000000000723188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277e87371d4660862023-02-07 15:24:12.346root 11241100x8000000000000000723187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c53a2ed8c583b12023-02-07 15:24:12.346root 11241100x8000000000000000723186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec4af4dd5a011da2023-02-07 15:24:12.346root 11241100x8000000000000000723185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32846290563f292a2023-02-07 15:24:12.346root 11241100x8000000000000000723194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b48994f10023932023-02-07 15:24:12.347root 11241100x8000000000000000723193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f26e2230612fe72023-02-07 15:24:12.347root 11241100x8000000000000000723192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff82e051886428a2023-02-07 15:24:12.347root 11241100x8000000000000000723199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72702ddde0dddad2023-02-07 15:24:12.348root 11241100x8000000000000000723198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce273874c03b7342023-02-07 15:24:12.348root 11241100x8000000000000000723197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89aa6a30baa2ca22023-02-07 15:24:12.348root 11241100x8000000000000000723196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb61705aa800c3f02023-02-07 15:24:12.348root 11241100x8000000000000000723195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab427933efa748402023-02-07 15:24:12.348root 11241100x8000000000000000723200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0d790222d095222023-02-07 15:24:12.349root 11241100x8000000000000000723202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e9d5bdf2fbfe9e2023-02-07 15:24:12.350root 11241100x8000000000000000723201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4613a17adf7a3af2023-02-07 15:24:12.350root 11241100x8000000000000000723209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45590bbc7ca3f1e2023-02-07 15:24:12.352root 11241100x8000000000000000723208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3164bd63121388c42023-02-07 15:24:12.352root 11241100x8000000000000000723207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f710016adb76b22023-02-07 15:24:12.352root 11241100x8000000000000000723206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f259b08d8b181d2023-02-07 15:24:12.352root 11241100x8000000000000000723205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2f332435efcede2023-02-07 15:24:12.352root 11241100x8000000000000000723204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c2f421ddfee4d12023-02-07 15:24:12.352root 11241100x8000000000000000723203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.352{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0be180f547a49e32023-02-07 15:24:12.352root 11241100x8000000000000000723218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef84adf549174c702023-02-07 15:24:12.355root 11241100x8000000000000000723217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4a28bfbbed9d1c2023-02-07 15:24:12.355root 11241100x8000000000000000723216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc5bd1407b3bfa42023-02-07 15:24:12.355root 11241100x8000000000000000723215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866782475e5768da2023-02-07 15:24:12.355root 11241100x8000000000000000723214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe69f423fb0e4de42023-02-07 15:24:12.355root 11241100x8000000000000000723213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5782dea778e880572023-02-07 15:24:12.355root 11241100x8000000000000000723212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529fbe44e6c5d6672023-02-07 15:24:12.355root 11241100x8000000000000000723211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cf543df0e103602023-02-07 15:24:12.355root 11241100x8000000000000000723210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.355{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0efe781642442042023-02-07 15:24:12.355root 11241100x8000000000000000723220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c09a5453bbbdfd42023-02-07 15:24:12.845root 11241100x8000000000000000723219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6398a90124130b2023-02-07 15:24:12.845root 11241100x8000000000000000723230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d87780d1f73dad52023-02-07 15:24:12.846root 11241100x8000000000000000723229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781071bcb72cc38e2023-02-07 15:24:12.846root 11241100x8000000000000000723228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3c2dd97e2780e42023-02-07 15:24:12.846root 11241100x8000000000000000723227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d31a6a256064252023-02-07 15:24:12.846root 11241100x8000000000000000723226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63e03415e72d73c2023-02-07 15:24:12.846root 11241100x8000000000000000723225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3484a122003c94f2023-02-07 15:24:12.846root 11241100x8000000000000000723224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4b0b25ccd270802023-02-07 15:24:12.846root 11241100x8000000000000000723223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3e5bf63b7f1f52023-02-07 15:24:12.846root 11241100x8000000000000000723222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40fe2eb106fbae2023-02-07 15:24:12.846root 11241100x8000000000000000723221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aca41bb85db08a2023-02-07 15:24:12.846root 11241100x8000000000000000723239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21743208a17d8752023-02-07 15:24:12.847root 11241100x8000000000000000723238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf9791149cebec82023-02-07 15:24:12.847root 11241100x8000000000000000723237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3952fb88391ea3f42023-02-07 15:24:12.847root 11241100x8000000000000000723236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9575067b3eb8f6dd2023-02-07 15:24:12.847root 11241100x8000000000000000723235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490b8600424ee81a2023-02-07 15:24:12.847root 11241100x8000000000000000723234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64084067907f70a22023-02-07 15:24:12.847root 11241100x8000000000000000723233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e1fd3a6f77d6e62023-02-07 15:24:12.847root 11241100x8000000000000000723232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f015da7417963d192023-02-07 15:24:12.847root 11241100x8000000000000000723231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0608bab7769f64e02023-02-07 15:24:12.847root 11241100x8000000000000000723240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:12.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4899af7debf435fd2023-02-07 15:24:12.848root 11241100x8000000000000000723247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d47e3515e8b802023-02-07 15:24:13.346root 11241100x8000000000000000723246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be5cc4211395a112023-02-07 15:24:13.346root 11241100x8000000000000000723245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7727b524c9ba6b02023-02-07 15:24:13.346root 11241100x8000000000000000723244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b1dbcd67eccd032023-02-07 15:24:13.346root 11241100x8000000000000000723243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e8137f6510ebe72023-02-07 15:24:13.346root 11241100x8000000000000000723242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b499004e43492282023-02-07 15:24:13.346root 11241100x8000000000000000723241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da722c7f8194439d2023-02-07 15:24:13.346root 11241100x8000000000000000723252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf69b423e58ffd332023-02-07 15:24:13.347root 11241100x8000000000000000723251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2795e843d6ee55c72023-02-07 15:24:13.347root 11241100x8000000000000000723250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5028583ef350e852023-02-07 15:24:13.347root 11241100x8000000000000000723249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc72d1ab2372cde2023-02-07 15:24:13.347root 11241100x8000000000000000723248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481b2e3e094dcacc2023-02-07 15:24:13.347root 11241100x8000000000000000723259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab3ad0164ff0cfe2023-02-07 15:24:13.348root 11241100x8000000000000000723258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f473f1dfd2ab9c7f2023-02-07 15:24:13.348root 11241100x8000000000000000723257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81209608509942b32023-02-07 15:24:13.348root 11241100x8000000000000000723256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d84f6b835be5d082023-02-07 15:24:13.348root 11241100x8000000000000000723255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50d670b13345852023-02-07 15:24:13.348root 11241100x8000000000000000723254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d4f8bd1fada9332023-02-07 15:24:13.348root 11241100x8000000000000000723253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efda9f3adfc0c712023-02-07 15:24:13.348root 11241100x8000000000000000723262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc94ee0371addf3d2023-02-07 15:24:13.349root 11241100x8000000000000000723261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599d236cca110ae92023-02-07 15:24:13.349root 11241100x8000000000000000723260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d6761be2f1a6992023-02-07 15:24:13.349root 11241100x8000000000000000723269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa23faf4d7defdc62023-02-07 15:24:13.846root 11241100x8000000000000000723268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63316bf50a50dbd32023-02-07 15:24:13.846root 11241100x8000000000000000723267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d83d68bfd1b7e2023-02-07 15:24:13.846root 11241100x8000000000000000723266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab2dd703595ad52023-02-07 15:24:13.846root 11241100x8000000000000000723265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3ba3e47ba0cf062023-02-07 15:24:13.846root 11241100x8000000000000000723264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18b5a0cd62257ac2023-02-07 15:24:13.846root 11241100x8000000000000000723263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4827564137e2b8e12023-02-07 15:24:13.846root 11241100x8000000000000000723284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c492a51bd959752023-02-07 15:24:13.847root 11241100x8000000000000000723283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b24b025c93ff0f72023-02-07 15:24:13.847root 11241100x8000000000000000723282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ac75565c6fdbb62023-02-07 15:24:13.847root 11241100x8000000000000000723281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354dacfc38c09de62023-02-07 15:24:13.847root 11241100x8000000000000000723280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3296bfaf82b786302023-02-07 15:24:13.847root 11241100x8000000000000000723279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c12d7a64f0164712023-02-07 15:24:13.847root 11241100x8000000000000000723278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649d17818ef2f0972023-02-07 15:24:13.847root 11241100x8000000000000000723277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bbb40fcf41c03c2023-02-07 15:24:13.847root 11241100x8000000000000000723276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9727d08ed1de872023-02-07 15:24:13.847root 11241100x8000000000000000723275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857710385ac75dc2023-02-07 15:24:13.847root 11241100x8000000000000000723274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84463462570fd0ad2023-02-07 15:24:13.847root 11241100x8000000000000000723273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52f316429e2ac5a2023-02-07 15:24:13.847root 11241100x8000000000000000723272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aa18ca591650422023-02-07 15:24:13.847root 11241100x8000000000000000723271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd5c306bdd0c7da2023-02-07 15:24:13.847root 11241100x8000000000000000723270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:13.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c15c589d35c5c802023-02-07 15:24:13.847root 11241100x8000000000000000723286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13846c4f57323ef82023-02-07 15:24:14.345root 11241100x8000000000000000723285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a686ac74a5fcca2023-02-07 15:24:14.345root 11241100x8000000000000000723290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136c2c4277e52e1f2023-02-07 15:24:14.346root 11241100x8000000000000000723289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8144569c16791682023-02-07 15:24:14.346root 11241100x8000000000000000723288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3d69696b5321862023-02-07 15:24:14.346root 11241100x8000000000000000723287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5072823455c5ba2023-02-07 15:24:14.346root 11241100x8000000000000000723291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1accb39b85d9bfba2023-02-07 15:24:14.348root 11241100x8000000000000000723293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecdbe1a29388e352023-02-07 15:24:14.349root 11241100x8000000000000000723292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdc773556935dc22023-02-07 15:24:14.349root 11241100x8000000000000000723302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eafbd55e0cd1a4d2023-02-07 15:24:14.350root 11241100x8000000000000000723301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917adfa4bb0cf0072023-02-07 15:24:14.350root 11241100x8000000000000000723300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cb4a6c6f76cfe82023-02-07 15:24:14.350root 11241100x8000000000000000723299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b25b73b4b054c92023-02-07 15:24:14.350root 11241100x8000000000000000723298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1784f0caa7039b2023-02-07 15:24:14.350root 11241100x8000000000000000723297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f2d2950244e35b2023-02-07 15:24:14.350root 11241100x8000000000000000723296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b174816c76f290c32023-02-07 15:24:14.350root 11241100x8000000000000000723295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049308eaffb81c6c2023-02-07 15:24:14.350root 11241100x8000000000000000723294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.350{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae71630a28c56fd2023-02-07 15:24:14.350root 11241100x8000000000000000723307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692615a81e135bb32023-02-07 15:24:14.351root 11241100x8000000000000000723306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe0ff3d0c96557d2023-02-07 15:24:14.351root 11241100x8000000000000000723305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a010ad031daf6fb22023-02-07 15:24:14.351root 11241100x8000000000000000723304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f869ca10c5848962023-02-07 15:24:14.351root 11241100x8000000000000000723303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.351{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cbf1be80ee23132023-02-07 15:24:14.351root 354300x8000000000000000723308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.617{ec244aba-32ca-63e2-605c-1e356e550000}5624/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-40782-false10.0.1.12-8089- 11241100x8000000000000000723310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.619{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f30536d63ca3b32023-02-07 15:24:14.619root 11241100x8000000000000000723309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.619{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28588b992aebd7a2023-02-07 15:24:14.619root 11241100x8000000000000000723314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.620{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da437c7f7646fffd2023-02-07 15:24:14.620root 11241100x8000000000000000723313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.620{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536fc0c257c14cd92023-02-07 15:24:14.620root 11241100x8000000000000000723312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.620{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c1241cc9ba070b2023-02-07 15:24:14.620root 11241100x8000000000000000723311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.620{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1d0143d7e803f52023-02-07 15:24:14.620root 11241100x8000000000000000723318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.621{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84000fd6e7933b582023-02-07 15:24:14.621root 11241100x8000000000000000723317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.621{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924f06e64d2765cd2023-02-07 15:24:14.621root 11241100x8000000000000000723316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.621{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25cacd20f00f2c02023-02-07 15:24:14.621root 11241100x8000000000000000723315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.621{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29f4ef900ba8cd42023-02-07 15:24:14.621root 11241100x8000000000000000723321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.622{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed267835f7991b2023-02-07 15:24:14.622root 11241100x8000000000000000723320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.622{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feca2dc24d652322023-02-07 15:24:14.622root 11241100x8000000000000000723319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.622{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bf5d9511be005c2023-02-07 15:24:14.622root 11241100x8000000000000000723328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.623{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb760981ba5b6f042023-02-07 15:24:14.623root 11241100x8000000000000000723327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.623{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4b60b682a03d392023-02-07 15:24:14.623root 11241100x8000000000000000723326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.623{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1514b24742d9c492023-02-07 15:24:14.623root 11241100x8000000000000000723325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.623{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d288a5c31d821552023-02-07 15:24:14.623root 11241100x8000000000000000723324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.623{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af7d1e8979597652023-02-07 15:24:14.623root 11241100x8000000000000000723323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.623{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d65e27b924a4b3b2023-02-07 15:24:14.623root 11241100x8000000000000000723322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.623{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea0d593c55be36d2023-02-07 15:24:14.623root 11241100x8000000000000000723331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.624{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebb5a0f427c24c22023-02-07 15:24:14.624root 11241100x8000000000000000723330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.624{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcb73838475b86a2023-02-07 15:24:14.624root 11241100x8000000000000000723329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:14.624{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8959e3c8efa54132023-02-07 15:24:14.624root 354300x8000000000000000723332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.054{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39142-false10.0.1.12-8000- 11241100x8000000000000000723334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06103f15f478767e2023-02-07 15:24:15.055root 11241100x8000000000000000723333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.055{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96deae77d027663e2023-02-07 15:24:15.055root 11241100x8000000000000000723339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eabef90063172c92023-02-07 15:24:15.056root 11241100x8000000000000000723338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e05c0b86d6c0a62023-02-07 15:24:15.056root 11241100x8000000000000000723337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cef089c370a3bca2023-02-07 15:24:15.056root 11241100x8000000000000000723336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ce1351d89b60e42023-02-07 15:24:15.056root 11241100x8000000000000000723335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.056{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7420a1a728a39c92023-02-07 15:24:15.056root 11241100x8000000000000000723344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e83ad09d4dc4ee72023-02-07 15:24:15.057root 11241100x8000000000000000723343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86afc6a27c843392023-02-07 15:24:15.057root 11241100x8000000000000000723342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc800a868b778d12023-02-07 15:24:15.057root 11241100x8000000000000000723341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e740065841715a2023-02-07 15:24:15.057root 11241100x8000000000000000723340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.057{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef52df8e33db1bb12023-02-07 15:24:15.057root 11241100x8000000000000000723349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab7c34725c83cce2023-02-07 15:24:15.058root 11241100x8000000000000000723348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c475978ac7ea9c72023-02-07 15:24:15.058root 11241100x8000000000000000723347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d652a7d2b039442023-02-07 15:24:15.058root 11241100x8000000000000000723346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98755728f695b3402023-02-07 15:24:15.058root 11241100x8000000000000000723345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.058{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ec08ac712e692d2023-02-07 15:24:15.058root 11241100x8000000000000000723354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4afff7344fb5242023-02-07 15:24:15.059root 11241100x8000000000000000723353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8671d562703203992023-02-07 15:24:15.059root 11241100x8000000000000000723352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d74e40a02c0372a2023-02-07 15:24:15.059root 11241100x8000000000000000723351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b59de9db2ad5b12023-02-07 15:24:15.059root 11241100x8000000000000000723350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.059{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1496051e770765b2023-02-07 15:24:15.059root 11241100x8000000000000000723357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.060{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a71329c91e2a2b2023-02-07 15:24:15.060root 11241100x8000000000000000723356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.060{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c18b60d210a6fe2023-02-07 15:24:15.060root 11241100x8000000000000000723355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.060{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded0ca09a03c41222023-02-07 15:24:15.060root 11241100x8000000000000000723360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f50c9159812b482023-02-07 15:24:15.345root 11241100x8000000000000000723359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a634b4a7a6fae2023-02-07 15:24:15.345root 11241100x8000000000000000723358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7193ee7b6f7afba2023-02-07 15:24:15.345root 11241100x8000000000000000723367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa5c95a479a73dc2023-02-07 15:24:15.346root 11241100x8000000000000000723366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed4cffca87af1f72023-02-07 15:24:15.346root 11241100x8000000000000000723365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bd62a8f97c04a92023-02-07 15:24:15.346root 11241100x8000000000000000723364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10886e8f97a731702023-02-07 15:24:15.346root 11241100x8000000000000000723363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296a5f7b966567012023-02-07 15:24:15.346root 11241100x8000000000000000723362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d99a374235619b2023-02-07 15:24:15.346root 11241100x8000000000000000723361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d9f8dac84d4e502023-02-07 15:24:15.346root 11241100x8000000000000000723371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ace10ba8c7171ed2023-02-07 15:24:15.347root 11241100x8000000000000000723370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a323f7e4ee1f5e4b2023-02-07 15:24:15.347root 11241100x8000000000000000723369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da22ffaf5537ec22023-02-07 15:24:15.347root 11241100x8000000000000000723368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66a4d38a295d4f2023-02-07 15:24:15.347root 11241100x8000000000000000723378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b824375df9cecabf2023-02-07 15:24:15.348root 11241100x8000000000000000723377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168634fd80dec9002023-02-07 15:24:15.348root 11241100x8000000000000000723376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cc3e01ef7657462023-02-07 15:24:15.348root 11241100x8000000000000000723375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc40f665bea31db32023-02-07 15:24:15.348root 11241100x8000000000000000723374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a7538b97ee16322023-02-07 15:24:15.348root 11241100x8000000000000000723373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea5312a0578e5072023-02-07 15:24:15.348root 11241100x8000000000000000723372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5255d51c46ab0f482023-02-07 15:24:15.348root 11241100x8000000000000000723381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3675aaa07cd1c62023-02-07 15:24:15.349root 11241100x8000000000000000723380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b0c057fd2cf2f92023-02-07 15:24:15.349root 11241100x8000000000000000723379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943e21be0c6014572023-02-07 15:24:15.349root 11241100x8000000000000000723383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30291aa4b055fec2023-02-07 15:24:15.845root 11241100x8000000000000000723382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1277f26961955bbb2023-02-07 15:24:15.845root 11241100x8000000000000000723390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a008313f72258172023-02-07 15:24:15.846root 11241100x8000000000000000723389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93581f3302f656112023-02-07 15:24:15.846root 11241100x8000000000000000723388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d477a83c36a8d42023-02-07 15:24:15.846root 11241100x8000000000000000723387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e1651689dc92e72023-02-07 15:24:15.846root 11241100x8000000000000000723386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efc0e5d073ee4322023-02-07 15:24:15.846root 11241100x8000000000000000723385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d3b7e775c282db2023-02-07 15:24:15.846root 11241100x8000000000000000723384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86379ebc4a982a762023-02-07 15:24:15.846root 11241100x8000000000000000723397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23c34d126c0b4652023-02-07 15:24:15.847root 11241100x8000000000000000723396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b38dc3b5b1f112023-02-07 15:24:15.847root 11241100x8000000000000000723395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbabd72486e037392023-02-07 15:24:15.847root 11241100x8000000000000000723394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bd533f6c9173e62023-02-07 15:24:15.847root 11241100x8000000000000000723393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aab5ae7e0154c32023-02-07 15:24:15.847root 11241100x8000000000000000723392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc025381975fa2fa2023-02-07 15:24:15.847root 11241100x8000000000000000723391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af5d1c69bf310d42023-02-07 15:24:15.847root 11241100x8000000000000000723407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8250542479ae25a22023-02-07 15:24:15.848root 11241100x8000000000000000723406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261a2fa0462ec6af2023-02-07 15:24:15.848root 11241100x8000000000000000723405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10102dd964716a9e2023-02-07 15:24:15.848root 11241100x8000000000000000723404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e38f690964e2052023-02-07 15:24:15.848root 11241100x8000000000000000723403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a745dece9a24aab52023-02-07 15:24:15.848root 11241100x8000000000000000723402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da6442c0dbc38172023-02-07 15:24:15.848root 11241100x8000000000000000723401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d01f2aeab1e860b2023-02-07 15:24:15.848root 11241100x8000000000000000723400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfdcb6b0a8490db2023-02-07 15:24:15.848root 11241100x8000000000000000723399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de00d31334bd6cc32023-02-07 15:24:15.848root 11241100x8000000000000000723398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:15.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7e01248ccf024d2023-02-07 15:24:15.848root 11241100x8000000000000000723408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d4310f15afccf42023-02-07 15:24:16.345root 11241100x8000000000000000723420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b308a00f1691fb12023-02-07 15:24:16.346root 11241100x8000000000000000723419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa83c7a386d1b2c2023-02-07 15:24:16.346root 11241100x8000000000000000723418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a227f5f4c1f0a5c2023-02-07 15:24:16.346root 11241100x8000000000000000723417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc211f36811cb6352023-02-07 15:24:16.346root 11241100x8000000000000000723416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3c23c78436a9fa2023-02-07 15:24:16.346root 11241100x8000000000000000723415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68a3ed274243ca62023-02-07 15:24:16.346root 11241100x8000000000000000723414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6608d7f19fb6a92023-02-07 15:24:16.346root 11241100x8000000000000000723413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ddbde9b61cd7b42023-02-07 15:24:16.346root 11241100x8000000000000000723412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f3a8bd04b42702023-02-07 15:24:16.346root 11241100x8000000000000000723411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550c93630e33287b2023-02-07 15:24:16.346root 11241100x8000000000000000723410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07f319000e4c67d2023-02-07 15:24:16.346root 11241100x8000000000000000723409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb9aafe588505b92023-02-07 15:24:16.346root 11241100x8000000000000000723430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccad5d0db2211452023-02-07 15:24:16.347root 11241100x8000000000000000723429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ef3917c637a7bc2023-02-07 15:24:16.347root 11241100x8000000000000000723428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc65ed6892543602023-02-07 15:24:16.347root 11241100x8000000000000000723427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffc141fc7acfdcf2023-02-07 15:24:16.347root 11241100x8000000000000000723426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e6f38986c3af9f2023-02-07 15:24:16.347root 11241100x8000000000000000723425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7d53df1e78edeb2023-02-07 15:24:16.347root 11241100x8000000000000000723424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a7974d60e629292023-02-07 15:24:16.347root 11241100x8000000000000000723423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856903bf8d8d487c2023-02-07 15:24:16.347root 11241100x8000000000000000723422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447728b44d0a99202023-02-07 15:24:16.347root 11241100x8000000000000000723421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d589a29becd4c6e62023-02-07 15:24:16.347root 11241100x8000000000000000723431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339f55a0b222085f2023-02-07 15:24:16.348root 11241100x8000000000000000723435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cebf613840bfde2023-02-07 15:24:16.845root 11241100x8000000000000000723434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ea9424fecb11de2023-02-07 15:24:16.845root 11241100x8000000000000000723433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073bd6279d64fde82023-02-07 15:24:16.845root 11241100x8000000000000000723432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459168c3d66b50be2023-02-07 15:24:16.845root 11241100x8000000000000000723447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eedd501145c64e2023-02-07 15:24:16.846root 11241100x8000000000000000723446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2156861ee08fafa22023-02-07 15:24:16.846root 11241100x8000000000000000723445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f05e5a93c79206d2023-02-07 15:24:16.846root 11241100x8000000000000000723444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9656eb5d2b7b552023-02-07 15:24:16.846root 11241100x8000000000000000723443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c968eb00e00874fd2023-02-07 15:24:16.846root 11241100x8000000000000000723442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015eaddc468f4fc2023-02-07 15:24:16.846root 11241100x8000000000000000723441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c214c8da0ef70a2023-02-07 15:24:16.846root 11241100x8000000000000000723440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00ecf44b67d8f722023-02-07 15:24:16.846root 11241100x8000000000000000723439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878dfedd916a12632023-02-07 15:24:16.846root 11241100x8000000000000000723438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e37d7bbdce5ed5d2023-02-07 15:24:16.846root 11241100x8000000000000000723437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d0847e530a22e22023-02-07 15:24:16.846root 11241100x8000000000000000723436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99a9023090394002023-02-07 15:24:16.846root 11241100x8000000000000000723455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c538c12ee069052023-02-07 15:24:16.847root 11241100x8000000000000000723454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f342bc5b13bbc2023-02-07 15:24:16.847root 11241100x8000000000000000723453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e91282092291a282023-02-07 15:24:16.847root 11241100x8000000000000000723452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f8a975bc3319b2023-02-07 15:24:16.847root 11241100x8000000000000000723451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca93b4b47e6d2022023-02-07 15:24:16.847root 11241100x8000000000000000723450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b32c54b47150ba2023-02-07 15:24:16.847root 11241100x8000000000000000723449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25062b5582537c82023-02-07 15:24:16.847root 11241100x8000000000000000723448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:16.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff4635ed383f8cd2023-02-07 15:24:16.847root 11241100x8000000000000000723462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4fe3da17ada85c2023-02-07 15:24:17.346root 11241100x8000000000000000723461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352b9223f2a03bf02023-02-07 15:24:17.346root 11241100x8000000000000000723460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cf5eaf91c174e42023-02-07 15:24:17.346root 11241100x8000000000000000723459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55267fcf5b5f54b32023-02-07 15:24:17.346root 11241100x8000000000000000723458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9554663f6c55bb692023-02-07 15:24:17.346root 11241100x8000000000000000723457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acdc1a264604d732023-02-07 15:24:17.346root 11241100x8000000000000000723456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd165f295e10a212023-02-07 15:24:17.346root 11241100x8000000000000000723468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6732f6aca5f4f2f32023-02-07 15:24:17.347root 11241100x8000000000000000723467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6e5039b384a0692023-02-07 15:24:17.347root 11241100x8000000000000000723466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3662f577295bc122023-02-07 15:24:17.347root 11241100x8000000000000000723465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16914ee6eeaf27cb2023-02-07 15:24:17.347root 11241100x8000000000000000723464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab31f3b48278a3b62023-02-07 15:24:17.347root 11241100x8000000000000000723463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f611daea404dce642023-02-07 15:24:17.347root 11241100x8000000000000000723477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8e7c87df9d03c52023-02-07 15:24:17.348root 11241100x8000000000000000723476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7844f9898fe81b2023-02-07 15:24:17.348root 11241100x8000000000000000723475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445beb7eb2797f4a2023-02-07 15:24:17.348root 11241100x8000000000000000723474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796fd6d286f1fa472023-02-07 15:24:17.348root 11241100x8000000000000000723473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dc273d708fe3bc2023-02-07 15:24:17.348root 11241100x8000000000000000723472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a34b57d3f3f052a2023-02-07 15:24:17.348root 11241100x8000000000000000723471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c891816c2ba127b82023-02-07 15:24:17.348root 11241100x8000000000000000723470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884773a3fc21e3562023-02-07 15:24:17.348root 11241100x8000000000000000723469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efd61df45883efe2023-02-07 15:24:17.348root 11241100x8000000000000000723479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ac4fc1d53d08442023-02-07 15:24:17.349root 11241100x8000000000000000723478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb07f7f322b543f02023-02-07 15:24:17.349root 11241100x8000000000000000723484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bbbe199a9f82f82023-02-07 15:24:17.845root 11241100x8000000000000000723483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13da19cf1ef575b2023-02-07 15:24:17.845root 11241100x8000000000000000723482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ca2df7dfc2165d2023-02-07 15:24:17.845root 11241100x8000000000000000723481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e379bff71d5ffea2023-02-07 15:24:17.845root 11241100x8000000000000000723480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b418ca2e4560aab2023-02-07 15:24:17.845root 11241100x8000000000000000723496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337c75a54b229752023-02-07 15:24:17.846root 11241100x8000000000000000723495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e50a12b3b35ab42023-02-07 15:24:17.846root 11241100x8000000000000000723494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcab6cd36b7ab152023-02-07 15:24:17.846root 11241100x8000000000000000723493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df6a385bb5fe3d72023-02-07 15:24:17.846root 11241100x8000000000000000723492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a76b2ccc4145e52023-02-07 15:24:17.846root 11241100x8000000000000000723491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069605284d6c6c252023-02-07 15:24:17.846root 11241100x8000000000000000723490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5afd27010374f5b2023-02-07 15:24:17.846root 11241100x8000000000000000723489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3dec68ee7c61062023-02-07 15:24:17.846root 11241100x8000000000000000723488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51746d183d480402023-02-07 15:24:17.846root 11241100x8000000000000000723487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c86b37c9693738b2023-02-07 15:24:17.846root 11241100x8000000000000000723486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0235b2ab821bb28e2023-02-07 15:24:17.846root 11241100x8000000000000000723485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60829e370deb62c2023-02-07 15:24:17.846root 11241100x8000000000000000723498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702321835aeddd352023-02-07 15:24:17.847root 11241100x8000000000000000723497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276a94bfa2e715ce2023-02-07 15:24:17.847root 11241100x8000000000000000723499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d99547b8f7fe042023-02-07 15:24:17.848root 11241100x8000000000000000723506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39820ec7c1ed64042023-02-07 15:24:17.850root 11241100x8000000000000000723505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e986728d37b5542023-02-07 15:24:17.850root 11241100x8000000000000000723504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e76b4d9b7259ad2023-02-07 15:24:17.850root 11241100x8000000000000000723503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a8b95f68a79dc62023-02-07 15:24:17.850root 11241100x8000000000000000723502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fa9e91692e129e2023-02-07 15:24:17.850root 11241100x8000000000000000723501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333df8c3aed4b2462023-02-07 15:24:17.850root 11241100x8000000000000000723500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:17.850{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7753360a7a313d2023-02-07 15:24:17.850root 11241100x8000000000000000723510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464ab447a7ade7be2023-02-07 15:24:18.345root 11241100x8000000000000000723509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fdc5f6ddc19eed2023-02-07 15:24:18.345root 11241100x8000000000000000723508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482afef3abada2f52023-02-07 15:24:18.345root 11241100x8000000000000000723507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d749848d28862c02023-02-07 15:24:18.345root 11241100x8000000000000000723516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ade796cba927f3d2023-02-07 15:24:18.346root 11241100x8000000000000000723515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917d4d582afc9c1c2023-02-07 15:24:18.346root 11241100x8000000000000000723514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6265fb85ff715a832023-02-07 15:24:18.346root 11241100x8000000000000000723513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d04c52644e2e0bd2023-02-07 15:24:18.346root 11241100x8000000000000000723512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e7f1e6167c56ed2023-02-07 15:24:18.346root 11241100x8000000000000000723511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f636e87d266892023-02-07 15:24:18.346root 11241100x8000000000000000723525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e71df338f8d70542023-02-07 15:24:18.347root 11241100x8000000000000000723524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd52aa574754fb32023-02-07 15:24:18.347root 11241100x8000000000000000723523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc316c34f84faee2023-02-07 15:24:18.347root 11241100x8000000000000000723522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb543717a2fbac912023-02-07 15:24:18.347root 11241100x8000000000000000723521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e42f0bf17265862023-02-07 15:24:18.347root 11241100x8000000000000000723520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb6765c4ef793f82023-02-07 15:24:18.347root 11241100x8000000000000000723519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656e9098cd49cf7d2023-02-07 15:24:18.347root 11241100x8000000000000000723518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9709410e64a69f592023-02-07 15:24:18.347root 11241100x8000000000000000723517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4283c03e64143f2023-02-07 15:24:18.347root 11241100x8000000000000000723530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45bd55b1a776a762023-02-07 15:24:18.348root 11241100x8000000000000000723529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddc54401788afd62023-02-07 15:24:18.348root 11241100x8000000000000000723528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e10dd2d7a15ab32023-02-07 15:24:18.348root 11241100x8000000000000000723527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a06c36b32479ea2023-02-07 15:24:18.348root 11241100x8000000000000000723526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd1974b6e57101e2023-02-07 15:24:18.348root 11241100x8000000000000000723534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c685d175dacd624f2023-02-07 15:24:18.349root 11241100x8000000000000000723533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7d082a262d6a482023-02-07 15:24:18.349root 11241100x8000000000000000723532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120be13a912dfc3e2023-02-07 15:24:18.349root 11241100x8000000000000000723531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7acd2dc50763572023-02-07 15:24:18.349root 11241100x8000000000000000723543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0d68569b8ef1952023-02-07 15:24:18.846root 11241100x8000000000000000723542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2806d8610d24be4a2023-02-07 15:24:18.846root 11241100x8000000000000000723541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4bab8be53f9e522023-02-07 15:24:18.846root 11241100x8000000000000000723540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b20013cddcaacf2023-02-07 15:24:18.846root 11241100x8000000000000000723539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30c52b8504553db2023-02-07 15:24:18.846root 11241100x8000000000000000723538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f749c2950f48a6252023-02-07 15:24:18.846root 11241100x8000000000000000723537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a2b982d3ac87e02023-02-07 15:24:18.846root 11241100x8000000000000000723536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa53c7d31a7140302023-02-07 15:24:18.846root 11241100x8000000000000000723535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d028aded3fd47d32023-02-07 15:24:18.846root 11241100x8000000000000000723552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46811cc11e7c37742023-02-07 15:24:18.847root 11241100x8000000000000000723551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948552af86827a8a2023-02-07 15:24:18.847root 11241100x8000000000000000723550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7897b1a5972d0d262023-02-07 15:24:18.847root 11241100x8000000000000000723549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b632ebf605394622023-02-07 15:24:18.847root 11241100x8000000000000000723548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7424d8a8726614c2023-02-07 15:24:18.847root 11241100x8000000000000000723547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc864f7d0a4ef622023-02-07 15:24:18.847root 11241100x8000000000000000723546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b74949c7a5f0f482023-02-07 15:24:18.847root 11241100x8000000000000000723545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa78fd69b01af662023-02-07 15:24:18.847root 11241100x8000000000000000723544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada84a2f1ef1173a2023-02-07 15:24:18.847root 11241100x8000000000000000723558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20213c583505d9b2023-02-07 15:24:18.848root 11241100x8000000000000000723557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b2d42b933efc092023-02-07 15:24:18.848root 11241100x8000000000000000723556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3cceef1d9d28a32023-02-07 15:24:18.848root 11241100x8000000000000000723555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd28876f6099832023-02-07 15:24:18.848root 11241100x8000000000000000723554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5230eb31ca63c722023-02-07 15:24:18.848root 11241100x8000000000000000723553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:18.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9ebe9f0e07b2dc2023-02-07 15:24:18.848root 11241100x8000000000000000723568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697b3b583ca36cb32023-02-07 15:24:19.346root 11241100x8000000000000000723567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b657edb2897a7e0d2023-02-07 15:24:19.346root 11241100x8000000000000000723566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189e336eee83e58e2023-02-07 15:24:19.346root 11241100x8000000000000000723565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2c05e09812ad1b2023-02-07 15:24:19.346root 11241100x8000000000000000723564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0a692a1eb042f82023-02-07 15:24:19.346root 11241100x8000000000000000723563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fee9e1b9d65a7e72023-02-07 15:24:19.346root 11241100x8000000000000000723562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8496f8594e27bd632023-02-07 15:24:19.346root 11241100x8000000000000000723561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d84dcdd1f5285652023-02-07 15:24:19.346root 11241100x8000000000000000723560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d502372a8bd3abae2023-02-07 15:24:19.346root 11241100x8000000000000000723559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300491f79c2df94f2023-02-07 15:24:19.346root 11241100x8000000000000000723580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69cf0fea327413f2023-02-07 15:24:19.347root 11241100x8000000000000000723579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836d092c11fb75792023-02-07 15:24:19.347root 11241100x8000000000000000723578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23ec27d6547db092023-02-07 15:24:19.347root 11241100x8000000000000000723577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14db6ebab83cbf882023-02-07 15:24:19.347root 11241100x8000000000000000723576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44d2a529a132642023-02-07 15:24:19.347root 11241100x8000000000000000723575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8064e423befc41bf2023-02-07 15:24:19.347root 11241100x8000000000000000723574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fbcddfb5a35cb92023-02-07 15:24:19.347root 11241100x8000000000000000723573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd8d334b0a830292023-02-07 15:24:19.347root 11241100x8000000000000000723572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5f35b23d57f8c22023-02-07 15:24:19.347root 11241100x8000000000000000723571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ca187fee7cc0122023-02-07 15:24:19.347root 11241100x8000000000000000723570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea91531ab86b2b82023-02-07 15:24:19.347root 11241100x8000000000000000723569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec0a8c2c6dc0e32023-02-07 15:24:19.347root 11241100x8000000000000000723582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366254dc8529e3922023-02-07 15:24:19.348root 11241100x8000000000000000723581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153bbe8bd705ea782023-02-07 15:24:19.348root 11241100x8000000000000000723591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fa42f0c5930f4d2023-02-07 15:24:19.846root 11241100x8000000000000000723590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab0043fe2a037032023-02-07 15:24:19.846root 11241100x8000000000000000723589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc87a10a227043c2023-02-07 15:24:19.846root 11241100x8000000000000000723588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7013dd2721fd78fc2023-02-07 15:24:19.846root 11241100x8000000000000000723587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2730a50bf36e1faa2023-02-07 15:24:19.846root 11241100x8000000000000000723586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d496895c1bf451402023-02-07 15:24:19.846root 11241100x8000000000000000723585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f191d537773eba42023-02-07 15:24:19.846root 11241100x8000000000000000723584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55160c392a640f5b2023-02-07 15:24:19.846root 11241100x8000000000000000723583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.846{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a74a5387c23fff22023-02-07 15:24:19.846root 11241100x8000000000000000723603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b5f9ce991e466d2023-02-07 15:24:19.847root 11241100x8000000000000000723602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89c90e908c240102023-02-07 15:24:19.847root 11241100x8000000000000000723601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af3851f1893ea402023-02-07 15:24:19.847root 11241100x8000000000000000723600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585fa629d19eca0f2023-02-07 15:24:19.847root 11241100x8000000000000000723599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b20a612ee736df72023-02-07 15:24:19.847root 11241100x8000000000000000723598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6417c5e8a6c59dfe2023-02-07 15:24:19.847root 11241100x8000000000000000723597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f539b4e92d4cf02023-02-07 15:24:19.847root 11241100x8000000000000000723596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5dc6cebb962b612023-02-07 15:24:19.847root 11241100x8000000000000000723595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d808f20169f8d7d62023-02-07 15:24:19.847root 11241100x8000000000000000723594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d1e7d3210d6b022023-02-07 15:24:19.847root 11241100x8000000000000000723593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e383047c351944cd2023-02-07 15:24:19.847root 11241100x8000000000000000723592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.847{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b894475626d66b2023-02-07 15:24:19.847root 11241100x8000000000000000723609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a396bbc1748c18df2023-02-07 15:24:19.848root 11241100x8000000000000000723608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f57088821c7d22b2023-02-07 15:24:19.848root 11241100x8000000000000000723607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a9635e735d5f0c2023-02-07 15:24:19.848root 11241100x8000000000000000723606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1527682f8fca29572023-02-07 15:24:19.848root 11241100x8000000000000000723605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c152860cf2ed582023-02-07 15:24:19.848root 11241100x8000000000000000723604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:19.848{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f0ef1712d4cb5d2023-02-07 15:24:19.848root 354300x8000000000000000723610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.064{ec244aba-32d2-63e2-d9ff-4d0400000000}5697/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55080-false10.0.1.12-8000- 11241100x8000000000000000723614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bbe4e153cf3ff12023-02-07 15:24:20.345root 11241100x8000000000000000723613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dca1d8023cc23ae2023-02-07 15:24:20.345root 11241100x8000000000000000723612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a8dc2de29b8f642023-02-07 15:24:20.345root 11241100x8000000000000000723611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.345{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f625b3cecc0d8d2023-02-07 15:24:20.345root 11241100x8000000000000000723619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0260ed71ec79e0c2023-02-07 15:24:20.346root 11241100x8000000000000000723618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24daddd896f46042023-02-07 15:24:20.346root 11241100x8000000000000000723617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a4a44f21ea587d2023-02-07 15:24:20.346root 11241100x8000000000000000723616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b771524c4666a3d82023-02-07 15:24:20.346root 11241100x8000000000000000723615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.346{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a04ca64b39fa142023-02-07 15:24:20.346root 11241100x8000000000000000723625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b33a3db68578292023-02-07 15:24:20.347root 11241100x8000000000000000723624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d778f9b2325b1adb2023-02-07 15:24:20.347root 11241100x8000000000000000723623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1410129f24cfb92023-02-07 15:24:20.347root 11241100x8000000000000000723622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53cd1f0da037bee2023-02-07 15:24:20.347root 11241100x8000000000000000723621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763e76a0a35b0da82023-02-07 15:24:20.347root 11241100x8000000000000000723620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.347{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001e3872cef7eaa2023-02-07 15:24:20.347root 11241100x8000000000000000723632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd793943abc13ef2023-02-07 15:24:20.348root 11241100x8000000000000000723631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d427f9ecc1b912c62023-02-07 15:24:20.348root 11241100x8000000000000000723630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a027a648da20de9a2023-02-07 15:24:20.348root 11241100x8000000000000000723629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee3d761ed023ca2023-02-07 15:24:20.348root 11241100x8000000000000000723628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7881775b3efb672023-02-07 15:24:20.348root 11241100x8000000000000000723627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecb7e6e2956c9ab2023-02-07 15:24:20.348root 11241100x8000000000000000723626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.348{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93581af02481bba22023-02-07 15:24:20.348root 11241100x8000000000000000723641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a42a17f84bc0be2023-02-07 15:24:20.349root 11241100x8000000000000000723640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5666a5fefc195b812023-02-07 15:24:20.349root 11241100x8000000000000000723639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f0a04fc128dcb2023-02-07 15:24:20.349root 11241100x8000000000000000723638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c306822c8ba0952023-02-07 15:24:20.349root 11241100x8000000000000000723637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbfd81ab590ba3c2023-02-07 15:24:20.349root 11241100x8000000000000000723636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a40ca9633500e32023-02-07 15:24:20.349root 11241100x8000000000000000723635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba8176248cbd6a72023-02-07 15:24:20.349root 11241100x8000000000000000723634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dd24f3e94344002023-02-07 15:24:20.349root 11241100x8000000000000000723633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.349{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d6109c1025ad22023-02-07 15:24:20.349root 11241100x8000000000000000723642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-2212-2023-02-07 15:24:20.845{ec244aba-32cf-63e2-601c-830f96550000}5692/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d28556336c2272d2023-02-07 15:24:20.845root